Edit tour

Windows Analysis Report
jXBjxhHQgR.exe

Overview

General Information

Sample name:	jXBjxhHQgR.exe renamed because original name is a hash value
Original sample name:	8305c45696b7e6763ff343ca024682d1.exe
Analysis ID:	1444168
MD5:	8305c45696b7e6763ff343ca024682d1
SHA1:	b645f3fe56ac86ffde7d0e72ef48cd3eb4f48220
SHA256:	649a88ef17dafb0bd1f0d55e752de143e2428927dd5e754b65b5b4b251069c1e
Tags:	32CMSBruteexetrojan
Infos:

Detection

CMSBrute

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Yara detected CMSBrute

Contains functionality to inject code into remote processes

Drops PE files with benign system names

Found Tor onion address

Injects a PE file into a foreign processes

Machine Learning detection for dropped file

Machine Learning detection for sample

May use the Tor software to hide its network traffic

Sigma detected: Files With System Process Name In Unsuspected Locations

Sigma detected: Potentially Suspicious Malware Callback Communication

Sigma detected: Suspicious Process Parents

Sigma detected: System File Execution Location Anomaly

Connects to several IPs in different countries

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found evasive API chain (may stop execution after checking a module file name)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Communication To Uncommon Destination Ports

Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64

jXBjxhHQgR.exe (PID: 6112 cmdline: "C:\Users\user\Desktop\jXBjxhHQgR.exe" MD5: 8305C45696B7E6763FF343CA024682D1)

jXBjxhHQgR.exe (PID: 4412 cmdline: "C:\Users\user\Desktop\jXBjxhHQgR.exe" MD5: 8305C45696B7E6763FF343CA024682D1)

csrss.exe (PID: 2792 cmdline: "C:\ProgramData\Drivers\csrss.exe" MD5: 8305C45696B7E6763FF343CA024682D1)

csrss.exe (PID: 1468 cmdline: "C:\ProgramData\Drivers\csrss.exe" MD5: 8305C45696B7E6763FF343CA024682D1)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
CMSBrute		No Attribution	https://securelist.com/the-shade-encryptor-a-double-threat/72087/	https://malpedia.caad.fkie.fraunhofer.de/details/win.cmsbrute

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.2101368330.0000000002291000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x798:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000003.00000002.2269982007.0000000002600000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x778:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B

Unpacked PEs

Source	Rule	Description	Author	Strings
5.2.csrss.exe.400000.0.unpack	JoeSecurity_CMSBrute	Yara detected CMSBrute	Joe Security

Sigma Signatures

System Summary

Sigma detected: Files With System Process Name In Unsuspected Locations

Source: File created

Author: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\jXBjxhHQgR.exe, ProcessId: 4412, TargetFilename: C:\ProgramData\Drivers\csrss.exe

Sigma detected: Potentially Suspicious Malware Callback Communication

Source: Network Connection

Author: Florian Roth (Nextron Systems): Data: DestinationIp: 192.99.228.114, DestinationIsIpv6: false, DestinationPort: 666, EventID: 3, Image: C:\Users\user\Desktop\jXBjxhHQgR.exe, Initiated: true, ProcessId: 4412, Protocol: tcp, SourceIp: 192.168.2.6, SourceIsIpv6: false, SourcePort: 49739

Sigma detected: Suspicious Process Parents

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\ProgramData\Drivers\csrss.exe" , CommandLine: "C:\ProgramData\Drivers\csrss.exe" , CommandLine|base64offset|contains: , Image: C:\ProgramData\Drivers\csrss.exe, NewProcessName: C:\ProgramData\Drivers\csrss.exe, OriginalFileName: C:\ProgramData\Drivers\csrss.exe, ParentCommandLine: "C:\ProgramData\Drivers\csrss.exe" , ParentImage: C:\ProgramData\Drivers\csrss.exe, ParentProcessId: 2792, ParentProcessName: csrss.exe, ProcessCommandLine: "C:\ProgramData\Drivers\csrss.exe" , ProcessId: 1468, ProcessName: csrss.exe

Sigma detected: System File Execution Location Anomaly

Source: Process started

Author: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: "C:\ProgramData\Drivers\csrss.exe" , CommandLine: "C:\ProgramData\Drivers\csrss.exe" , CommandLine|base64offset|contains: , Image: C:\ProgramData\Drivers\csrss.exe, NewProcessName: C:\ProgramData\Drivers\csrss.exe, OriginalFileName: C:\ProgramData\Drivers\csrss.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: "C:\ProgramData\Drivers\csrss.exe" , ProcessId: 2792, ProcessName: csrss.exe

Sigma detected: Communication To Uncommon Destination Ports

Source: Network Connection

Author: Florian Roth (Nextron Systems): Data: DestinationIp: 51.89.17.143, DestinationIsIpv6: false, DestinationPort: 8080, EventID: 3, Image: C:\Users\user\Desktop\jXBjxhHQgR.exe, Initiated: true, ProcessId: 4412, Protocol: tcp, SourceIp: 192.168.2.6, SourceIsIpv6: false, SourcePort: 49795

Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\ProgramData\Drivers\csrss.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\jXBjxhHQgR.exe, ProcessId: 4412, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: "C:\ProgramData\Drivers\csrss.exe" , CommandLine: "C:\ProgramData\Drivers\csrss.exe" , CommandLine|base64offset|contains: , Image: C:\ProgramData\Drivers\csrss.exe, NewProcessName: C:\ProgramData\Drivers\csrss.exe, OriginalFileName: C:\ProgramData\Drivers\csrss.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: "C:\ProgramData\Drivers\csrss.exe" , ProcessId: 2792, ProcessName: csrss.exe

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: jXBjxhHQgR.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\ProgramData\Drivers\csrss.exe

Avira: detection malicious, Label: HEUR/AGEN.1311176

Multi AV Scanner detection for dropped file

Source: C:\ProgramData\Drivers\csrss.exe	ReversingLabs: Detection: 42%
Source: C:\ProgramData\Drivers\csrss.exe	Virustotal: Detection: 45%			Perma Link

Multi AV Scanner detection for submitted file

Source: jXBjxhHQgR.exe	ReversingLabs: Detection: 42%
Source: jXBjxhHQgR.exe	Virustotal: Detection: 45%			Perma Link

Machine Learning detection for dropped file

Source: C:\ProgramData\Drivers\csrss.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: jXBjxhHQgR.exe

Joe Sandbox ML: detected

Source: jXBjxhHQgR.exe, 00000002.00000003.2907239458.0000000003B2C000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: -----BEGIN RSA PUBLIC KEY-----

memstr_0fcf652c-5

Source: jXBjxhHQgR.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 130.225.244.90:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 195.154.106.60:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 135.148.53.59:443 -> 192.168.2.6:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 135.148.150.100:443 -> 192.168.2.6:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 147.135.16.147:443 -> 192.168.2.6:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 147.135.64.217:443 -> 192.168.2.6:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 98.115.87.163:443 -> 192.168.2.6:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 88.216.223.2:443 -> 192.168.2.6:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.19.252.175:443 -> 192.168.2.6:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.157.136.251:443 -> 192.168.2.6:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.109.93.180:443 -> 192.168.2.6:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.251.116.82:443 -> 192.168.2.6:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.217.199.55:443 -> 192.168.2.6:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 46.20.35.116:443 -> 192.168.2.6:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 91.143.81.27:443 -> 192.168.2.6:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 135.148.53.59:443 -> 192.168.2.6:49806 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 147.135.16.147:443 -> 192.168.2.6:49826 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 5.45.98.188:443 -> 192.168.2.6:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 135.148.150.100:443 -> 192.168.2.6:49817 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 147.135.64.217:443 -> 192.168.2.6:49832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 83.212.72.189:443 -> 192.168.2.6:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 176.107.176.31:443 -> 192.168.2.6:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.251.116.82:443 -> 192.168.2.6:49807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 135.148.53.59:443 -> 192.168.2.6:49856 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.81.93.39:443 -> 192.168.2.6:49796 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.44.247.102:443 -> 192.168.2.6:49793 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 88.216.223.2:443 -> 192.168.2.6:49805 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.19.252.175:443 -> 192.168.2.6:49812 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 62.210.123.24:443 -> 192.168.2.6:49797 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.92.34.123:443 -> 192.168.2.6:49847 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 46.20.35.116:443 -> 192.168.2.6:49841 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.92.34.123:443 -> 192.168.2.6:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.109.93.180:443 -> 192.168.2.6:49803 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.251.116.82:443 -> 192.168.2.6:49857 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 91.143.81.27:443 -> 192.168.2.6:49828 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.217.199.55:443 -> 192.168.2.6:49809 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 5.45.98.188:443 -> 192.168.2.6:49819 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 88.216.223.2:443 -> 192.168.2.6:49855 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.217.199.55:443 -> 192.168.2.6:49859 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 193.23.244.244:443 -> 192.168.2.6:49867 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 176.107.176.31:443 -> 192.168.2.6:49835 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.157.136.251:443 -> 192.168.2.6:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.92.34.123:443 -> 192.168.2.6:49866 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.109.93.180:443 -> 192.168.2.6:49853 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 83.212.72.189:443 -> 192.168.2.6:49822 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.92.34.123:443 -> 192.168.2.6:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.162.229.73:443 -> 192.168.2.6:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.13.164.118:443 -> 192.168.2.6:49870 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.58.81.140:443 -> 192.168.2.6:49873 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.109.93.180:443 -> 192.168.2.6:49879 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 131.188.40.189:443 -> 192.168.2.6:49878 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 131.188.40.189:443 -> 192.168.2.6:49885 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.13.164.118:443 -> 192.168.2.6:49886 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 45.66.35.11:443 -> 192.168.2.6:49887 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.58.81.140:443 -> 192.168.2.6:49889 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 193.23.244.244:443 -> 192.168.2.6:49892 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 131.188.40.189:443 -> 192.168.2.6:49896 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 38.154.240.58:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 193.23.244.244:443 -> 192.168.2.6:49898 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 89.168.70.178:443 -> 192.168.2.6:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 89.168.70.178:443 -> 192.168.2.6:49813 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.92.34.123:443 -> 192.168.2.6:49899 version: TLS 1.2

Networking

Found Tor onion address

Source: csrss.exe, 00000005.00000002.3335454812.0000000000824000.00000040.00000400.00020000.00000000.sdmp

String found in binary or memory: Referer: X-Requested-With: XMLHttpRequest Content-Type: application/json;127.0.0.1:--ignore-missing-torrcect[] = --SOCKSPort--DataDirectory--bridgehttp://x5outc76j5k4qrzaqdj2m6eq4amkkpndbqyvmvaz6yl4mmfco6oqxsqd.onionT/reg.php?upd.php?/task.php?/rep.phperr.php?&n=v=b=p=repsf=e=nocache=SEH exceptionSEHSTD: C++.dll4kPv6aJG8e\!update!sleep !regcheckcreateObjectwp-login.phpwp-admin/name="loginform"ionW[] = id="loginform"name="log"id="user_login"name="pwd"id="user_pass"administrator/administrator/index.php ] = id="form-login"action="/administrator= = id="mod-login-username"nd[] = name="username"id="mod-login-password" name="passwd"admin.phpDataLifesubactionusernamepasswordOK{

Source: unknown

Network traffic detected: IP country count 20

Source: global traffic	TCP traffic: 192.168.2.6:49713 -> 147.92.88.67:9001
Source: global traffic	TCP traffic: 192.168.2.6:49714 -> 195.123.209.91:5092
Source: global traffic	TCP traffic: 192.168.2.6:49725 -> 178.17.170.13:9001
Source: global traffic	TCP traffic: 192.168.2.6:49728 -> 185.82.217.49:9001
Source: global traffic	TCP traffic: 192.168.2.6:49735 -> 148.251.41.235:9001
Source: global traffic	TCP traffic: 192.168.2.6:49738 -> 195.201.199.223:1234
Source: global traffic	TCP traffic: 192.168.2.6:49740 -> 51.210.103.252:9001
Source: global traffic	TCP traffic: 192.168.2.6:49742 -> 195.154.168.209:9500
Source: global traffic	TCP traffic: 192.168.2.6:49746 -> 193.142.146.239:9001
Source: global traffic	TCP traffic: 192.168.2.6:49748 -> 145.239.41.102:9100
Source: global traffic	TCP traffic: 192.168.2.6:49752 -> 107.189.8.12:9001
Source: global traffic	TCP traffic: 192.168.2.6:49753 -> 144.217.32.158:9001
Source: global traffic	TCP traffic: 192.168.2.6:49756 -> 193.11.114.46:9003
Source: global traffic	TCP traffic: 192.168.2.6:49758 -> 5.253.84.137:9100
Source: global traffic	TCP traffic: 192.168.2.6:49763 -> 185.220.101.154:11154
Source: global traffic	TCP traffic: 192.168.2.6:49764 -> 85.93.254.36:60443
Source: global traffic	TCP traffic: 192.168.2.6:49765 -> 91.234.199.232:9001
Source: global traffic	TCP traffic: 192.168.2.6:49767 -> 195.154.104.174:9001
Source: global traffic	TCP traffic: 192.168.2.6:49769 -> 193.105.134.186:9001
Source: global traffic	TCP traffic: 192.168.2.6:49770 -> 217.194.154.18:46856
Source: global traffic	TCP traffic: 192.168.2.6:49772 -> 15.204.140.9:8443
Source: global traffic	TCP traffic: 192.168.2.6:49773 -> 134.102.200.101:9001
Source: global traffic	TCP traffic: 192.168.2.6:49775 -> 51.222.24.62:9001
Source: global traffic	TCP traffic: 192.168.2.6:49776 -> 135.148.54.98:9001
Source: global traffic	TCP traffic: 192.168.2.6:49777 -> 185.243.218.202:13443
Source: global traffic	TCP traffic: 192.168.2.6:49779 -> 15.204.234.61:9100
Source: global traffic	TCP traffic: 192.168.2.6:49781 -> 185.220.101.196:8443
Source: global traffic	TCP traffic: 192.168.2.6:49783 -> 65.21.195.87:9001
Source: global traffic	TCP traffic: 192.168.2.6:49782 -> 89.58.34.53:9001
Source: global traffic	TCP traffic: 192.168.2.6:49784 -> 202.61.237.56:2087
Source: global traffic	TCP traffic: 192.168.2.6:49785 -> 109.104.152.127:9001
Source: global traffic	TCP traffic: 192.168.2.6:49788 -> 45.141.57.69:9001
Source: global traffic	TCP traffic: 192.168.2.6:49790 -> 96.234.180.68:9001
Source: global traffic	TCP traffic: 192.168.2.6:49791 -> 84.247.164.65:9001
Source: global traffic	TCP traffic: 192.168.2.6:49792 -> 5.255.109.214:9001
Source: global traffic	TCP traffic: 192.168.2.6:49795 -> 51.89.17.143:8080
Source: global traffic	TCP traffic: 192.168.2.6:49794 -> 37.1.204.243:9001
Source: global traffic	TCP traffic: 192.168.2.6:49868 -> 128.31.0.39:9101

Source: Joe Sandbox View	IP Address: 171.25.193.9 171.25.193.9
Source: Joe Sandbox View	IP Address: 171.25.193.9 171.25.193.9
Source: Joe Sandbox View	IP Address: 45.66.33.45 45.66.33.45

Source: Joe Sandbox View

JA3 fingerprint: 83d60721ecc423892660e275acc4dffd

Source: unknown	TCP traffic detected without corresponding DNS query: 130.225.244.90
Source: unknown	TCP traffic detected without corresponding DNS query: 130.225.244.90
Source: unknown	TCP traffic detected without corresponding DNS query: 130.225.244.90
Source: unknown	TCP traffic detected without corresponding DNS query: 130.225.244.90
Source: unknown	TCP traffic detected without corresponding DNS query: 130.225.244.90
Source: unknown	TCP traffic detected without corresponding DNS query: 130.225.244.90
Source: unknown	TCP traffic detected without corresponding DNS query: 147.92.88.67
Source: unknown	TCP traffic detected without corresponding DNS query: 147.92.88.67
Source: unknown	TCP traffic detected without corresponding DNS query: 147.92.88.67
Source: unknown	TCP traffic detected without corresponding DNS query: 195.123.209.91
Source: unknown	TCP traffic detected without corresponding DNS query: 195.123.209.91
Source: unknown	TCP traffic detected without corresponding DNS query: 195.123.209.91
Source: unknown	TCP traffic detected without corresponding DNS query: 147.92.88.67
Source: unknown	TCP traffic detected without corresponding DNS query: 147.92.88.67
Source: unknown	TCP traffic detected without corresponding DNS query: 195.154.106.60
Source: unknown	TCP traffic detected without corresponding DNS query: 195.154.106.60
Source: unknown	TCP traffic detected without corresponding DNS query: 45.66.33.45
Source: unknown	TCP traffic detected without corresponding DNS query: 195.154.106.60
Source: unknown	TCP traffic detected without corresponding DNS query: 45.66.33.45
Source: unknown	TCP traffic detected without corresponding DNS query: 45.66.33.45
Source: unknown	TCP traffic detected without corresponding DNS query: 195.154.106.60
Source: unknown	TCP traffic detected without corresponding DNS query: 195.154.106.60
Source: unknown	TCP traffic detected without corresponding DNS query: 195.154.106.60
Source: unknown	TCP traffic detected without corresponding DNS query: 195.123.209.91
Source: unknown	TCP traffic detected without corresponding DNS query: 195.123.209.91
Source: unknown	TCP traffic detected without corresponding DNS query: 45.66.33.45
Source: unknown	TCP traffic detected without corresponding DNS query: 45.66.33.45
Source: unknown	TCP traffic detected without corresponding DNS query: 178.17.170.13
Source: unknown	TCP traffic detected without corresponding DNS query: 154.35.175.225
Source: unknown	TCP traffic detected without corresponding DNS query: 154.35.175.225
Source: unknown	TCP traffic detected without corresponding DNS query: 178.17.170.13
Source: unknown	TCP traffic detected without corresponding DNS query: 154.35.175.225
Source: unknown	TCP traffic detected without corresponding DNS query: 178.17.170.13
Source: unknown	TCP traffic detected without corresponding DNS query: 178.17.170.13
Source: unknown	TCP traffic detected without corresponding DNS query: 178.17.170.13
Source: unknown	TCP traffic detected without corresponding DNS query: 154.35.175.225
Source: unknown	TCP traffic detected without corresponding DNS query: 154.35.175.225
Source: unknown	TCP traffic detected without corresponding DNS query: 185.82.217.49
Source: unknown	TCP traffic detected without corresponding DNS query: 171.25.193.9
Source: unknown	TCP traffic detected without corresponding DNS query: 185.82.217.49
Source: unknown	TCP traffic detected without corresponding DNS query: 171.25.193.9
Source: unknown	TCP traffic detected without corresponding DNS query: 185.82.217.49
Source: unknown	TCP traffic detected without corresponding DNS query: 171.25.193.9
Source: unknown	TCP traffic detected without corresponding DNS query: 171.25.193.9
Source: unknown	TCP traffic detected without corresponding DNS query: 185.82.217.49
Source: unknown	TCP traffic detected without corresponding DNS query: 171.25.193.9
Source: unknown	TCP traffic detected without corresponding DNS query: 185.82.217.49
Source: unknown	TCP traffic detected without corresponding DNS query: 171.25.193.9
Source: unknown	TCP traffic detected without corresponding DNS query: 171.25.193.9
Source: unknown	TCP traffic detected without corresponding DNS query: 171.25.193.9

Source: csrss.exe, 00000005.00000002.3336796106.0000000002812000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 4,~d,~www.yahoo.com equals www.yahoo.com (Yahoo)
Source: csrss.exe, 00000005.00000002.3335454812.0000000000400000.00000040.00000400.00020000.00000000.sdmp, csrss.exe, 00000005.00000002.3336796106.000000000281C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org equals www.yahoo.com (Yahoo)
Source: csrss.exe, 00000005.00000002.3336796106.0000000002812000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.yahoo.com equals www.yahoo.com (Yahoo)

Source: csrss.exe, 00000005.00000002.3335454812.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://www.openssl.org/support/faq.html
Source: csrss.exe, 00000005.00000002.3335454812.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://www.openssl.org/support/faq.htmlTYPE=2OpenSSL
Source: csrss.exe, 00000005.00000002.3335454812.0000000000824000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://x5outc76j5k4qrzaqdj2m6eq4amkkpndbqyvmvaz6yl4mmfco6oqxsqd.onionT/reg.php?upd.php?/task.php?/re
Source: csrss.exe, 00000005.00000002.3335454812.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https:///phpMyAdmin//PhpMyAdmin//pma/rootmysqlimapssmtpspop3sscp://your_IP_is_greylisted_README.txt2
Source: csrss.exe, 00000005.00000002.3335454812.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: csrss.exe, 00000005.00000002.3335454812.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://curl.se/docs/hsts.html
Source: csrss.exe, 00000005.00000002.3335454812.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: jXBjxhHQgR.exe, 00000002.00000003.2622001999.0000000002EF6000.00000004.00000020.00020000.00000000.sdmp, jXBjxhHQgR.exe, 00000002.00000003.3073536204.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, jXBjxhHQgR.exe, 00000002.00000003.3079199680.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, jXBjxhHQgR.exe, 00000002.00000003.2592881168.00000000036B1000.00000004.00000020.00020000.00000000.sdmp, jXBjxhHQgR.exe, 00000002.00000003.2596024674.0000000003A67000.00000004.00000020.00020000.00000000.sdmp, jXBjxhHQgR.exe, 00000002.00000003.2593135666.00000000037F3000.00000004.00000020.00020000.00000000.sdmp, cached-microdesc-consensus.tmp.2.dr, unverified-microdesc-consensus.tmp.2.dr	String found in binary or memory: https://sabotage.net
Source: csrss.exe, 00000005.00000002.3335454812.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://trac.torproject.org/projects/tor/ticket/14917.
Source: csrss.exe, 00000005.00000002.3335454812.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.torproject.org/
Source: csrss.exe, 00000005.00000002.3335454812.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.torproject.org/documentation.html

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866

Source: unknown	HTTPS traffic detected: 130.225.244.90:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 195.154.106.60:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 135.148.53.59:443 -> 192.168.2.6:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 135.148.150.100:443 -> 192.168.2.6:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 147.135.16.147:443 -> 192.168.2.6:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 147.135.64.217:443 -> 192.168.2.6:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 98.115.87.163:443 -> 192.168.2.6:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 88.216.223.2:443 -> 192.168.2.6:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.19.252.175:443 -> 192.168.2.6:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.157.136.251:443 -> 192.168.2.6:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.109.93.180:443 -> 192.168.2.6:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.251.116.82:443 -> 192.168.2.6:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.217.199.55:443 -> 192.168.2.6:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 46.20.35.116:443 -> 192.168.2.6:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 91.143.81.27:443 -> 192.168.2.6:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 135.148.53.59:443 -> 192.168.2.6:49806 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 147.135.16.147:443 -> 192.168.2.6:49826 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 5.45.98.188:443 -> 192.168.2.6:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 135.148.150.100:443 -> 192.168.2.6:49817 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 147.135.64.217:443 -> 192.168.2.6:49832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 83.212.72.189:443 -> 192.168.2.6:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 176.107.176.31:443 -> 192.168.2.6:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.251.116.82:443 -> 192.168.2.6:49807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 135.148.53.59:443 -> 192.168.2.6:49856 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.81.93.39:443 -> 192.168.2.6:49796 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.44.247.102:443 -> 192.168.2.6:49793 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 88.216.223.2:443 -> 192.168.2.6:49805 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.19.252.175:443 -> 192.168.2.6:49812 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 62.210.123.24:443 -> 192.168.2.6:49797 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.92.34.123:443 -> 192.168.2.6:49847 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 46.20.35.116:443 -> 192.168.2.6:49841 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.92.34.123:443 -> 192.168.2.6:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.109.93.180:443 -> 192.168.2.6:49803 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.251.116.82:443 -> 192.168.2.6:49857 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 91.143.81.27:443 -> 192.168.2.6:49828 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.217.199.55:443 -> 192.168.2.6:49809 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 5.45.98.188:443 -> 192.168.2.6:49819 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 88.216.223.2:443 -> 192.168.2.6:49855 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.217.199.55:443 -> 192.168.2.6:49859 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 193.23.244.244:443 -> 192.168.2.6:49867 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 176.107.176.31:443 -> 192.168.2.6:49835 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.157.136.251:443 -> 192.168.2.6:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.92.34.123:443 -> 192.168.2.6:49866 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.109.93.180:443 -> 192.168.2.6:49853 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 83.212.72.189:443 -> 192.168.2.6:49822 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.92.34.123:443 -> 192.168.2.6:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.162.229.73:443 -> 192.168.2.6:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.13.164.118:443 -> 192.168.2.6:49870 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.58.81.140:443 -> 192.168.2.6:49873 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.109.93.180:443 -> 192.168.2.6:49879 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 131.188.40.189:443 -> 192.168.2.6:49878 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 131.188.40.189:443 -> 192.168.2.6:49885 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.13.164.118:443 -> 192.168.2.6:49886 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 45.66.35.11:443 -> 192.168.2.6:49887 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.58.81.140:443 -> 192.168.2.6:49889 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 193.23.244.244:443 -> 192.168.2.6:49892 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 131.188.40.189:443 -> 192.168.2.6:49896 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 38.154.240.58:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 193.23.244.244:443 -> 192.168.2.6:49898 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 89.168.70.178:443 -> 192.168.2.6:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 89.168.70.178:443 -> 192.168.2.6:49813 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.92.34.123:443 -> 192.168.2.6:49899 version: TLS 1.2

E-Banking Fraud

Yara detected CMSBrute

Source: Yara match

File source: 5.2.csrss.exe.400000.0.unpack, type: UNPACKEDPE

System Summary

Malicious sample detected (through community Yara rule)

Source: 00000000.00000002.2101368330.0000000002291000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000003.00000002.2269982007.0000000002600000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown

Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Code function: 0_2_02450110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,ExitProcess,		0_2_02450110
Source: C:\ProgramData\Drivers\csrss.exe	Code function: 3_2_02800110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,ExitProcess,		3_2_02800110

Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Code function: 0_2_0040F87A	0_2_0040F87A
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Code function: 0_2_00411897	0_2_00411897
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Code function: 0_2_004039D9	0_2_004039D9
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Code function: 0_2_0040F308	0_2_0040F308
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Code function: 0_2_0040C7F0	0_2_0040C7F0

Source: C:\Users\user\Desktop\jXBjxhHQgR.exe

Code function: String function: 00404EE0 appears 34 times

Source: jXBjxhHQgR.exe	Binary or memory string: OriginalFilename vs jXBjxhHQgR.exe
Source: jXBjxhHQgR.exe, 00000000.00000000.2092683607.000000000061B000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamesFilezera> vs jXBjxhHQgR.exe
Source: jXBjxhHQgR.exe, 00000002.00000000.2100798216.000000000061B000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamesFilezera> vs jXBjxhHQgR.exe
Source: jXBjxhHQgR.exe	Binary or memory string: OriginalFilenamesFilezera> vs jXBjxhHQgR.exe

Source: jXBjxhHQgR.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 00000000.00000002.2101368330.0000000002291000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000003.00000002.2269982007.0000000002600000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12

Source: classification engine

Classification label: mal100.troj.evad.winEXE@6/9@0/79

Source: C:\Users\user\Desktop\jXBjxhHQgR.exe

Code function: 0_2_022917C6 CreateToolhelp32Snapshot,Module32First,

0_2_022917C6

Source: C:\ProgramData\Drivers\csrss.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\jXBjxhHQgR.exe

File created: C:\Users\user\AppData\Local\Temp\4kPv6aJG8e\

Jump to behavior

Source: jXBjxhHQgR.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\jXBjxhHQgR.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\jXBjxhHQgR.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: jXBjxhHQgR.exe	ReversingLabs: Detection: 42%
Source: jXBjxhHQgR.exe	Virustotal: Detection: 45%

Source: C:\Users\user\Desktop\jXBjxhHQgR.exe

File read: C:\Users\user\Desktop\jXBjxhHQgR.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\jXBjxhHQgR.exe "C:\Users\user\Desktop\jXBjxhHQgR.exe"
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Process created: C:\Users\user\Desktop\jXBjxhHQgR.exe "C:\Users\user\Desktop\jXBjxhHQgR.exe"
Source: unknown	Process created: C:\ProgramData\Drivers\csrss.exe "C:\ProgramData\Drivers\csrss.exe"
Source: C:\ProgramData\Drivers\csrss.exe	Process created: C:\ProgramData\Drivers\csrss.exe "C:\ProgramData\Drivers\csrss.exe"
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Process created: C:\Users\user\Desktop\jXBjxhHQgR.exe "C:\Users\user\Desktop\jXBjxhHQgR.exe"	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe	Process created: C:\ProgramData\Drivers\csrss.exe "C:\ProgramData\Drivers\csrss.exe"	Jump to behavior

Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: csunsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: swift.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: nfhwcrhk.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: surewarehook.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: csunsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: aep.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: atasi.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: swift.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: nfhwcrhk.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: nuronssl.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: surewarehook.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: ubsec.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: aep.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: atasi.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: swift.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: nfhwcrhk.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: nuronssl.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: surewarehook.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: ubsec.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: csunsapi.dll	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: swift.dll	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: nfhwcrhk.dll	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: surewarehook.dll	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: mswsock.dll	Jump to behavior

Source: C:\Users\user\Desktop\jXBjxhHQgR.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: jXBjxhHQgR.exe

Static file information: File size 1950208 > 1048576

Source: jXBjxhHQgR.exe

Static PE information: Raw size of .data is bigger than: 0x100000 < 0x1b9c00

Source: jXBjxhHQgR.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Code function: 0_2_00411ACC push eax; ret	0_2_00411AEA
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Code function: 0_2_00404F25 push ecx; ret	0_2_00404F38
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Code function: 0_2_02338A35 push ds; ret	0_2_02338A36
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Code function: 0_2_023EBA51 push eax; retf	0_2_023EBA53
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Code function: 0_2_023EBAB0 push A7EF5AB4h; ret	0_2_023EBAB7
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Code function: 0_2_023DFAE0 push esi; iretd	0_2_023DFAEB
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Code function: 0_2_023042C0 push eax; iretd	0_2_023042C9
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Code function: 0_2_0231C3F1 push edx; ret	0_2_0231C3F3
Source: C:\ProgramData\Drivers\csrss.exe	Code function: 3_2_0275AA31 push eax; retf	3_2_0275AA33
Source: C:\ProgramData\Drivers\csrss.exe	Code function: 3_2_026A7A15 push ds; ret	3_2_026A7A16
Source: C:\ProgramData\Drivers\csrss.exe	Code function: 3_2_0274EAC0 push esi; iretd	3_2_0274EACB
Source: C:\ProgramData\Drivers\csrss.exe	Code function: 3_2_026732A0 push eax; iretd	3_2_026732A9
Source: C:\ProgramData\Drivers\csrss.exe	Code function: 3_2_0275AA90 push A7EF5AB4h; ret	3_2_0275AA97
Source: C:\ProgramData\Drivers\csrss.exe	Code function: 3_2_0268B3D1 push edx; ret	3_2_0268B3D3
Source: C:\ProgramData\Drivers\csrss.exe	Code function: 5_2_00696299 push ecx; ret	5_2_006962AC

Persistence and Installation Behavior

Drops PE files with benign system names

Source: C:\Users\user\Desktop\jXBjxhHQgR.exe

File created: C:\ProgramData\Drivers\csrss.exe

Jump to dropped file

Source: C:\Users\user\Desktop\jXBjxhHQgR.exe

File created: C:\ProgramData\Drivers\csrss.exe

Jump to dropped file

Source: C:\Users\user\Desktop\jXBjxhHQgR.exe

File created: C:\ProgramData\Drivers\csrss.exe

Jump to dropped file

Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run CSRSS			Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run CSRSS			Jump to behavior

Hooking and other Techniques for Hiding and Protection

May use the Tor software to hide its network traffic

Source: csrss.exe, 00000005.00000002.3335454812.0000000000400000.00000040.00000400.00020000.00000000.sdmp

Binary or memory string: onion-port

Source: C:\Users\user\Desktop\jXBjxhHQgR.exe

Code function: 0_2_004039D9 EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_004039D9

Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Window / User API: threadDelayed 1879	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Window / User API: threadDelayed 7892	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe	Window / User API: threadDelayed 3119	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe	Window / User API: threadDelayed 6873	Jump to behavior

Source: C:\Users\user\Desktop\jXBjxhHQgR.exe

Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess

graph_0-8553

Source: C:\Users\user\Desktop\jXBjxhHQgR.exe TID: 4180	Thread sleep count: 1879 > 30	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe TID: 4180	Thread sleep time: -187900s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe TID: 4180	Thread sleep count: 7892 > 30	Jump to behavior
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe TID: 4180	Thread sleep time: -789200s >= -30000s	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe TID: 64	Thread sleep count: 3119 > 30	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe TID: 64	Thread sleep time: -311900s >= -30000s	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe TID: 64	Thread sleep count: 6873 > 30	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe TID: 64	Thread sleep time: -687300s >= -30000s	Jump to behavior

Source: C:\ProgramData\Drivers\csrss.exe	Last function: Thread delayed
Source: C:\ProgramData\Drivers\csrss.exe	Last function: Thread delayed

Source: csrss.exe, 00000005.00000002.3336626399.0000000000C4A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: csrss.exe, 00000005.00000002.3336464632.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllf

Source: C:\Users\user\Desktop\jXBjxhHQgR.exe

API call chain: ExitProcess graph end node

graph_0-8555

Source: C:\Users\user\Desktop\jXBjxhHQgR.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\jXBjxhHQgR.exe

Code function: 0_2_0040D1F4 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,

0_2_0040D1F4

Source: C:\Users\user\Desktop\jXBjxhHQgR.exe

0_2_0040D1F4

Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Code function: 0_2_022910A3 push dword ptr fs:[00000030h]	0_2_022910A3
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Code function: 0_2_02450042 push dword ptr fs:[00000030h]	0_2_02450042
Source: C:\ProgramData\Drivers\csrss.exe	Code function: 3_2_02600083 push dword ptr fs:[00000030h]	3_2_02600083
Source: C:\ProgramData\Drivers\csrss.exe	Code function: 3_2_02800042 push dword ptr fs:[00000030h]	3_2_02800042

Source: C:\Users\user\Desktop\jXBjxhHQgR.exe

Code function: 0_2_0041154F __lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,

0_2_0041154F

Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Code function: 0_2_00407176 SetUnhandledExceptionFilter,		0_2_00407176
Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Code function: 0_2_004071A7 SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_004071A7

HIPS / PFW / Operating System Protection Evasion

Contains functionality to inject code into remote processes

Source: C:\Users\user\Desktop\jXBjxhHQgR.exe

Code function: 0_2_02450110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,ExitProcess,

0_2_02450110

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Memory written: C:\Users\user\Desktop\jXBjxhHQgR.exe base: 400000 value starts with: 4D5A			Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe	Memory written: C:\ProgramData\Drivers\csrss.exe base: 400000 value starts with: 4D5A			Jump to behavior

Source: C:\Users\user\Desktop\jXBjxhHQgR.exe	Process created: C:\Users\user\Desktop\jXBjxhHQgR.exe "C:\Users\user\Desktop\jXBjxhHQgR.exe"			Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe	Process created: C:\ProgramData\Drivers\csrss.exe "C:\ProgramData\Drivers\csrss.exe"			Jump to behavior

Source: C:\Users\user\Desktop\jXBjxhHQgR.exe

Code function: 0_2_004043D6 cpuid

0_2_004043D6

Source: C:\Users\user\Desktop\jXBjxhHQgR.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\jXBjxhHQgR.exe

Code function: 0_2_00408873 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00408873

Source: C:\Users\user\Desktop\jXBjxhHQgR.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 Registry Run Keys / Startup Folder	211 Process Injection	1 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	11 Archive Collected Data	12 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 Registry Run Keys / Startup Folder	1 Virtualization/Sandbox Evasion	LSASS Memory	131 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	211 Process Injection	Security Account Manager	1 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Multi-hop Proxy	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Deobfuscate/Decode Files or Information	NTDS	2 Process Discovery	Distributed Component Object Model	Input Capture	1 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	2 Obfuscated Files or Information	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	2 Proxy	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	1 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	23 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
jXBjxhHQgR.exe	42%	ReversingLabs
jXBjxhHQgR.exe	46%	Virustotal		Browse
jXBjxhHQgR.exe	100%	Avira	HEUR/AGEN.1311176
jXBjxhHQgR.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\ProgramData\Drivers\csrss.exe	100%	Avira	HEUR/AGEN.1311176
C:\ProgramData\Drivers\csrss.exe	100%	Joe Sandbox ML
C:\ProgramData\Drivers\csrss.exe	42%	ReversingLabs
C:\ProgramData\Drivers\csrss.exe	46%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
https://sabotage.net	0%	URL Reputation	safe
http://www.openssl.org/support/faq.html	0%	URL Reputation	safe
https://curl.se/docs/hsts.html	0%	Avira URL Cloud	safe
https://www.torproject.org/	0%	Avira URL Cloud	safe
https://curl.se/docs/alt-svc.html	0%	Avira URL Cloud	safe
https:///phpMyAdmin//PhpMyAdmin//pma/rootmysqlimapssmtpspop3sscp://your_IP_is_greylisted_README.txt2	0%	Avira URL Cloud	safe
http://www.openssl.org/support/faq.htmlTYPE=2OpenSSL	0%	Avira URL Cloud	safe
http://x5outc76j5k4qrzaqdj2m6eq4amkkpndbqyvmvaz6yl4mmfco6oqxsqd.onionT/reg.php?upd.php?/task.php?/re	0%	Avira URL Cloud	safe
https://curl.se/docs/http-cookies.html	0%	Avira URL Cloud	safe
https://www.torproject.org/documentation.html	0%	Avira URL Cloud	safe
https://trac.torproject.org/projects/tor/ticket/14917.	0%	Avira URL Cloud	safe
https://curl.se/docs/hsts.html	0%	Virustotal		Browse
http://www.openssl.org/support/faq.htmlTYPE=2OpenSSL	0%	Virustotal		Browse
https://www.torproject.org/documentation.html	0%	Virustotal		Browse
https://trac.torproject.org/projects/tor/ticket/14917.	0%	Virustotal		Browse
https://curl.se/docs/http-cookies.html	0%	Virustotal		Browse
https://curl.se/docs/alt-svc.html	0%	Virustotal		Browse
https://www.torproject.org/	1%	Virustotal		Browse

Name	Source	Malicious	Antivirus Detection	Reputation
https://curl.se/docs/hsts.html	csrss.exe, 00000005.00000002.3335454812.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.openssl.org/support/faq.htmlTYPE=2OpenSSL	csrss.exe, 00000005.00000002.3335454812.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.torproject.org/	csrss.exe, 00000005.00000002.3335454812.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://curl.se/docs/alt-svc.html	csrss.exe, 00000005.00000002.3335454812.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https:///phpMyAdmin//PhpMyAdmin//pma/rootmysqlimapssmtpspop3sscp://your_IP_is_greylisted_README.txt2	csrss.exe, 00000005.00000002.3335454812.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://curl.se/docs/http-cookies.html	csrss.exe, 00000005.00000002.3335454812.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://x5outc76j5k4qrzaqdj2m6eq4amkkpndbqyvmvaz6yl4mmfco6oqxsqd.onionT/reg.php?upd.php?/task.php?/re	csrss.exe, 00000005.00000002.3335454812.0000000000824000.00000040.00000400.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://sabotage.net	jXBjxhHQgR.exe, 00000002.00000003.2622001999.0000000002EF6000.00000004.00000020.00020000.00000000.sdmp, jXBjxhHQgR.exe, 00000002.00000003.3073536204.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, jXBjxhHQgR.exe, 00000002.00000003.3079199680.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, jXBjxhHQgR.exe, 00000002.00000003.2592881168.00000000036B1000.00000004.00000020.00020000.00000000.sdmp, jXBjxhHQgR.exe, 00000002.00000003.2596024674.0000000003A67000.00000004.00000020.00020000.00000000.sdmp, jXBjxhHQgR.exe, 00000002.00000003.2593135666.00000000037F3000.00000004.00000020.00020000.00000000.sdmp, cached-microdesc-consensus.tmp.2.dr, unverified-microdesc-consensus.tmp.2.dr	false	URL Reputation: safe	unknown
https://www.torproject.org/documentation.html	csrss.exe, 00000005.00000002.3335454812.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.openssl.org/support/faq.html	csrss.exe, 00000005.00000002.3335454812.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://trac.torproject.org/projects/tor/ticket/14917.	csrss.exe, 00000005.00000002.3335454812.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
171.25.193.9	unknown	Sweden	198093	DFRI-ASForeningenfordigitalafri-ochrattigheterSE	false
195.201.199.223	unknown	Germany	24940	HETZNER-ASDE	false
178.254.31.125	unknown	Germany	42730	EVANZOASDE	false
135.148.54.98	unknown	United States	18676	AVAYAUS	false
38.154.240.58	unknown	United States	174	COGENT-174US	false
89.58.34.53	unknown	Germany	5430	FREENETDEfreenetDatenkommunikationsGmbHDE	false
45.66.33.45	unknown	Netherlands	47482	SPECTRENL	false
5.253.84.137	unknown	Cyprus	57863	SAIBSA	false
109.104.152.127	unknown	Albania	48265	ITIRANA-AL-ASImportfromPronetAL	false
65.109.93.180	unknown	United States	11022	ALABANZA-BALTUS	false
185.220.101.154	unknown	Germany	208294	ASMKNL	false
185.220.101.196	unknown	Germany	208294	ASMKNL	false
83.212.72.189	unknown	Greece	9069	AthensEgaleoGREECEGR	false
217.194.154.18	unknown	United Kingdom	8513	SKYVISIONGB	false
23.157.136.251	unknown	Reserved	396101	NETCLOUD-ASNUS	false
96.234.180.68	unknown	United States	701	UUNETUS	false
51.89.17.143	unknown	France	16276	OVHFR	false
95.217.199.55	unknown	Germany	24940	HETZNER-ASDE	false
86.59.21.38	unknown	Austria	8437	UTA-ASAT	false
65.21.195.87	unknown	United States	199592	CP-ASDE	false
162.251.116.82	unknown	Reserved	6576	SUMMITCOMMUS	false
98.115.87.163	unknown	United States	701	UUNETUS	false
185.233.104.172	unknown	Germany	197540	NETCUP-ASnetcupGmbHDE	false
154.35.175.225	unknown	United States	14987	RETHEMHOSTINGUS	false
91.234.199.232	unknown	Ukraine	51252	DSSGROUP-ASUA	false
107.189.8.12	unknown	United States	53667	PONYNETUS	false
128.31.0.39	unknown	United States	3	MIT-GATEWAYSUS	false
195.154.106.60	unknown	France	12876	OnlineSASFR	false
185.243.218.202	unknown	Norway	56655	TERRAHOSTNO	false
45.66.35.11	unknown	Netherlands	47482	SPECTRENL	false
185.82.217.49	unknown	Bulgaria	59729	ITL-BG	false
204.13.164.118	unknown	United States	25700	25700US	false
195.154.104.174	unknown	France	12876	OnlineSASFR	false
147.135.31.134	unknown	United States	16276	OVHFR	false
37.1.204.243	unknown	Ukraine	58061	SCALAXY-ASNL	false
162.19.252.175	unknown	United States	209	CENTURYLINK-US-LEGACY-QWESTUS	false
51.210.103.252	unknown	France	16276	OVHFR	false
23.92.34.123	unknown	United States	54098	LIONLINK-NETWORKSUS	false
134.102.200.101	unknown	Germany	680	DFNVereinzurFoerderungeinesDeutschenForschungsnetzese	false
5.255.109.214	unknown	Netherlands	60404	LITESERVERNL	false
144.217.32.158	unknown	Canada	16276	OVHFR	false
202.61.237.56	unknown	Australia	4842	TH-AS-APTianhaiInfoTechCN	false
193.23.244.244	unknown	Germany	50472	CHAOS-ASDE	false
62.210.123.24	unknown	France	12876	OnlineSASFR	false
95.217.112.218	unknown	Germany	24940	HETZNER-ASDE	false
147.92.88.67	unknown	United States	396097	SAIL-INETUS	false
147.135.64.217	unknown	United States	16276	OVHFR	false
88.216.223.2	unknown	Lithuania	47838	SOCIUSLT	false
185.220.101.211	unknown	Germany	208294	ASMKNL	false
46.20.35.116	unknown	Germany	24961	MYLOC-ASIPBackboneofmyLocmanagedITAGDE	false
147.135.16.147	unknown	United States	16276	OVHFR	false
15.204.234.61	unknown	United States	71	HP-INTERNET-ASUS	false
77.162.229.73	unknown	Netherlands	1136	KPNKPNNationalEU	false
51.81.93.39	unknown	United States	16276	OVHFR	false
148.251.41.235	unknown	Germany	24940	HETZNER-ASDE	false
192.99.228.114	unknown	Canada	16276	OVHFR	true
135.148.53.59	unknown	United States	18676	AVAYAUS	false
142.44.247.102	unknown	Canada	16276	OVHFR	false
131.188.40.189	unknown	Germany	680	DFNVereinzurFoerderungeinesDeutschenForschungsnetzese	false
15.204.140.9	unknown	United States	71	HP-INTERNET-ASUS	false
193.11.114.46	unknown	Sweden	1653	SUNETSUNETSwedishUniversityNetworkEU	false
176.107.176.31	unknown	Ukraine	42331	FREEHOSTUA	false
195.123.209.91	unknown	Bulgaria	50979	ITL-LV	false
130.225.244.90	unknown	Denmark	1835	FSKNET-DKForskningsnettet-DanishnetworkforResearchand	false
91.143.81.27	unknown	Germany	35366	ISPPRO-ASISPPRO-AScoversthenetworksofISPproDE	false
145.239.41.102	unknown	France	16276	OVHFR	false
199.58.81.140	unknown	Canada	7765	KOUMBITCA	false
193.105.134.186	unknown	Sweden	42237	ICMESE	false
195.154.168.209	unknown	France	12876	OnlineSASFR	false
89.168.70.178	unknown	United Kingdom	9105	TISCALI-UKTalkTalkCommunicationsLimitedGB	false
84.247.164.65	unknown	Norway	29300	AS-DIRECTCONNECTNO	false
5.45.98.188	unknown	Germany	197540	NETCUP-ASnetcupGmbHDE	false
135.148.150.100	unknown	United States	18676	AVAYAUS	false
45.141.57.69	unknown	Germany	30823	COMBAHTONcombahtonGmbHDE	false
193.142.146.239	unknown	Netherlands	208046	HOSTSLICK-GERMANYNL	false
85.93.254.36	unknown	Norway	61275	ASN-NEASNO	false
178.17.170.13	unknown	Moldova Republic of	43289	TRABIAMD	false
51.222.24.62	unknown	France	16276	OVHFR	false

Private

IP
127.0.0.1

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1444168
Start date and time:	2024-05-20 09:22:10 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 45s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	jXBjxhHQgR.exe renamed because original name is a hash value
Original Sample Name:	8305c45696b7e6763ff343ca024682d1.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@6/9@0/79
EGA Information:	Successful, ratio: 50%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target csrss.exe, PID 1468 because there are no executed function
HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
03:23:40	API Interceptor	1760682x Sleep call for process: jXBjxhHQgR.exe modified
03:23:55	API Interceptor	836309x Sleep call for process: csrss.exe modified
09:23:06	Autostart	Run: HKLM\Software\Microsoft\Windows\CurrentVersion\Run CSRSS "C:\ProgramData\Drivers\csrss.exe"

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
171.25.193.9	R53a3ZJHBQ.exe	Get hash	malicious	SystemBC	Browse	171.25.193.9/tor/status-vote/current/consensus
	x3WX1kHqcx.exe	Get hash	malicious	SystemBC	Browse	171.25.193.9/tor/status-vote/current/consensus
	oGO7Hy4YCH.exe	Get hash	malicious	SystemBC	Browse	171.25.193.9/tor/status-vote/current/consensus
	SPXp2YHDFz.exe	Get hash	malicious	Unknown	Browse	171.25.193.9/tor/status-vote/current/consensus
	ILI1MGzcig.exe	Get hash	malicious	Unknown	Browse	171.25.193.9/tor/status-vote/current/consensus
	lwRhzjuYIg.exe	Get hash	malicious	Unknown	Browse	171.25.193.9/tor/status-vote/current/consensus
	OVrJ9mtD6Y.exe	Get hash	malicious	TinyNuke	Browse	171.25.193.9/tor/status-vote/current/consensus
	F75rJPKdGb.exe	Get hash	malicious	Kronos	Browse	171.25.193.9/tor/status-vote/current/consensus
	ozJy5Zf5cf.exe	Get hash	malicious	Kronos	Browse	171.25.193.9/tor/status-vote/current/consensus
	zfpLjnr5P9.exe	Get hash	malicious	Kronos	Browse	171.25.193.9/tor/status-vote/current/consensus
178.254.31.125	Mcb5K3TOWT.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Glupteba, LummaC Stealer, SmokeLoader, Socks5Systemz, Stealc	Browse
	01b9T4tDdG.exe	Get hash	malicious	Glupteba, LummaC Stealer, RedLine, RisePro Stealer, SmokeLoader	Browse
	file.exe	Get hash	malicious	Unknown	Browse
135.148.54.98	file.exe	Get hash	malicious	RedLine, SmokeLoader	Browse
38.154.240.58	38gmTjpc3Y.exe	Get hash	malicious	LummaC, Glupteba, LummaC Stealer, SmokeLoader, Socks5Systemz, Stealc	Browse
38.154.240.58	RlvKA19dEC.exe	Get hash	malicious	BazaLoader	Browse
45.66.33.45	PHHOjspjmp.exe	Get hash	malicious	CMSBrute	Browse
	Mcb5K3TOWT.exe	Get hash	malicious	Unknown	Browse
	906o5yr1NE.exe	Get hash	malicious	LummaC, Glupteba, LummaC Stealer, SmokeLoader, Stealc, Xmrig	Browse
	KWwpSm0Cec.exe	Get hash	malicious	LummaC, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Stealc, Vidar	Browse
	SKHOtnHl7J.exe	Get hash	malicious	LummaC, Glupteba, LummaC Stealer, SmokeLoader, Socks5Systemz, Stealc	Browse
	1AIemYSAZy.exe	Get hash	malicious	Glupteba, LummaC Stealer, SmokeLoader, Stealc	Browse
	ENEDGCErLu.exe	Get hash	malicious	LummaC, Glupteba, LummaC Stealer, SmokeLoader, Stealc, SystemBC	Browse
	OShRqF6jNV.exe	Get hash	malicious	Glupteba, LummaC Stealer, SmokeLoader, Stealc, SystemBC, Xmrig	Browse
	MCYq2AqNU0.exe	Get hash	malicious	Glupteba, LummaC Stealer, SmokeLoader, Stealc, Xmrig	Browse
	e6sLDuysz9.exe	Get hash	malicious	Glupteba, LummaC Stealer, SmokeLoader, Stealc	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
EVANZOASDE	Mcb5K3TOWT.exe	Get hash	malicious	Unknown	Browse	178.254.31.125
	iHdfLpj7dF.elf	Get hash	malicious	Mirai	Browse	178.254.19.6
	https://379388.seu2.cleverreach.com/c/91435175/9b36c77c185-s82q1v	Get hash	malicious	Unknown	Browse	178.254.10.205
	file.exe	Get hash	malicious	Glupteba, LummaC Stealer, SmokeLoader, Socks5Systemz, Stealc	Browse	178.254.31.125
	http://www.trim-glb.de	Get hash	malicious	Unknown	Browse	178.254.10.72
	uetfu6ZLWZ.exe	Get hash	malicious	Glupteba, RedLine, SmokeLoader, Stealc	Browse	178.254.26.126
	01b9T4tDdG.exe	Get hash	malicious	Glupteba, LummaC Stealer, RedLine, RisePro Stealer, SmokeLoader	Browse	178.254.31.125
	SyD1FiOG1p.exe	Get hash	malicious	LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Socks5Systemz	Browse	178.254.24.208
	Bznx8G6dMz.exe	Get hash	malicious	RedLine, SmokeLoader	Browse	178.254.12.152
	file.exe	Get hash	malicious	Unknown	Browse	178.254.31.125
AVAYAUS	GK9sEyIS4f.elf	Get hash	malicious	Mirai	Browse	135.57.160.207
	cOADrrPFLT.elf	Get hash	malicious	Mirai	Browse	135.83.183.45
	N4OvIeLPCh.elf	Get hash	malicious	Mirai	Browse	135.81.180.185
	9MKcu3Fa7q.elf	Get hash	malicious	Mirai	Browse	135.60.217.87
	16blfU3HlS.elf	Get hash	malicious	Mirai	Browse	198.158.115.221
	fKfXkNYfLY.elf	Get hash	malicious	Mirai	Browse	198.155.83.118
	qMh36Rvh4J.elf	Get hash	malicious	Mirai	Browse	135.83.183.84
	EE9yU8bN9i.elf	Get hash	malicious	Unknown	Browse	135.60.205.63
	4DSN0Zi9Og.elf	Get hash	malicious	Unknown	Browse	135.80.96.182
	NnS9ImJPht.elf	Get hash	malicious	Unknown	Browse	135.105.43.31
COGENT-174US	PO#RMS9877946001 RMSMARINE SERVICE.com.exe	Get hash	malicious	Remcos, GuLoader	Browse	38.15.131.137
	AAwUREvt6b.elf	Get hash	malicious	Mirai	Browse	38.176.106.82
	xRBySTKZ8E.elf	Get hash	malicious	Mirai	Browse	38.61.98.154
	TxXQ106ErI.elf	Get hash	malicious	Mirai	Browse	38.191.248.9
	RE Draft BL for BK#440019497 REF#388855.exe	Get hash	malicious	FormBook	Browse	38.47.232.37
	GK9sEyIS4f.elf	Get hash	malicious	Mirai	Browse	38.120.27.193
	eyKGju2MU8.elf	Get hash	malicious	Mirai	Browse	206.232.91.81
	IUzBqUNYMK.elf	Get hash	malicious	Unknown	Browse	38.250.231.36
	file.exe	Get hash	malicious	SystemBC	Browse	154.55.194.116
	https://pixeldrain.com/l/fXxFweL2	Get hash	malicious	Babadeda, Blank Grabber, Osno	Browse	50.7.236.50
HETZNER-ASDE	RE Draft BL for BK#440019497 REF#388855.exe	Get hash	malicious	FormBook	Browse	116.203.164.244
	https://mobile-sides-vertical-2.xv2.us/	Get hash	malicious	Unknown	Browse	78.46.3.4
	https://kko10-secondary.z8.web.core.windows.net/werrx01USAHTML/?bcda=02331-9759-835	Get hash	malicious	Unknown	Browse	195.201.57.90
	IUzBqUNYMK.elf	Get hash	malicious	Unknown	Browse	148.251.179.178
	file.exe	Get hash	malicious	SystemBC	Browse	176.9.131.126
	file.exe	Get hash	malicious	Vidar	Browse	116.202.5.235
	https://pixeldrain.com/l/fXxFweL2	Get hash	malicious	Babadeda, Blank Grabber, Osno	Browse	78.47.86.208
	file.exe	Get hash	malicious	Vidar	Browse	116.202.5.235
	qbs5CBr95m.exe	Get hash	malicious	CryptOne, Vidar	Browse	116.202.5.235
	Xy52lgBlGY.exe	Get hash	malicious	CryptOne, Vidar	Browse	116.202.5.235
DFRI-ASForeningenfordigitalafri-ochrattigheterSE	c8sDO7umrx.exe	Get hash	malicious	CMSBrute	Browse	171.25.193.9
	PHHOjspjmp.exe	Get hash	malicious	CMSBrute	Browse	171.25.193.9
	77system.vbs	Get hash	malicious	Xmrig	Browse	171.25.193.20
	Mcb5K3TOWT.exe	Get hash	malicious	Unknown	Browse	171.25.193.9
	7VzdKNO227.exe	Get hash	malicious	Unknown	Browse	171.25.193.9
	LIRR4A0xzv.exe	Get hash	malicious	Amadey, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Socks5Systemz, Stealc	Browse	171.25.193.9
	m5EyzJ7S8S.exe	Get hash	malicious	Amadey, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Stealc, Vidar	Browse	171.25.193.9
	906o5yr1NE.exe	Get hash	malicious	LummaC, Glupteba, LummaC Stealer, SmokeLoader, Stealc, Xmrig	Browse	171.25.193.9
	PjgTyZiVh0.exe	Get hash	malicious	LummaC, Glupteba, LummaC Stealer, SmokeLoader, Socks5Systemz, Stealc, Xmrig	Browse	171.25.193.9
	xZnG1FFx7L.exe	Get hash	malicious	LummaC, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Socks5Systemz, Stealc	Browse	171.25.193.9

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
83d60721ecc423892660e275acc4dffd	c8sDO7umrx.exe	Get hash	malicious	CMSBrute	Browse	62.210.123.24 38.154.240.58 147.135.64.217 88.216.223.2 65.109.93.180 46.20.35.116 83.212.72.189 147.135.16.147 77.162.229.73 23.157.136.251 95.217.199.55 98.115.87.163 162.251.116.82 51.81.93.39 135.148.53.59 142.44.247.102 131.188.40.189 176.107.176.31 195.154.106.60 45.66.35.11 130.225.244.90 91.143.81.27 204.13.164.118 199.58.81.140 89.168.70.178 162.19.252.175 5.45.98.188 135.148.150.100 23.92.34.123 193.23.244.244
	PHHOjspjmp.exe	Get hash	malicious	CMSBrute	Browse	62.210.123.24 38.154.240.58 147.135.64.217 88.216.223.2 65.109.93.180 46.20.35.116 83.212.72.189 147.135.16.147 77.162.229.73 23.157.136.251 95.217.199.55 98.115.87.163 162.251.116.82 51.81.93.39 135.148.53.59 142.44.247.102 131.188.40.189 176.107.176.31 195.154.106.60 45.66.35.11 130.225.244.90 91.143.81.27 204.13.164.118 199.58.81.140 89.168.70.178 162.19.252.175 5.45.98.188 135.148.150.100 23.92.34.123 193.23.244.244
	Mcb5K3TOWT.exe	Get hash	malicious	Unknown	Browse	62.210.123.24 38.154.240.58 147.135.64.217 88.216.223.2 65.109.93.180 46.20.35.116 83.212.72.189 147.135.16.147 77.162.229.73 23.157.136.251 95.217.199.55 98.115.87.163 162.251.116.82 51.81.93.39 135.148.53.59 142.44.247.102 131.188.40.189 176.107.176.31 195.154.106.60 45.66.35.11 130.225.244.90 91.143.81.27 204.13.164.118 199.58.81.140 89.168.70.178 162.19.252.175 5.45.98.188 135.148.150.100 23.92.34.123 193.23.244.244
	7VzdKNO227.exe	Get hash	malicious	Unknown	Browse	62.210.123.24 38.154.240.58 147.135.64.217 88.216.223.2 65.109.93.180 46.20.35.116 83.212.72.189 147.135.16.147 77.162.229.73 23.157.136.251 95.217.199.55 98.115.87.163 162.251.116.82 51.81.93.39 135.148.53.59 142.44.247.102 131.188.40.189 176.107.176.31 195.154.106.60 45.66.35.11 130.225.244.90 91.143.81.27 204.13.164.118 199.58.81.140 89.168.70.178 162.19.252.175 5.45.98.188 135.148.150.100 23.92.34.123 193.23.244.244
	fonts-util	Get hash	malicious	Unknown	Browse	62.210.123.24 38.154.240.58 147.135.64.217 88.216.223.2 65.109.93.180 46.20.35.116 83.212.72.189 147.135.16.147 77.162.229.73 23.157.136.251 95.217.199.55 98.115.87.163 162.251.116.82 51.81.93.39 135.148.53.59 142.44.247.102 131.188.40.189 176.107.176.31 195.154.106.60 45.66.35.11 130.225.244.90 91.143.81.27 204.13.164.118 199.58.81.140 89.168.70.178 162.19.252.175 5.45.98.188 135.148.150.100 23.92.34.123 193.23.244.244
	cups-utils-helper	Get hash	malicious	Unknown	Browse	62.210.123.24 38.154.240.58 147.135.64.217 88.216.223.2 65.109.93.180 46.20.35.116 83.212.72.189 147.135.16.147 77.162.229.73 23.157.136.251 95.217.199.55 98.115.87.163 162.251.116.82 51.81.93.39 135.148.53.59 142.44.247.102 131.188.40.189 176.107.176.31 195.154.106.60 45.66.35.11 130.225.244.90 91.143.81.27 204.13.164.118 199.58.81.140 89.168.70.178 162.19.252.175 5.45.98.188 135.148.150.100 23.92.34.123 193.23.244.244
	LIRR4A0xzv.exe	Get hash	malicious	Amadey, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Socks5Systemz, Stealc	Browse	62.210.123.24 38.154.240.58 147.135.64.217 88.216.223.2 65.109.93.180 46.20.35.116 83.212.72.189 147.135.16.147 77.162.229.73 23.157.136.251 95.217.199.55 98.115.87.163 162.251.116.82 51.81.93.39 135.148.53.59 142.44.247.102 131.188.40.189 176.107.176.31 195.154.106.60 45.66.35.11 130.225.244.90 91.143.81.27 204.13.164.118 199.58.81.140 89.168.70.178 162.19.252.175 5.45.98.188 135.148.150.100 23.92.34.123 193.23.244.244
	SecuriteInfo.com.Win32.RansomX-gen.4067.126.exe	Get hash	malicious	LummaC, Amadey, Glupteba, LummaC Stealer, Mars Stealer, RedLine, SmokeLoader	Browse	62.210.123.24 38.154.240.58 147.135.64.217 88.216.223.2 65.109.93.180 46.20.35.116 83.212.72.189 147.135.16.147 77.162.229.73 23.157.136.251 95.217.199.55 98.115.87.163 162.251.116.82 51.81.93.39 135.148.53.59 142.44.247.102 131.188.40.189 176.107.176.31 195.154.106.60 45.66.35.11 130.225.244.90 91.143.81.27 204.13.164.118 199.58.81.140 89.168.70.178 162.19.252.175 5.45.98.188 135.148.150.100 23.92.34.123 193.23.244.244
	m5EyzJ7S8S.exe	Get hash	malicious	Amadey, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Stealc, Vidar	Browse	62.210.123.24 38.154.240.58 147.135.64.217 88.216.223.2 65.109.93.180 46.20.35.116 83.212.72.189 147.135.16.147 77.162.229.73 23.157.136.251 95.217.199.55 98.115.87.163 162.251.116.82 51.81.93.39 135.148.53.59 142.44.247.102 131.188.40.189 176.107.176.31 195.154.106.60 45.66.35.11 130.225.244.90 91.143.81.27 204.13.164.118 199.58.81.140 89.168.70.178 162.19.252.175 5.45.98.188 135.148.150.100 23.92.34.123 193.23.244.244
	7vMi37TpMO.exe	Get hash	malicious	LummaC, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Socks5Systemz, Stealc	Browse	62.210.123.24 38.154.240.58 147.135.64.217 88.216.223.2 65.109.93.180 46.20.35.116 83.212.72.189 147.135.16.147 77.162.229.73 23.157.136.251 95.217.199.55 98.115.87.163 162.251.116.82 51.81.93.39 135.148.53.59 142.44.247.102 131.188.40.189 176.107.176.31 195.154.106.60 45.66.35.11 130.225.244.90 91.143.81.27 204.13.164.118 199.58.81.140 89.168.70.178 162.19.252.175 5.45.98.188 135.148.150.100 23.92.34.123 193.23.244.244

Process:	C:\Users\user\Desktop\jXBjxhHQgR.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1950208
Entropy (8bit):	7.959914992966583
Encrypted:	false
SSDEEP:	49152:WlsJPNJLt1TzK2m8Q2AajccD1RTsTmeC2yHL+Hq:WOJPNJDm8Q2Q4Tf2Y6
MD5:	8305C45696B7E6763FF343CA024682D1
SHA1:	B645F3FE56AC86FFDE7D0E72EF48CD3EB4F48220
SHA-256:	649A88EF17DAFB0BD1F0D55E752DE143E2428927DD5E754B65B5B4B251069C1E
SHA-512:	0140F7B9F17EF4491E901EAE2B6D882975E679594E1D208FC13E19BC88670B274F7B36F79F94A0F03BAF1413C87AEB5CF42687D41AE4B85F9C98B7C38F54474A
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 42% Antivirus: Virustotal, Detection: 46%, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[7..:Y.:Y.:Y.h..:Y.h...:Y.h..:Y.B..:Y.:X..:Y.1...:Y.h..:Y.1...:Y.Rich.:Y.........................PE..L....[.c.....................>!......=....... ....@..........................`"......;.........................................d.....!.............................8................................x..@............ ..d............................text...3........................... ..`.rdata...k... ...l..................@..@.data..... ..........\|..............@....rsrc.........!.....................@..@................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\4KPV6A~1\cached-certs (copy)

Download File

Process:	C:\Users\user\Desktop\jXBjxhHQgR.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	20852
Entropy (8bit):	6.0533350090263625
Encrypted:	false
SSDEEP:	384:y/40VVq1h8PXt9MY4JVtG1hIcCy5U411HVz1h7b50IU4mV91h5/ea4igBVA1hrqw:oJiO9BELGf/Wmxvb+3jnt2a9gBSySyLu
MD5:	E4AFF22D0F098D3FFE3BB5DCD93A4E7F
SHA1:	EE1330D68C176F2FCD03BA0AB684E99EC02FDE47
SHA-256:	99D9C86697CFBE13981752FAF0980122B95FAE9FF1CD6EAF828D72E52CD40BC9
SHA-512:	3BA7D72C586CA88D3380E2810302227C86E959183D4CBBE1A7E62F6E019937AD7EBFE3ECB6930BD3C315D84510DA09DE8A3BA4F309687B19DA7EDFB40EC2AB10
Malicious:	false
Reputation:	low
Preview:	dir-key-certificate-version 3..fingerprint 23D15D965BC35114467363C165C4F724B64B4F66..dir-key-published 2023-09-02 14:31:55..dir-key-expires 2024-09-02 14:31:55..dir-identity-key..-----BEGIN RSA PUBLIC KEY-----..MIIBigKCAYEAlv6XS+VppPaQzOgor0YFlcXLWeXiMn5N3VBneXuw8maLOu9oPJ9z..2/oMQN8a+VOWTf+/jebGzOBK6MamXpgsIZPQWiT18gZMsYdR8mcqBYqVP3khwUWh..9QYkV+m+Auxa0TLzTrsi6dLDJ384XdpDweU+YJghMJNZ1NqiT8ogj84hxs5Tf+Qf..bn7EBIcU7SAKr5Lw25KrMb5e3AZSC5MilBS/KLgVTq/GiWb7pKd5pxGwlGolNX8a..PccZ2ZT2DrSQsct4wVxhSbUqANI3PfMpXvmUDxWWBgbQwLF02/4gi+13snlHtqwl..y1WjE55HVfx1CTX13SStwmF/N3SFtFf1qil3j5qrHdHtKlAYOaTfqab1eLVH1l83..LI5QWD7ri9GpPqIjlh6PuaHjaO2FW20SouZtS9jJKwi1l1G3ef1tSlha1cxkRxIp..U/ngvQBsoa9X26VfQA4MieZgVVdMVwjCNh2YC9aEXc/KxfcBueZkM1194qP88cVu..dOFYaftOkuGPAgMBAAE=..-----END RSA PUBLIC KEY-----..dir-signing-key..-----BEGIN RSA PUBLIC KEY-----..MIIBCgKCAQEAsTgcO/j4mOopmrzOci9YXEWg9n1Dd7rFfeZcse/IV6wPbleb/Z0z..C6XQFfbtEPahRACpBbTH3fPEqSrR0wnrMzezD0jSUH6YjcKnPH3gxqcMH4rRbB0P..XrBmuCaEV0TzdorruxxKJvTTTB0Z

C:\Users\user\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus (copy)

Download File

Process:	C:\Users\user\Desktop\jXBjxhHQgR.exe
File Type:	ASCII text, with very long lines (1006)
Category:	dropped
Size (bytes):	2602942
Entropy (8bit):	5.609188387971644
Encrypted:	false
SSDEEP:	12288:ZrvOrwNzZoGSfoKbtYtJhx5x2MRexCMOqtsZAsCXByqX5Sb:ZrTNzRJBRMxOobsCAs5+
MD5:	85989AD48363B4F972FFFB50C90CD77F
SHA1:	0D1570E8EF32E485917011BA6BBFC313133D0D61
SHA-256:	C598182A7CA2FF63DCE744A72C5CF877DECDDD339A3AE88921B12D97C5F9C50D
SHA-512:	3C522410A466CA0F2C0286D5738E7FD28A2E0440281D091F363C60103B72B4D28C670A5CCD7986C8A8CF10E2DEF857EC5F628190FF873FEAD57FB4DA229F7181
Malicious:	false
Reputation:	low
Preview:	network-status-version 3 microdesc.vote-status consensus.consensus-method 33.valid-after 2024-05-20 07:00:00.fresh-until 2024-05-20 08:00:00.valid-until 2024-05-20 10:00:00.voting-delay 300 300.client-versions 0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9,0.4.8.10,0.4.8.11.server-versions 0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9,0.4.8.10,0.4.8.11.known-flags Authority BadExit Exit Fast Guard HSDir MiddleOnly NoEdConsensus Running Stable StaleDesc Sybil V2Dir Valid.recommended-client-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 Microdesc=2 Relay=2.recommended-relay-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 LinkAuth=3 Microdesc=2 Relay=2.required-client-protocols Cons=2 Desc=2 Link=4 Microdesc=2 Relay=2.required-relay-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 LinkAuth=3 Microdesc=2 Relay=2.params AuthDirMaxServersPerAdd

C:\Users\user\AppData\Local\Temp\4KPV6A~1\state (copy)

Download File

Process:	C:\Users\user\Desktop\jXBjxhHQgR.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	9790
Entropy (8bit):	5.30326842218623
Encrypted:	false
SSDEEP:	192:HbydFlUfLONQGC4zvM4Ik4yZjvN/SgT5z2tKoWL:7ydXUfKNQjEdI3gsi
MD5:	1619B2A5FB6DF383CACE463E5CEE6FCA
SHA1:	25B3A97CA58C5036AC740A9E489006AD6942B6DF
SHA-256:	3EA62B92962EF8FFADA7F29331AEAA3BBABB6616D85A02DBFB790022BCB0442D
SHA-512:	E59A30A373408FD6944C5C30B7CB552F7A505763CAE2EB99F92626BF8A09EC9A865809472AFFDA117542BED72FBF63AF43F07DC7F647E7FF3CDA5461BA0183D3
Malicious:	false
Reputation:	low
Preview:	# Tor state file last generated on 2024-05-20 17:55:47 local time..# Other times below are in UTC..# You do not need to edit this file.....Dormant 0..Guard in=default rsa_id=0EAAFDA08C5066DAB083B9D03980A3B9F3B54C5E nickname=biancacensori sampled_on=2024-05-17T07:59:33 sampled_idx=0 sampled_by=0.4.4.9 listed=1..Guard in=default rsa_id=5CDEC940C15EA7DABBFA8F58CD8945B875DA80C6 nickname=kikimora sampled_on=2024-05-15T02:28:26 sampled_idx=1 sampled_by=0.4.4.9 listed=1..Guard in=default rsa_id=FC1E441E097BA36930AA2F615EFB325AF76D2595 nickname=torcatgirlcloud sampled_on=2024-05-09T20:40:18 sampled_idx=2 sampled_by=0.4.4.9 listed=1..Guard in=default rsa_id=99839C211B81FE5D08D2E1E7EF0734EAFC013999 nickname=Unnamed sampled_on=2024-05-15T14:18:15 sampled_idx=3 sampled_by=0.4.4.9 listed=1..Guard in=default rsa_id=ECEA80FA730FE334D96FDABD2D6829DE52C3F849 nickname=Nightmare sampled_on=2024-05-16T18:47:44 sampled_idx=4 sampled_by=0.4.4.9 listed=1..Guard in=default rsa_id=53AD3B560F118E2D0B2433DD4F4

C:\Users\user\AppData\Local\Temp\4KPV6A~1\unverified-microdesc-consensus (copy)

Download File

Process:	C:\Users\user\Desktop\jXBjxhHQgR.exe
File Type:	ASCII text, with very long lines (1006)
Category:	dropped
Size (bytes):	2602942
Entropy (8bit):	5.609188387971644
Encrypted:	false
SSDEEP:	12288:ZrvOrwNzZoGSfoKbtYtJhx5x2MRexCMOqtsZAsCXByqX5Sb:ZrTNzRJBRMxOobsCAs5+
MD5:	85989AD48363B4F972FFFB50C90CD77F
SHA1:	0D1570E8EF32E485917011BA6BBFC313133D0D61
SHA-256:	C598182A7CA2FF63DCE744A72C5CF877DECDDD339A3AE88921B12D97C5F9C50D
SHA-512:	3C522410A466CA0F2C0286D5738E7FD28A2E0440281D091F363C60103B72B4D28C670A5CCD7986C8A8CF10E2DEF857EC5F628190FF873FEAD57FB4DA229F7181
Malicious:	false
Reputation:	low
Preview:	network-status-version 3 microdesc.vote-status consensus.consensus-method 33.valid-after 2024-05-20 07:00:00.fresh-until 2024-05-20 08:00:00.valid-until 2024-05-20 10:00:00.voting-delay 300 300.client-versions 0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9,0.4.8.10,0.4.8.11.server-versions 0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9,0.4.8.10,0.4.8.11.known-flags Authority BadExit Exit Fast Guard HSDir MiddleOnly NoEdConsensus Running Stable StaleDesc Sybil V2Dir Valid.recommended-client-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 Microdesc=2 Relay=2.recommended-relay-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 LinkAuth=3 Microdesc=2 Relay=2.required-client-protocols Cons=2 Desc=2 Link=4 Microdesc=2 Relay=2.required-relay-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 LinkAuth=3 Microdesc=2 Relay=2.params AuthDirMaxServersPerAdd

C:\Users\user\AppData\Local\Temp\4kPv6aJG8e\cached-certs.tmp

Download File

Process:	C:\Users\user\Desktop\jXBjxhHQgR.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	20852
Entropy (8bit):	6.0533350090263625
Encrypted:	false
SSDEEP:	384:y/40VVq1h8PXt9MY4JVtG1hIcCy5U411HVz1h7b50IU4mV91h5/ea4igBVA1hrqw:oJiO9BELGf/Wmxvb+3jnt2a9gBSySyLu
MD5:	E4AFF22D0F098D3FFE3BB5DCD93A4E7F
SHA1:	EE1330D68C176F2FCD03BA0AB684E99EC02FDE47
SHA-256:	99D9C86697CFBE13981752FAF0980122B95FAE9FF1CD6EAF828D72E52CD40BC9
SHA-512:	3BA7D72C586CA88D3380E2810302227C86E959183D4CBBE1A7E62F6E019937AD7EBFE3ECB6930BD3C315D84510DA09DE8A3BA4F309687B19DA7EDFB40EC2AB10
Malicious:	false
Reputation:	low
Preview:	dir-key-certificate-version 3..fingerprint 23D15D965BC35114467363C165C4F724B64B4F66..dir-key-published 2023-09-02 14:31:55..dir-key-expires 2024-09-02 14:31:55..dir-identity-key..-----BEGIN RSA PUBLIC KEY-----..MIIBigKCAYEAlv6XS+VppPaQzOgor0YFlcXLWeXiMn5N3VBneXuw8maLOu9oPJ9z..2/oMQN8a+VOWTf+/jebGzOBK6MamXpgsIZPQWiT18gZMsYdR8mcqBYqVP3khwUWh..9QYkV+m+Auxa0TLzTrsi6dLDJ384XdpDweU+YJghMJNZ1NqiT8ogj84hxs5Tf+Qf..bn7EBIcU7SAKr5Lw25KrMb5e3AZSC5MilBS/KLgVTq/GiWb7pKd5pxGwlGolNX8a..PccZ2ZT2DrSQsct4wVxhSbUqANI3PfMpXvmUDxWWBgbQwLF02/4gi+13snlHtqwl..y1WjE55HVfx1CTX13SStwmF/N3SFtFf1qil3j5qrHdHtKlAYOaTfqab1eLVH1l83..LI5QWD7ri9GpPqIjlh6PuaHjaO2FW20SouZtS9jJKwi1l1G3ef1tSlha1cxkRxIp..U/ngvQBsoa9X26VfQA4MieZgVVdMVwjCNh2YC9aEXc/KxfcBueZkM1194qP88cVu..dOFYaftOkuGPAgMBAAE=..-----END RSA PUBLIC KEY-----..dir-signing-key..-----BEGIN RSA PUBLIC KEY-----..MIIBCgKCAQEAsTgcO/j4mOopmrzOci9YXEWg9n1Dd7rFfeZcse/IV6wPbleb/Z0z..C6XQFfbtEPahRACpBbTH3fPEqSrR0wnrMzezD0jSUH6YjcKnPH3gxqcMH4rRbB0P..XrBmuCaEV0TzdorruxxKJvTTTB0Z

C:\Users\user\AppData\Local\Temp\4kPv6aJG8e\cached-microdesc-consensus.tmp

Download File

Process:	C:\Users\user\Desktop\jXBjxhHQgR.exe
File Type:	ASCII text, with very long lines (1006)
Category:	dropped
Size (bytes):	2602942
Entropy (8bit):	5.609188387971644
Encrypted:	false
SSDEEP:	12288:ZrvOrwNzZoGSfoKbtYtJhx5x2MRexCMOqtsZAsCXByqX5Sb:ZrTNzRJBRMxOobsCAs5+
MD5:	85989AD48363B4F972FFFB50C90CD77F
SHA1:	0D1570E8EF32E485917011BA6BBFC313133D0D61
SHA-256:	C598182A7CA2FF63DCE744A72C5CF877DECDDD339A3AE88921B12D97C5F9C50D
SHA-512:	3C522410A466CA0F2C0286D5738E7FD28A2E0440281D091F363C60103B72B4D28C670A5CCD7986C8A8CF10E2DEF857EC5F628190FF873FEAD57FB4DA229F7181
Malicious:	false
Reputation:	low
Preview:	network-status-version 3 microdesc.vote-status consensus.consensus-method 33.valid-after 2024-05-20 07:00:00.fresh-until 2024-05-20 08:00:00.valid-until 2024-05-20 10:00:00.voting-delay 300 300.client-versions 0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9,0.4.8.10,0.4.8.11.server-versions 0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9,0.4.8.10,0.4.8.11.known-flags Authority BadExit Exit Fast Guard HSDir MiddleOnly NoEdConsensus Running Stable StaleDesc Sybil V2Dir Valid.recommended-client-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 Microdesc=2 Relay=2.recommended-relay-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 LinkAuth=3 Microdesc=2 Relay=2.required-client-protocols Cons=2 Desc=2 Link=4 Microdesc=2 Relay=2.required-relay-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 LinkAuth=3 Microdesc=2 Relay=2.params AuthDirMaxServersPerAdd

C:\Users\user\AppData\Local\Temp\4kPv6aJG8e\state.tmp

Download File

Process:	C:\Users\user\Desktop\jXBjxhHQgR.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	9790
Entropy (8bit):	5.30326842218623
Encrypted:	false
SSDEEP:	192:HbydFlUfLONQGC4zvM4Ik4yZjvN/SgT5z2tKoWL:7ydXUfKNQjEdI3gsi
MD5:	1619B2A5FB6DF383CACE463E5CEE6FCA
SHA1:	25B3A97CA58C5036AC740A9E489006AD6942B6DF
SHA-256:	3EA62B92962EF8FFADA7F29331AEAA3BBABB6616D85A02DBFB790022BCB0442D
SHA-512:	E59A30A373408FD6944C5C30B7CB552F7A505763CAE2EB99F92626BF8A09EC9A865809472AFFDA117542BED72FBF63AF43F07DC7F647E7FF3CDA5461BA0183D3
Malicious:	false
Reputation:	low
Preview:	# Tor state file last generated on 2024-05-20 17:55:47 local time..# Other times below are in UTC..# You do not need to edit this file.....Dormant 0..Guard in=default rsa_id=0EAAFDA08C5066DAB083B9D03980A3B9F3B54C5E nickname=biancacensori sampled_on=2024-05-17T07:59:33 sampled_idx=0 sampled_by=0.4.4.9 listed=1..Guard in=default rsa_id=5CDEC940C15EA7DABBFA8F58CD8945B875DA80C6 nickname=kikimora sampled_on=2024-05-15T02:28:26 sampled_idx=1 sampled_by=0.4.4.9 listed=1..Guard in=default rsa_id=FC1E441E097BA36930AA2F615EFB325AF76D2595 nickname=torcatgirlcloud sampled_on=2024-05-09T20:40:18 sampled_idx=2 sampled_by=0.4.4.9 listed=1..Guard in=default rsa_id=99839C211B81FE5D08D2E1E7EF0734EAFC013999 nickname=Unnamed sampled_on=2024-05-15T14:18:15 sampled_idx=3 sampled_by=0.4.4.9 listed=1..Guard in=default rsa_id=ECEA80FA730FE334D96FDABD2D6829DE52C3F849 nickname=Nightmare sampled_on=2024-05-16T18:47:44 sampled_idx=4 sampled_by=0.4.4.9 listed=1..Guard in=default rsa_id=53AD3B560F118E2D0B2433DD4F4

C:\Users\user\AppData\Local\Temp\4kPv6aJG8e\unverified-microdesc-consensus.tmp

Download File

Process:	C:\Users\user\Desktop\jXBjxhHQgR.exe
File Type:	ASCII text, with very long lines (1006)
Category:	dropped
Size (bytes):	2602942
Entropy (8bit):	5.609188387971644
Encrypted:	false
SSDEEP:	12288:ZrvOrwNzZoGSfoKbtYtJhx5x2MRexCMOqtsZAsCXByqX5Sb:ZrTNzRJBRMxOobsCAs5+
MD5:	85989AD48363B4F972FFFB50C90CD77F
SHA1:	0D1570E8EF32E485917011BA6BBFC313133D0D61
SHA-256:	C598182A7CA2FF63DCE744A72C5CF877DECDDD339A3AE88921B12D97C5F9C50D
SHA-512:	3C522410A466CA0F2C0286D5738E7FD28A2E0440281D091F363C60103B72B4D28C670A5CCD7986C8A8CF10E2DEF857EC5F628190FF873FEAD57FB4DA229F7181
Malicious:	false
Reputation:	low
Preview:	network-status-version 3 microdesc.vote-status consensus.consensus-method 33.valid-after 2024-05-20 07:00:00.fresh-until 2024-05-20 08:00:00.valid-until 2024-05-20 10:00:00.voting-delay 300 300.client-versions 0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9,0.4.8.10,0.4.8.11.server-versions 0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9,0.4.8.10,0.4.8.11.known-flags Authority BadExit Exit Fast Guard HSDir MiddleOnly NoEdConsensus Running Stable StaleDesc Sybil V2Dir Valid.recommended-client-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 Microdesc=2 Relay=2.recommended-relay-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 LinkAuth=3 Microdesc=2 Relay=2.required-client-protocols Cons=2 Desc=2 Link=4 Microdesc=2 Relay=2.required-relay-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 LinkAuth=3 Microdesc=2 Relay=2.params AuthDirMaxServersPerAdd

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.959914992966583
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	jXBjxhHQgR.exe
File size:	1'950'208 bytes
MD5:	8305c45696b7e6763ff343ca024682d1
SHA1:	b645f3fe56ac86ffde7d0e72ef48cd3eb4f48220
SHA256:	649a88ef17dafb0bd1f0d55e752de143e2428927dd5e754b65b5b4b251069c1e
SHA512:	0140f7b9f17ef4491e901eae2b6d882975e679594e1d208fc13e19bc88670b274f7b36f79f94a0f03baf1413c87aeb5cf42687d41ae4b85f9c98b7c38f54474a
SSDEEP:	49152:WlsJPNJLt1TzK2m8Q2AajccD1RTsTmeC2yHL+Hq:WOJPNJDm8Q2Q4Tf2Y6
TLSH:	C495230335D7C031E9B7C135582486F54A3BFC329923DADB676C2B0FA4761A28A376B5
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[7..:Y..:Y..:Y..h...:Y..h...:Y..h...:Y..B...:Y..:X..:Y.1....:Y..h...:Y.1....:Y.Rich.:Y.........................PE..L....[.c...

File Icon


Icon Hash:	71514529494c444b

Static PE Info

General

Entrypoint:	0x403d86
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x63F95BC9 [Sat Feb 25 00:52:25 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	37b83adc183001c9e38660b73f251c40

Entrypoint Preview

Instruction
call 00007F218C7DFB2Dh
jmp 00007F218C7DAEC4h
cmp ecx, dword ptr [00419428h]
jne 00007F218C7DB044h
rep ret
jmp 00007F218C7DFC9Ch
push ebp
mov ebp, esp
sub esp, 20h
push esi
push edi
push 00000008h
pop ecx
mov esi, 004130E0h
lea edi, dword ptr [ebp-20h]
rep movsd
mov esi, dword ptr [ebp+0Ch]
mov edi, dword ptr [ebp+08h]
test esi, esi
je 00007F218C7DB055h
test byte ptr [esi], 00000010h
je 00007F218C7DB050h
mov ecx, dword ptr [edi]
sub ecx, 04h
push ecx
mov eax, dword ptr [ecx]
mov esi, dword ptr [eax+18h]
call dword ptr [eax+20h]
mov dword ptr [ebp-08h], edi
mov dword ptr [ebp-04h], esi
test esi, esi
je 00007F218C7DB04Eh
test byte ptr [esi], 00000008h
je 00007F218C7DB049h
mov dword ptr [ebp-0Ch], 01994000h
lea eax, dword ptr [ebp-0Ch]
push eax
push dword ptr [ebp-10h]
push dword ptr [ebp-1Ch]
push dword ptr [ebp-20h]
call dword ptr [00412098h]
pop edi
pop esi
mov esp, ebp
pop ebp
retn 0008h
push eax
push dword ptr fs:[00000000h]
lea eax, dword ptr [esp+0Ch]
sub esp, dword ptr [esp+0Ch]
push ebx
push esi
push edi
mov dword ptr [eax], ebp
mov ebp, eax
mov eax, dword ptr [00419428h]
xor eax, ebp
push eax
mov dword ptr [ebp-10h], esp
push dword ptr [ebp-04h]
mov dword ptr [ebp-04h], FFFFFFFFh
lea eax, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], eax
ret
push ebp
mov ebp, esp
push esi
cld
mov esi, dword ptr [ebp+0Ch]
mov ecx, dword ptr [esi+08h]
xor ecx, esi
call 00007F218C7DAF8Bh
push 00000000h
push esi

Rich Headers

Programming Language:

[ASM] VS2013 build 21005
[ C ] VS2013 build 21005
[C++] VS2013 build 21005
[IMP] VS2008 SP1 build 30729
[RES] VS2013 build 21005
[LNK] VS2013 UPD5 build 40629

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x183d4	0x64	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x21b000	0xa810	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x18438	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x178b8	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x12000	0x164	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x10b33	0x10c00	a586dc1c1bcbae50023233037b66bb59	False	0.6024661847014925	data	6.705983144416262	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x12000	0x6bf2	0x6c00	34898aa02e7f8adb08110703eeb76928	False	0.3904079861111111	data	4.736117568977362	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x19000	0x201308	0x1b9c00	6e375cace8477e6abf70b8be6f6e553e	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x21b000	0xa810	0xaa00	991d710e835cc3a012f3f76b89f60075	False	0.45762867647058825	data	5.070490495297634	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
AFX_DIALOG_LAYOUT	0x222700	0x2	data			5.0
YUYE	0x221390	0x136f	ASCII text, with very long lines (4975), with no line terminators	Japanese	Japan	0.594572864321608
RT_CURSOR	0x222708	0x330	Device independent bitmap graphic, 48 x 96 x 1, image size 0			0.1948529411764706
RT_CURSOR	0x222a38	0x130	Device independent bitmap graphic, 32 x 64 x 1, image size 0			0.33223684210526316
RT_CURSOR	0x222b90	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0			0.2953091684434968
RT_CURSOR	0x223a38	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0			0.46705776173285196
RT_CURSOR	0x2242e0	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0			0.5361271676300579
RT_ICON	0x21b4f0	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Japanese	Japan	0.43230277185501065
RT_ICON	0x21c398	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Japanese	Japan	0.555956678700361
RT_ICON	0x21cc40	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Japanese	Japan	0.581221198156682
RT_ICON	0x21d308	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Japanese	Japan	0.601878612716763
RT_ICON	0x21d870	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Japanese	Japan	0.445643153526971
RT_ICON	0x21fe18	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Japanese	Japan	0.4915572232645403
RT_ICON	0x220ec0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Japanese	Japan	0.5203900709219859
RT_STRING	0x224ad0	0x42e	data	Japanese	Japan	0.4532710280373832
RT_STRING	0x224f00	0x66e	data	Japanese	Japan	0.43195625759416767
RT_STRING	0x225570	0x29a	StarOffice Gallery theme e, 0 objects	Japanese	Japan	0.48348348348348347
RT_GROUP_CURSOR	0x222b68	0x22	data			1.0294117647058822
RT_GROUP_CURSOR	0x224848	0x30	data			0.9375
RT_GROUP_ICON	0x221328	0x68	data	Japanese	Japan	0.6826923076923077
RT_VERSION	0x224878	0x258	data			0.535

Imports

DLL	Import
KERNEL32.dll	GetTickCount, TzSpecificLocalTimeToSystemTime, WriteConsoleW, GetSystemDirectoryA, SetComputerNameExW, IsBadStringPtrA, GetLastError, SetLastError, GetProcAddress, LoadLibraryA, GetConsoleAliasA, GetNumberFormatW, CreateEventW, RemoveDirectoryW, GetModuleFileNameA, BuildCommDCBA, VirtualProtect, PurgeComm, SetFileAttributesW, GetVolumeInformationW, CloseHandle, CreateFileW, GetStringTypeW, LocalAlloc, LoadLibraryExW, OutputDebugStringW, GetConsoleCP, IsProcessorFeaturePresent, EncodePointer, DecodePointer, ExitProcess, GetModuleHandleExW, AreFileApisANSI, MultiByteToWideChar, WideCharToMultiByte, GetCommandLineW, RaiseException, RtlUnwind, IsDebuggerPresent, HeapAlloc, HeapSize, EnterCriticalSection, LeaveCriticalSection, HeapFree, ReadFile, SetFilePointerEx, DeleteCriticalSection, UnhandledExceptionFilter, SetUnhandledExceptionFilter, InitializeCriticalSectionAndSpinCount, Sleep, GetCurrentProcess, TerminateProcess, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetModuleHandleW, GetStdHandle, WriteFile, GetModuleFileNameW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCurrentThreadId, GetProcessHeap, GetFileType, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, GetEnvironmentStringsW, FreeEnvironmentStringsW, HeapReAlloc, LCMapStringW, GetConsoleMode, ReadConsoleW, SetStdHandle, FlushFileBuffers, SetEndOfFile
USER32.dll	GetMenuItemID, ChangeDisplaySettingsW
GDI32.dll	GetCharWidthI
ole32.dll	CoMarshalHresult

Possible Origin

Language of compilation system	Country where language is spoken	Map
Japanese	Japan

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 20, 2024 09:23:04.537004948 CEST	49712	443	192.168.2.6	130.225.244.90
May 20, 2024 09:23:04.537048101 CEST	443	49712	130.225.244.90	192.168.2.6
May 20, 2024 09:23:04.537132978 CEST	49712	443	192.168.2.6	130.225.244.90
May 20, 2024 09:23:04.542603970 CEST	49712	443	192.168.2.6	130.225.244.90
May 20, 2024 09:23:04.542629957 CEST	443	49712	130.225.244.90	192.168.2.6
May 20, 2024 09:23:05.544045925 CEST	443	49712	130.225.244.90	192.168.2.6
May 20, 2024 09:23:05.544138908 CEST	49712	443	192.168.2.6	130.225.244.90
May 20, 2024 09:23:05.548300028 CEST	49712	443	192.168.2.6	130.225.244.90
May 20, 2024 09:23:05.548316956 CEST	443	49712	130.225.244.90	192.168.2.6
May 20, 2024 09:23:05.548748016 CEST	443	49712	130.225.244.90	192.168.2.6
May 20, 2024 09:23:05.548995972 CEST	49712	443	192.168.2.6	130.225.244.90
May 20, 2024 09:23:05.592114925 CEST	443	49712	130.225.244.90	192.168.2.6
May 20, 2024 09:23:06.407011986 CEST	49713	9001	192.168.2.6	147.92.88.67
May 20, 2024 09:23:06.482223988 CEST	9001	49713	147.92.88.67	192.168.2.6
May 20, 2024 09:23:06.482373953 CEST	49713	9001	192.168.2.6	147.92.88.67
May 20, 2024 09:23:06.483628035 CEST	49713	9001	192.168.2.6	147.92.88.67
May 20, 2024 09:23:06.498759985 CEST	9001	49713	147.92.88.67	192.168.2.6
May 20, 2024 09:23:07.408863068 CEST	49714	5092	192.168.2.6	195.123.209.91
May 20, 2024 09:23:07.438178062 CEST	5092	49714	195.123.209.91	192.168.2.6
May 20, 2024 09:23:07.438348055 CEST	49714	5092	192.168.2.6	195.123.209.91
May 20, 2024 09:23:07.442372084 CEST	49714	5092	192.168.2.6	195.123.209.91
May 20, 2024 09:23:07.450512886 CEST	5092	49714	195.123.209.91	192.168.2.6
May 20, 2024 09:23:14.861973047 CEST	9001	49713	147.92.88.67	192.168.2.6
May 20, 2024 09:23:14.862040997 CEST	49713	9001	192.168.2.6	147.92.88.67
May 20, 2024 09:23:14.862143040 CEST	49713	9001	192.168.2.6	147.92.88.67
May 20, 2024 09:23:14.862675905 CEST	49716	443	192.168.2.6	195.154.106.60
May 20, 2024 09:23:14.862704992 CEST	443	49716	195.154.106.60	192.168.2.6
May 20, 2024 09:23:14.862777948 CEST	49716	443	192.168.2.6	195.154.106.60
May 20, 2024 09:23:14.862910032 CEST	49717	443	192.168.2.6	45.66.33.45
May 20, 2024 09:23:14.862967014 CEST	443	49717	45.66.33.45	192.168.2.6
May 20, 2024 09:23:14.863023996 CEST	49716	443	192.168.2.6	195.154.106.60
May 20, 2024 09:23:14.863035917 CEST	443	49716	195.154.106.60	192.168.2.6
May 20, 2024 09:23:14.863059044 CEST	49717	443	192.168.2.6	45.66.33.45
May 20, 2024 09:23:14.863187075 CEST	49717	443	192.168.2.6	45.66.33.45
May 20, 2024 09:23:14.863198042 CEST	443	49717	45.66.33.45	192.168.2.6
May 20, 2024 09:23:14.915441036 CEST	9001	49713	147.92.88.67	192.168.2.6
May 20, 2024 09:23:15.717621088 CEST	443	49716	195.154.106.60	192.168.2.6
May 20, 2024 09:23:15.717767000 CEST	49716	443	192.168.2.6	195.154.106.60
May 20, 2024 09:23:15.737056017 CEST	49716	443	192.168.2.6	195.154.106.60
May 20, 2024 09:23:15.737081051 CEST	443	49716	195.154.106.60	192.168.2.6
May 20, 2024 09:23:15.737453938 CEST	443	49716	195.154.106.60	192.168.2.6
May 20, 2024 09:23:15.737632036 CEST	49716	443	192.168.2.6	195.154.106.60
May 20, 2024 09:23:15.780157089 CEST	443	49716	195.154.106.60	192.168.2.6
May 20, 2024 09:23:15.797590971 CEST	5092	49714	195.123.209.91	192.168.2.6
May 20, 2024 09:23:15.797678947 CEST	49714	5092	192.168.2.6	195.123.209.91
May 20, 2024 09:23:15.797919989 CEST	49714	5092	192.168.2.6	195.123.209.91
May 20, 2024 09:23:15.848534107 CEST	5092	49714	195.123.209.91	192.168.2.6
May 20, 2024 09:23:31.845134020 CEST	443	49717	45.66.33.45	192.168.2.6
May 20, 2024 09:23:31.845253944 CEST	49717	443	192.168.2.6	45.66.33.45
May 20, 2024 09:23:31.845383883 CEST	49717	443	192.168.2.6	45.66.33.45
May 20, 2024 09:23:31.845427990 CEST	443	49717	45.66.33.45	192.168.2.6
May 20, 2024 09:23:31.851613045 CEST	49725	9001	192.168.2.6	178.17.170.13
May 20, 2024 09:23:31.851752996 CEST	49726	443	192.168.2.6	154.35.175.225
May 20, 2024 09:23:31.851838112 CEST	443	49726	154.35.175.225	192.168.2.6
May 20, 2024 09:23:31.851917982 CEST	49726	443	192.168.2.6	154.35.175.225
May 20, 2024 09:23:31.856671095 CEST	9001	49725	178.17.170.13	192.168.2.6
May 20, 2024 09:23:31.856749058 CEST	49725	9001	192.168.2.6	178.17.170.13
May 20, 2024 09:23:31.856892109 CEST	49726	443	192.168.2.6	154.35.175.225
May 20, 2024 09:23:31.856928110 CEST	443	49726	154.35.175.225	192.168.2.6
May 20, 2024 09:23:31.857016087 CEST	49725	9001	192.168.2.6	178.17.170.13
May 20, 2024 09:23:31.908929110 CEST	9001	49725	178.17.170.13	192.168.2.6
May 20, 2024 09:23:33.625159025 CEST	9001	49725	178.17.170.13	192.168.2.6
May 20, 2024 09:23:33.625272989 CEST	49725	9001	192.168.2.6	178.17.170.13
May 20, 2024 09:23:33.625397921 CEST	49725	9001	192.168.2.6	178.17.170.13
May 20, 2024 09:23:33.686856985 CEST	9001	49725	178.17.170.13	192.168.2.6
May 20, 2024 09:23:48.788610935 CEST	443	49726	154.35.175.225	192.168.2.6
May 20, 2024 09:23:48.788737059 CEST	49726	443	192.168.2.6	154.35.175.225
May 20, 2024 09:23:48.788896084 CEST	49726	443	192.168.2.6	154.35.175.225
May 20, 2024 09:23:48.788913012 CEST	443	49726	154.35.175.225	192.168.2.6
May 20, 2024 09:23:48.806704044 CEST	49728	9001	192.168.2.6	185.82.217.49
May 20, 2024 09:23:48.806840897 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:48.819488049 CEST	9001	49728	185.82.217.49	192.168.2.6
May 20, 2024 09:23:48.819529057 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:48.819629908 CEST	49728	9001	192.168.2.6	185.82.217.49
May 20, 2024 09:23:48.819931984 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:48.819935083 CEST	49728	9001	192.168.2.6	185.82.217.49
May 20, 2024 09:23:48.820053101 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:48.833754063 CEST	9001	49728	185.82.217.49	192.168.2.6
May 20, 2024 09:23:48.833789110 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:49.526485920 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:49.530174971 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:49.535154104 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:49.589772940 CEST	9001	49728	185.82.217.49	192.168.2.6
May 20, 2024 09:23:49.593220949 CEST	49728	9001	192.168.2.6	185.82.217.49
May 20, 2024 09:23:49.603976011 CEST	9001	49728	185.82.217.49	192.168.2.6
May 20, 2024 09:23:49.764991999 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:49.765379906 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:49.784188986 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:49.936708927 CEST	9001	49728	185.82.217.49	192.168.2.6
May 20, 2024 09:23:49.963777065 CEST	49728	9001	192.168.2.6	185.82.217.49
May 20, 2024 09:23:49.980727911 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:49.985460997 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:49.985546112 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:49.990499020 CEST	9001	49728	185.82.217.49	192.168.2.6
May 20, 2024 09:23:49.993221998 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:49.998492956 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.204541922 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.204860926 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.209907055 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.417654037 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.418644905 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.418732882 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.419631004 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.419668913 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.419704914 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.419720888 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.421627045 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.421664953 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.421683073 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.423578978 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.423615932 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.423640013 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.425578117 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.425616026 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.425643921 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.427515030 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.427570105 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.428318024 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.428354025 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.428386927 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.428401947 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.468782902 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.503391027 CEST	9001	49728	185.82.217.49	192.168.2.6
May 20, 2024 09:23:50.508090019 CEST	9001	49728	185.82.217.49	192.168.2.6
May 20, 2024 09:23:50.508188963 CEST	49728	9001	192.168.2.6	185.82.217.49
May 20, 2024 09:23:50.518682003 CEST	49728	9001	192.168.2.6	185.82.217.49
May 20, 2024 09:23:50.526778936 CEST	9001	49728	185.82.217.49	192.168.2.6
May 20, 2024 09:23:50.526814938 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.527308941 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.527358055 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.528230906 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.529241085 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.529309988 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.530214071 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.531188965 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.531224966 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.531286955 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.532179117 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.532239914 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.532980919 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.533016920 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.533065081 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.534497976 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.534533978 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.534579992 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.534663916 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.536020994 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.536056042 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.536079884 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.536107063 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.537565947 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.537602901 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.537616968 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.537647009 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.539135933 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.539174080 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.539187908 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.539208889 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.539220095 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.539254904 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.540714979 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.540750980 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.540769100 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.540797949 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.542237043 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.542285919 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.591223955 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.591258049 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.591355085 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.636184931 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.636507988 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.636578083 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.637192011 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.637893915 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.637928009 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.637960911 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.638618946 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.638669968 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.639298916 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.640014887 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.640073061 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.640692949 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.640856981 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.641429901 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.641464949 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.641496897 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.641525030 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.642812967 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.642872095 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.643666983 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.643702030 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.643731117 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.643734932 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.643758059 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.643779039 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.644659996 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.644695044 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.644722939 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.644750118 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.645788908 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.645823956 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.645839930 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.645868063 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.646877050 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.646912098 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.646941900 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.646975040 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.648013115 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.648067951 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.648083925 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.648130894 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.648715973 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.648751020 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.648766994 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.648799896 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.649794102 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.649851084 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.650420904 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.650455952 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.650481939 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.650505066 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.651504993 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.651554108 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.651555061 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.652527094 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.652575970 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.653088093 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.653124094 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.653156996 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.653167009 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.653245926 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.654066086 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.654124022 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.654491901 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.654546022 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.659215927 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.703140020 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.710062027 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.752827883 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.752994061 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.753196955 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.753518105 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.754093885 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.754131079 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.754148006 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.755146027 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.755181074 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.755199909 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.756194115 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.756239891 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.756728888 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.756764889 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.756798029 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.756820917 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.757821083 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.757857084 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.757882118 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.758863926 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.758900881 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.758908033 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.759928942 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.759964943 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.759974003 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.760094881 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.760855913 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.760891914 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.760909081 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.760925055 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.760934114 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.760966063 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.761640072 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.761676073 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.761689901 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.761714935 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.762505054 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.762541056 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.762557983 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.762579918 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.763350010 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.763386011 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.763402939 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.763423920 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.764199972 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.764235020 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.764245987 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.764277935 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.765048981 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.765085936 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.765096903 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.765120983 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.765126944 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.765158892 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.765892982 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.765928030 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.765943050 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.765965939 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.766762018 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.766798019 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.766814947 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.766835928 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.767556906 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.767591953 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.767608881 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.767631054 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.768341064 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.768377066 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.768389940 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.768412113 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.768424988 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.768455029 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.769109011 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.769145966 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.769160986 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.769188881 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.769851923 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.769887924 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.769900084 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.769928932 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.770648003 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.770683050 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.770697117 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.770721912 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.771401882 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.771437883 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.771455050 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.771477938 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.772156954 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.772191048 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.772203922 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.772226095 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.772231102 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.772265911 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.772847891 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.772883892 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.772917032 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.772938013 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.773530960 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.773566008 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.773571014 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.773610115 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.773617029 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.781290054 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.790951014 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.843313932 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.858201981 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.858320951 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.858340979 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.858496904 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.858753920 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.858804941 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.859064102 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.859100103 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.859112024 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.859141111 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.859636068 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.859669924 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.859685898 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.859709024 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.860414028 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.860450029 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.860476017 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.860521078 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.861180067 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.861217976 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.861229897 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.861257076 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.861639023 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.861676931 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.861691952 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.861716032 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.862483978 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.862519979 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.862529039 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.862557888 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.863208055 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.863244057 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.863259077 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.863286018 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.864136934 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.864171982 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.864187002 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.864212036 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.864227057 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.864263058 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.864268064 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.864298105 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.864299059 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.864334106 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.864336014 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.864371061 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.864375114 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.864407063 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.864409924 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.864440918 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.864444971 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.864476919 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.865006924 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.865044117 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.865046978 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.865150928 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.865641117 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.865677118 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.865683079 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.865719080 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.865727901 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.865756989 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.865757942 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.865797997 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.866602898 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.866637945 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.866643906 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.866672039 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.866677999 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.866710901 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.867506027 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.867542028 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.867547989 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.867575884 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.867582083 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.867613077 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.868455887 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.868490934 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.868505001 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.868525028 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.868530989 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.868561983 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.868566036 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.868601084 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.869369984 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.869406939 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.869419098 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.869441032 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.869446039 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.869479895 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.870332003 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.870368004 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.870381117 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.870404005 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.870408058 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.870441914 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.871285915 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.871320963 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.871332884 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.871356964 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.871360064 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.871395111 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.871397972 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.871433973 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.872205973 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.872241974 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.872252941 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.872277021 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.872287989 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.872318983 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.873106003 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.873142004 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.873155117 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.873177052 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.873214960 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.873963118 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.873999119 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.874032021 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.874032974 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.874068975 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.874104977 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.874813080 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.874846935 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.874881029 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.874882936 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.875032902 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.875662088 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.875696898 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.875710964 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.875731945 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.875736952 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.875771046 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.876461983 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.876496077 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.876509905 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.876529932 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.876533031 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.876568079 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.876569033 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.876605034 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.877284050 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.877317905 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.877330065 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.877352953 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.877382040 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.877393007 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.878078938 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.878113031 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.878125906 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.878149986 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.878151894 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.878187895 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.878832102 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.878868103 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.878878117 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.878901005 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.878906965 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.878937960 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.878940105 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.878973961 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.878974915 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.879014969 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.879787922 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.879822969 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.879838943 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.879857063 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.879858971 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.879893064 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.879894972 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.879933119 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.880714893 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.880760908 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.883554935 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.883589029 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.883606911 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.890664101 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.897792101 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.897851944 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.937711954 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.949908972 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.949954987 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.949986935 CEST	9001	49728	185.82.217.49	192.168.2.6
May 20, 2024 09:23:50.950016022 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.950084925 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.954569101 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.965219975 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.965265989 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.965348005 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.965502024 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.965559006 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.965775967 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.965794086 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.965851068 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.966311932 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.966331005 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.966346025 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.966367006 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.966378927 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.966408014 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.967067957 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.967099905 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.967116117 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.967134953 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.967871904 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.967919111 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.968174934 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.968195915 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.968209982 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.968225956 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.968229055 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.968271017 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.968403101 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.968976974 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.969000101 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.969016075 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.969027042 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.969057083 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.969805956 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.969825029 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.969841957 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.969851971 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.969861031 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.969892979 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.970551968 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.970571995 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.970588923 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.970598936 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.970629930 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.971374035 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.971391916 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.971407890 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.971416950 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.971442938 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.972163916 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.972182035 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.972198009 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.972208023 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.972223997 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.972240925 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.972268105 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.972960949 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.972978115 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.972995043 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.973011971 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.973027945 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.973045111 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.973598003 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.973615885 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.973630905 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.973647118 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.973649979 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.973664999 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.973695993 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.974437952 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.974456072 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.974469900 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.974488020 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.974492073 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.974507093 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.974514961 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.974551916 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.975305080 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.975323915 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.975338936 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.975354910 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.975358963 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.975382090 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.975411892 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.976162910 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.976180077 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.976193905 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.976210117 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.976210117 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.976227045 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.976227999 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.976255894 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.976284027 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.976963997 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.976979971 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.976995945 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.977013111 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.977029085 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.981817961 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.984426975 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.995934010 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.995974064 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.996180058 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.996187925 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.996273994 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.996368885 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.996406078 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.996438980 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.996438980 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.996474981 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.996499062 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.998229027 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.998318911 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.998331070 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.998395920 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.998687983 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.998722076 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.998766899 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.998819113 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.998864889 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.999021053 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.999057055 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.999073029 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.999099970 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.999370098 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.999407053 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.999422073 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.999450922 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.999617100 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.999653101 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.999687910 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.999696016 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.999722958 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:50.999731064 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:50.999764919 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.000015974 CEST	49728	9001	192.168.2.6	185.82.217.49
May 20, 2024 09:23:51.000370026 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.000405073 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.000423908 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.000438929 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.000447035 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.000473976 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.000485897 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.000525951 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.000536919 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.000569105 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.000582933 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.000612974 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.001288891 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.001324892 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.001339912 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.001354933 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.001372099 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.001390934 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.001401901 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.001425982 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.001432896 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.001460075 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.001471043 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.001496077 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.001503944 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.001538992 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.002178907 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.002213955 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.002229929 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.002249956 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.002257109 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.002298117 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.002777100 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.002829075 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.002830982 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.002866030 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.002876997 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.002899885 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.002911091 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.002931118 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.002943993 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.002969980 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.002978086 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.003010988 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.003021002 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.003045082 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.003056049 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.003083944 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.003695965 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.003731012 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.003748894 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.003766060 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.003778934 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.003801107 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.003808975 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.003844023 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.003855944 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.003881931 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.003891945 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.003925085 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.008399963 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.015897989 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.067790985 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.076256037 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.076292992 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.076356888 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.076508045 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.076509953 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.076555967 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.076802015 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.076838970 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.076854944 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.076885939 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.077235937 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.077271938 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.077287912 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.077306986 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.077317953 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.077342987 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.077344894 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.077389002 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.077898979 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.077935934 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.077951908 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.077980995 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.077985048 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.078035116 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.078555107 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.078589916 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.078607082 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.078629971 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.078633070 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.078664064 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.078675985 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.078697920 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.078705072 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.078741074 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.079410076 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.079446077 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.079458952 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.079480886 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.079488993 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.079524994 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.080018997 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.080069065 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.080945969 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.080996990 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.085643053 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.091690063 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.091727018 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.091773987 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.091815948 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.091933012 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.091980934 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.092180967 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.092216969 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.092230082 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.092252016 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.092263937 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.092288017 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.092294931 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.092331886 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.092772961 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.092808008 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.092823029 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.092844009 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.092849970 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.092883110 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.092886925 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.092925072 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.093378067 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.093414068 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.093430996 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.093461037 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.093465090 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.093502998 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.093508959 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.093549013 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.094059944 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.094095945 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.094120026 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.094130039 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.094141006 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.094166040 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.094177008 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.094201088 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.094211102 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.094235897 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.094243050 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.094280958 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.094789982 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.094825983 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.094850063 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.094861031 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.094872952 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.094901085 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.095267057 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.095304012 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.095325947 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.095345020 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.095652103 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.095688105 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.095711946 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.095731974 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.095743895 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.095777988 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.095794916 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.095824957 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.096198082 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.096232891 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.096256018 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.096266031 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.096280098 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.096302032 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.096313953 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.096337080 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.096344948 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.096371889 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.096379042 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.096425056 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.097063065 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.097100019 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.097117901 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.097135067 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.097141981 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.097168922 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.097188950 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.097199917 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.097214937 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.097234964 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.097250938 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.097280979 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.097846985 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.097883940 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.097901106 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.097927094 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.098042011 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.112237930 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.112315893 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.112361908 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.112415075 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.112449884 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.112483025 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.112505913 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.112626076 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.112660885 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.112682104 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.112700939 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.112957954 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.112993956 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.113009930 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.113028049 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.113040924 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.113063097 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.113065004 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.113109112 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.113482952 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.113538027 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.113648891 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.113686085 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.113701105 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.113728046 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.113753080 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.113818884 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.113858938 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.113871098 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.113903046 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.114348888 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.114383936 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.114399910 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.114418030 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.114432096 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.114454031 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.114461899 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.114489079 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.114500999 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.114525080 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.114531040 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.114558935 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.114566088 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.114602089 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.115149021 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.115200043 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.115375996 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.115410089 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.115427017 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.115446091 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.115456104 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.115480900 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.115493059 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.115515947 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.115525007 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.115550995 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.115557909 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.115602970 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.116249084 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.116285086 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.116301060 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.116318941 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.116329908 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.116354942 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.116363049 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.116389990 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.116398096 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.116434097 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.116875887 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.116911888 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.116925955 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.116946936 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.116957903 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.116982937 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.116992950 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.117017984 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.117027044 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.117053032 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.117062092 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.117095947 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.117692947 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.117728949 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.117743015 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.117769003 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.125111103 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.130089998 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.180939913 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.187114000 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.187151909 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.187205076 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.187303066 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.187436104 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.187448025 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.187625885 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.187659979 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.187681913 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.187695980 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.187978029 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.188013077 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.188030005 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.188046932 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.188054085 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.188081980 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.188088894 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.188124895 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.188154936 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.188189983 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.188209057 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.188236952 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.188664913 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.188714027 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.188843012 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.188894987 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.188977957 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.189013004 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.189028978 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.189047098 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.189059019 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.189094067 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.189316988 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.189349890 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.189369917 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.189383984 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.189390898 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.189419985 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.189428091 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.189462900 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.191819906 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.191854000 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.191870928 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.191898108 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.196811914 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.211884975 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.211916924 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.211961985 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.212008953 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.212054014 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.212106943 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.212183952 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.212219954 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.212239027 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.212269068 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.212377071 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.212429047 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.212507963 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.212543964 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.212560892 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.212587118 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.212876081 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.212910891 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.212928057 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.212945938 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.212956905 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.212990046 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.213315010 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.213351011 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.213365078 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.213383913 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.213396072 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.213419914 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.213421106 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.213464975 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.213804960 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.213845015 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.213856936 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.213897943 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.213915110 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.213932991 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.213943005 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.213968039 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.213973999 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.214011908 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.214545965 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.214579105 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.214596033 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.214615107 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.214618921 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.214651108 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.214663982 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.214690924 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.214704037 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.214726925 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.214736938 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.214771032 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.215313911 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.215348959 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.215364933 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.215382099 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.215394974 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.215416908 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.215428114 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.215450048 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.215461016 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.215485096 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.215521097 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.215531111 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.215564013 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.216027975 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.216061115 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.216083050 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.216095924 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.216103077 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.216145039 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.216542006 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.216576099 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.216609955 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.216614008 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.216644049 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.216651917 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.216680050 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.216694117 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.216713905 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.216747999 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.216761112 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.216787100 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.217472076 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.217505932 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.217520952 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.259776115 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.259835958 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.264765978 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.291959047 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.292032957 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.292068005 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.292079926 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.292139053 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.292172909 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.292177916 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.292188883 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.292213917 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.292222023 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.292257071 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.292346001 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.292380095 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.292397976 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.292414904 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.292428017 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.292455912 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.292814970 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.292850018 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.292884111 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.292891026 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.292927980 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.293076992 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.293112040 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.293128967 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.293153048 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.293431997 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.293467999 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.293488979 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.293503046 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.293524027 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.293551922 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.293737888 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.293772936 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.293807030 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.293812990 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.293845892 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.293881893 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.293900967 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.294325113 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.294362068 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.294368029 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.294395924 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.294408083 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.294430971 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.294436932 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.294473886 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.294749975 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.294765949 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.294780970 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.294790030 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.294799089 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.294819117 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.294831038 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.294843912 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.295243979 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.295259953 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.295274019 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.295289993 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.295298100 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.295305967 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.295321941 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.295325994 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.295340061 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.295341969 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.295356989 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.295360088 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.295397997 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.296142101 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.296159029 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.296174049 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.296190023 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.296192884 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.296205997 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.296210051 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.296222925 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.296238899 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.296264887 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.296865940 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.296884060 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.296900034 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.296905041 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.296917915 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.296928883 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.296931028 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.296947956 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.296962976 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.297245979 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.297292948 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.303446054 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.320594072 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.320627928 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.320671082 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.320732117 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.320822001 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.320863008 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.320873022 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.320903063 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.323335886 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.323431969 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.323470116 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.323481083 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.323510885 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.323528051 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.323565960 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.323570967 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.323601961 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.323641062 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.323894978 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.323932886 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.323944092 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.323968887 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.323968887 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.324007034 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.324012041 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.324045897 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.324302912 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.324338913 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.324373960 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.324378014 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.324414015 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.324805975 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.324841976 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.324853897 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.324878931 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.324882030 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.324914932 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.324918985 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.324949026 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.324955940 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.324985027 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.324985981 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.325025082 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.325459003 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.325505972 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.336241961 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.336278915 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.336322069 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.336370945 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.336416006 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.336462975 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.336565971 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.336611032 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.340970039 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.341005087 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.341025114 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.341046095 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.363867044 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.363951921 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.412134886 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.431554079 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.436151981 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.436222076 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.481113911 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.481174946 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.856784105 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:51.862109900 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:51.866741896 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:52.219410896 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:52.219459057 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:52.219492912 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:52.219547987 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:52.224137068 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:52.224174023 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:52.224204063 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:52.265758038 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:52.272490978 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:52.272555113 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:52.329061031 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:52.329150915 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:52.329252958 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:52.329310894 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:52.334009886 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:52.334045887 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:52.334114075 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:52.378642082 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:52.379712105 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:52.379837990 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:52.384438038 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:52.384474039 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:52.384525061 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:52.491658926 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:52.546900034 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:54.581063032 CEST	49730	443	192.168.2.6	23.92.34.123
May 20, 2024 09:23:54.581115007 CEST	443	49730	23.92.34.123	192.168.2.6
May 20, 2024 09:23:54.581197023 CEST	49730	443	192.168.2.6	23.92.34.123
May 20, 2024 09:23:54.581413031 CEST	49731	443	192.168.2.6	38.154.240.58
May 20, 2024 09:23:54.581456900 CEST	443	49731	38.154.240.58	192.168.2.6
May 20, 2024 09:23:54.581511021 CEST	49731	443	192.168.2.6	38.154.240.58
May 20, 2024 09:23:54.710165977 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:54.710290909 CEST	49730	443	192.168.2.6	23.92.34.123
May 20, 2024 09:23:54.710315943 CEST	443	49730	23.92.34.123	192.168.2.6
May 20, 2024 09:23:54.710427999 CEST	49731	443	192.168.2.6	38.154.240.58
May 20, 2024 09:23:54.710445881 CEST	443	49731	38.154.240.58	192.168.2.6
May 20, 2024 09:23:54.717231989 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:54.924474001 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:54.926585913 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:54.926656008 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:54.931288004 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:54.984369993 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:55.019305944 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:55.033987999 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:55.034060955 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:55.038682938 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:55.093749046 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:23:55.191359043 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:23:55.234385967 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:24:15.514462948 CEST	443	49716	195.154.106.60	192.168.2.6
May 20, 2024 09:24:15.514697075 CEST	443	49716	195.154.106.60	192.168.2.6
May 20, 2024 09:24:15.514767885 CEST	49716	443	192.168.2.6	195.154.106.60
May 20, 2024 09:24:15.514889956 CEST	49716	443	192.168.2.6	195.154.106.60
May 20, 2024 09:24:15.514905930 CEST	443	49716	195.154.106.60	192.168.2.6
May 20, 2024 09:24:26.438680887 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:26.492939949 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:26.493129015 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:26.493417025 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:26.505181074 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:31.251528978 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:31.256028891 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:31.261068106 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:31.601099968 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:31.601641893 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:31.655019045 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.117599964 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.122309923 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.122435093 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.124124050 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.172612906 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.624176025 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.625999928 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.626085997 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.626085997 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.626182079 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.632013083 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.632117987 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.636980057 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.637012005 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.637039900 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.637068033 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.637095928 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.637109041 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.637109041 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.637109041 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.637125015 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.637141943 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.637154102 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.637182951 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.637211084 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.637212992 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.637212992 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.637238979 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.637259960 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.637259960 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.637269020 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.637298107 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.639328003 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.641732931 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.642597914 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.646447897 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.646476984 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.646506071 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.646533966 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.646549940 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.646550894 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.646562099 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.646579027 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.646589994 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.646617889 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.646641016 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.646645069 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.646675110 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.646696091 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.646696091 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.646703959 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.646951914 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.651352882 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.651652098 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.651652098 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.656075954 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.656122923 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.656146049 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.656152964 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.656182051 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.656183958 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.656183958 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.656210899 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.656239033 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.656266928 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.656275034 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.656275034 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.656296015 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.656323910 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.656358004 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.656358004 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.656373024 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.660856009 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.660886049 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.660947084 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.660948038 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.661880970 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.661957979 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.661987066 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.662015915 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.662045956 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.662065029 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.662065029 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.662075043 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.662105083 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.662132978 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.662159920 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.662178993 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.662178993 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.662189960 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.662204981 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.662218094 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.662245989 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.662272930 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.662300110 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.662327051 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.662328005 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.662327051 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.662358046 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.662385941 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.662395954 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.662395954 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.662415028 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.662442923 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.662471056 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.662488937 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.662488937 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.662488937 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.662499905 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.662925959 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.662926912 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.665601015 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.665671110 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.667969942 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.668000937 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.668029070 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.668057919 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.668086052 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.668107033 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.668107033 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.668131113 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.668149948 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.668160915 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.668189049 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.668215990 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.668243885 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.668271065 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.668292046 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.668292046 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.668298006 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.668327093 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.668354034 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.668380976 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.668390989 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.668390989 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.668390989 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.668390989 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.668411016 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.668438911 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.668467045 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.668493032 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.668519974 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.668533087 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.668533087 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.668549061 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.670497894 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.670531988 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.670561075 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.670588970 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.670615911 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.670643091 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.670670986 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.670697927 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.672010899 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.672010899 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.672039032 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.672039032 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.672158003 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.675276041 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.675306082 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.675333977 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.675362110 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.675390959 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.675420046 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.675432920 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.675432920 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.675446033 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.675447941 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.675455093 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.675455093 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.675473928 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.675487041 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.675504923 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.675533056 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.675559998 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.675587893 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.675615072 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.675626040 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.675626040 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.675642014 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.675657034 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.675668955 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.675697088 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.675724030 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.675750017 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.675751925 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.675781012 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.675800085 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.675807953 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.675841093 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.675906897 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.675924063 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.680069923 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.680116892 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.680145979 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.680146933 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.680176020 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.680203915 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.680232048 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.680258989 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.680288076 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.680300951 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.680300951 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.680316925 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.680346966 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.680373907 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.680399895 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.680402040 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.680402040 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.680429935 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.680459023 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.680485010 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.680509090 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.680509090 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.680512905 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.680535078 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.680541992 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.680903912 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.681478024 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.681507111 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.681535006 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.681562901 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.681590080 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.681617022 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.681643963 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.681670904 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.681698084 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.681725025 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.681751966 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.681766987 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.681780100 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.681808949 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.681837082 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.681864977 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.681891918 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.681917906 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.681945086 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.681972980 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.681999922 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.682028055 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.684798956 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.684833050 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.684860945 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.684887886 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.689574003 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.689601898 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.689630032 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.689657927 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.689686060 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.689713955 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.689743996 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.689773083 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.689800978 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.689827919 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.689857006 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.689883947 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.689912081 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.689939022 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.689965963 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.689994097 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.690021038 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.690047979 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.718806028 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.724827051 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.724862099 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.776951075 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.791575909 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.791660070 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.791661024 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.791691065 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.791790962 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.791790962 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.791836023 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.791836023 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.791888952 CEST	49728	9001	192.168.2.6	185.82.217.49
May 20, 2024 09:24:32.791930914 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.791932106 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.791943073 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.791960955 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.796622038 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.796717882 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:32.797513008 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.797542095 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.797570944 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.797599077 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.797626019 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.797652960 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.797681093 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.797708035 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.797734976 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.797763109 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.797790051 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.797816038 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.797844887 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.797873020 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.797899008 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.797928095 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.797955036 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.797981024 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.798007965 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.798034906 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.798062086 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.799273968 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.799304962 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.799333096 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.799362898 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.799390078 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.799417973 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.799444914 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.799472094 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.799498081 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.799525023 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.799554110 CEST	9001	49728	185.82.217.49	192.168.2.6
May 20, 2024 09:24:32.799581051 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.799592018 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.799618959 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.799647093 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.799674988 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.799701929 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.799729109 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.799756050 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.799783945 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.799809933 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.799839020 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.802284002 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.802314997 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.802344084 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.802371025 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.802397013 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.806085110 CEST	49728	9001	192.168.2.6	185.82.217.49
May 20, 2024 09:24:32.807100058 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:32.812206030 CEST	9001	49728	185.82.217.49	192.168.2.6
May 20, 2024 09:24:32.812262058 CEST	49728	9001	192.168.2.6	185.82.217.49
May 20, 2024 09:24:33.112925053 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.155231953 CEST	49731	443	192.168.2.6	38.154.240.58
May 20, 2024 09:24:33.155317068 CEST	49730	443	192.168.2.6	23.92.34.123
May 20, 2024 09:24:33.155349970 CEST	49712	443	192.168.2.6	130.225.244.90
May 20, 2024 09:24:33.155688047 CEST	443	49712	130.225.244.90	192.168.2.6
May 20, 2024 09:24:33.155764103 CEST	49712	443	192.168.2.6	130.225.244.90
May 20, 2024 09:24:33.171885967 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.196142912 CEST	443	49731	38.154.240.58	192.168.2.6
May 20, 2024 09:24:33.200115919 CEST	443	49730	23.92.34.123	192.168.2.6
May 20, 2024 09:24:33.327781916 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.327898026 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.327898026 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.327923059 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.328063965 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:24:33.333434105 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.333600044 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.338120937 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.338155031 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.338182926 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.338210106 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.338237047 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.338265896 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.338294029 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.338320971 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.338347912 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.338376045 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.338402987 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.338429928 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.338457108 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.338485003 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.338511944 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.338541031 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:24:33.343008041 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.393052101 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.437494040 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.447220087 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.466772079 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:24:33.489085913 CEST	80	49729	171.25.193.9	192.168.2.6
May 20, 2024 09:24:33.489157915 CEST	49729	80	192.168.2.6	171.25.193.9
May 20, 2024 09:24:33.504195929 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.554826021 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.620959044 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.622246981 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.622381926 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.624733925 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.624772072 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.624912024 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.627242088 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.627278090 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.627335072 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.627654076 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.629839897 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.630254030 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.631550074 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.633434057 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.633584023 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.634344101 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.639065027 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.639157057 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.651796103 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.656585932 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.656713009 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.659161091 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.660095930 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.660284042 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.661612034 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.703491926 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.725095034 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.725730896 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.725944996 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.727195024 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.727237940 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.727327108 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.730590105 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.730628967 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.730920076 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.772346020 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.773114920 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.773242950 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.774641037 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.776048899 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.776110888 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.777509928 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.778984070 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.779211998 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.780473948 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.781636000 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.781666040 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.781827927 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.783991098 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.784029961 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.784058094 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.784122944 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.786202908 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.787359953 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.787379026 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.789144993 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.789733887 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.789752960 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.789932966 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.792071104 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.792090893 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.792150974 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.794004917 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.794984102 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.795006037 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.795075893 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.795075893 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.831490040 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.832267046 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.832962036 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.833839893 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.833976030 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.834299088 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.835047007 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.836117029 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.837176085 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.837352991 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.838193893 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.838258028 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.838455915 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.842988968 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.843422890 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.876185894 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.876813889 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.877019882 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.877594948 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.881032944 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.881120920 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.925576925 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.928916931 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.929020882 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.929349899 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.930012941 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.930197001 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.931001902 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.931024075 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.931139946 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.931858063 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.932543993 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.932686090 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.933346987 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.934226990 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.934905052 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.935718060 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.936256886 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.936580896 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.936804056 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.937340975 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.937391043 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.937421083 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.942831993 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.942917109 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.943298101 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.944053888 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.944094896 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.944828033 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.944849014 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.944902897 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.946352005 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.947153091 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.947173119 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.947191000 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.947194099 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.947442055 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.948601961 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.949345112 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.949364901 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.949398041 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.950858116 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.950879097 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.950916052 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.952275038 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.952399969 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.953051090 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.953767061 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.953789949 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.953808069 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.953843117 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.953906059 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:33.958544970 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:33.999995947 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.017788887 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.062985897 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.067838907 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.067867041 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.069041967 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.081255913 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.081448078 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.081513882 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.082199097 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.082252026 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.082910061 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.082952023 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.082999945 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.083545923 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.083574057 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.084247112 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.084254980 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.084274054 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.084331036 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.085593939 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.085613012 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.085628033 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.085684061 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.086939096 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.086958885 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.087006092 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.088263988 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.088320971 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.088936090 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.088953972 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.088999987 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.090277910 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.090818882 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.090838909 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.091001034 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.091895103 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.091914892 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.091929913 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.091975927 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.092086077 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.092984915 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.093002081 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.093146086 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.094059944 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.094082117 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.094221115 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.095136881 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.095155001 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.095273018 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.096230984 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.096250057 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.096266031 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.096689939 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.097286940 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.097311020 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.097704887 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.098223925 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.098243952 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.098321915 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.099191904 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.099287987 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.102009058 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.116776943 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.118007898 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.122905016 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.172116995 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.174396992 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.234572887 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.245657921 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.245853901 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.245918989 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.246375084 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.246910095 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.246927023 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.246942043 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.247129917 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.247129917 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.247890949 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.248388052 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.248919010 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.248935938 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.249068975 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.249068975 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.249916077 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.249933958 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.249948978 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.249982119 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.250930071 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.250952005 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.251105070 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.251919031 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.251936913 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.252171993 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.252948046 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.252965927 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.253006935 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.253962040 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.253981113 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.254266024 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.254761934 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.254782915 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.254797935 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.255589008 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.255608082 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.256004095 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.256118059 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.256405115 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.256423950 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.256525040 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.257199049 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.257217884 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.257818937 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.258017063 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.258034945 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.258052111 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.258829117 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.258846045 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.259253025 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.259641886 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.259658098 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.259747982 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.260449886 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.260467052 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.260500908 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.261257887 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.261275053 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.261334896 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.262062073 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.262079000 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.262094975 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.262140036 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.262140036 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.262839079 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.262857914 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.263427019 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.263601065 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.263618946 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.263634920 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.263652086 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.263684034 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.263832092 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.264307022 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.264322996 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.264434099 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.272162914 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.272277117 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.272356033 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.276873112 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.276894093 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.277101040 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.282001972 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.282179117 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.282649040 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.282967091 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.282984972 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.283390045 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.283406019 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.283760071 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.283760071 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.283760071 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.283797979 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.283813953 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.284132957 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.284219027 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.284235954 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.285022020 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.285038948 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.285041094 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.285058022 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.285268068 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.285845995 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.285866022 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.285880089 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.286055088 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.286634922 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.286652088 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.286719084 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.287445068 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.287462950 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.287477016 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.287509918 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.287587881 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.288253069 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.288271904 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.288486958 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.289032936 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.289048910 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.289215088 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.323723078 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.323954105 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.355628967 CEST	9001	49735	148.251.41.235	192.168.2.6
May 20, 2024 09:24:34.406440020 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.444441080 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:34.444441080 CEST	49735	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:40.290323973 CEST	49736	443	192.168.2.6	23.92.34.123
May 20, 2024 09:24:40.290375948 CEST	443	49736	23.92.34.123	192.168.2.6
May 20, 2024 09:24:40.290596962 CEST	49736	443	192.168.2.6	23.92.34.123
May 20, 2024 09:24:40.290600061 CEST	49737	443	192.168.2.6	38.154.240.58
May 20, 2024 09:24:40.290642977 CEST	443	49737	38.154.240.58	192.168.2.6
May 20, 2024 09:24:40.290836096 CEST	49737	443	192.168.2.6	38.154.240.58
May 20, 2024 09:24:40.311719894 CEST	49736	443	192.168.2.6	23.92.34.123
May 20, 2024 09:24:40.311743975 CEST	443	49736	23.92.34.123	192.168.2.6
May 20, 2024 09:24:40.311841011 CEST	49737	443	192.168.2.6	38.154.240.58
May 20, 2024 09:24:40.311856031 CEST	443	49737	38.154.240.58	192.168.2.6
May 20, 2024 09:24:40.336066008 CEST	49738	1234	192.168.2.6	195.201.199.223
May 20, 2024 09:24:40.336368084 CEST	49739	666	192.168.2.6	192.99.228.114
May 20, 2024 09:24:40.336571932 CEST	49740	9001	192.168.2.6	51.210.103.252
May 20, 2024 09:24:40.336755037 CEST	49741	443	192.168.2.6	65.109.93.180
May 20, 2024 09:24:40.336770058 CEST	443	49741	65.109.93.180	192.168.2.6
May 20, 2024 09:24:40.336987972 CEST	49741	443	192.168.2.6	65.109.93.180
May 20, 2024 09:24:40.336997032 CEST	49742	9500	192.168.2.6	195.154.168.209
May 20, 2024 09:24:40.337188005 CEST	49743	443	192.168.2.6	88.216.223.2
May 20, 2024 09:24:40.337208986 CEST	443	49743	88.216.223.2	192.168.2.6
May 20, 2024 09:24:40.337343931 CEST	49743	443	192.168.2.6	88.216.223.2
May 20, 2024 09:24:40.337343931 CEST	49744	443	192.168.2.6	135.148.53.59
May 20, 2024 09:24:40.337363005 CEST	443	49744	135.148.53.59	192.168.2.6
May 20, 2024 09:24:40.337501049 CEST	49744	443	192.168.2.6	135.148.53.59
May 20, 2024 09:24:40.337549925 CEST	49745	443	192.168.2.6	162.251.116.82
May 20, 2024 09:24:40.337569952 CEST	443	49745	162.251.116.82	192.168.2.6
May 20, 2024 09:24:40.337688923 CEST	49746	9001	192.168.2.6	193.142.146.239
May 20, 2024 09:24:40.338043928 CEST	49747	443	192.168.2.6	95.217.199.55
May 20, 2024 09:24:40.338047028 CEST	49748	9100	192.168.2.6	145.239.41.102
May 20, 2024 09:24:40.338068008 CEST	443	49747	95.217.199.55	192.168.2.6
May 20, 2024 09:24:40.338206053 CEST	49747	443	192.168.2.6	95.217.199.55
May 20, 2024 09:24:40.338207006 CEST	49749	443	192.168.2.6	23.157.136.251
May 20, 2024 09:24:40.338228941 CEST	443	49749	23.157.136.251	192.168.2.6
May 20, 2024 09:24:40.338270903 CEST	49745	443	192.168.2.6	162.251.116.82
May 20, 2024 09:24:40.338345051 CEST	49749	443	192.168.2.6	23.157.136.251
May 20, 2024 09:24:40.338599920 CEST	49750	443	192.168.2.6	162.19.252.175
May 20, 2024 09:24:40.338603020 CEST	49751	443	192.168.2.6	89.168.70.178
May 20, 2024 09:24:40.338608980 CEST	443	49750	162.19.252.175	192.168.2.6
May 20, 2024 09:24:40.338624001 CEST	443	49751	89.168.70.178	192.168.2.6
May 20, 2024 09:24:40.338830948 CEST	49752	9001	192.168.2.6	107.189.8.12
May 20, 2024 09:24:40.338881969 CEST	49750	443	192.168.2.6	162.19.252.175
May 20, 2024 09:24:40.338881969 CEST	49751	443	192.168.2.6	89.168.70.178
May 20, 2024 09:24:40.341042995 CEST	1234	49738	195.201.199.223	192.168.2.6
May 20, 2024 09:24:40.341114998 CEST	49738	1234	192.168.2.6	195.201.199.223
May 20, 2024 09:24:40.346126080 CEST	666	49739	192.99.228.114	192.168.2.6
May 20, 2024 09:24:40.346527100 CEST	49739	666	192.168.2.6	192.99.228.114
May 20, 2024 09:24:40.350867987 CEST	9001	49740	51.210.103.252	192.168.2.6
May 20, 2024 09:24:40.350884914 CEST	9500	49742	195.154.168.209	192.168.2.6
May 20, 2024 09:24:40.350899935 CEST	9001	49746	193.142.146.239	192.168.2.6
May 20, 2024 09:24:40.350914001 CEST	9100	49748	145.239.41.102	192.168.2.6
May 20, 2024 09:24:40.350928068 CEST	9001	49752	107.189.8.12	192.168.2.6
May 20, 2024 09:24:40.350951910 CEST	49740	9001	192.168.2.6	51.210.103.252
May 20, 2024 09:24:40.350953102 CEST	49742	9500	192.168.2.6	195.154.168.209
May 20, 2024 09:24:40.351000071 CEST	49752	9001	192.168.2.6	107.189.8.12
May 20, 2024 09:24:40.351000071 CEST	49746	9001	192.168.2.6	193.142.146.239
May 20, 2024 09:24:40.351001978 CEST	49748	9100	192.168.2.6	145.239.41.102
May 20, 2024 09:24:40.354429007 CEST	49753	9001	192.168.2.6	144.217.32.158
May 20, 2024 09:24:40.354573011 CEST	49749	443	192.168.2.6	23.157.136.251
May 20, 2024 09:24:40.354588032 CEST	443	49749	23.157.136.251	192.168.2.6
May 20, 2024 09:24:40.354783058 CEST	49750	443	192.168.2.6	162.19.252.175
May 20, 2024 09:24:40.354799032 CEST	443	49750	162.19.252.175	192.168.2.6
May 20, 2024 09:24:40.354904890 CEST	49751	443	192.168.2.6	89.168.70.178
May 20, 2024 09:24:40.354921103 CEST	443	49751	89.168.70.178	192.168.2.6
May 20, 2024 09:24:40.354985952 CEST	49752	9001	192.168.2.6	107.189.8.12
May 20, 2024 09:24:40.355160952 CEST	49738	1234	192.168.2.6	195.201.199.223
May 20, 2024 09:24:40.355253935 CEST	49740	9001	192.168.2.6	51.210.103.252
May 20, 2024 09:24:40.355279922 CEST	49739	666	192.168.2.6	192.99.228.114
May 20, 2024 09:24:40.355356932 CEST	49741	443	192.168.2.6	65.109.93.180
May 20, 2024 09:24:40.355367899 CEST	443	49741	65.109.93.180	192.168.2.6
May 20, 2024 09:24:40.355592966 CEST	49743	443	192.168.2.6	88.216.223.2
May 20, 2024 09:24:40.355596066 CEST	49742	9500	192.168.2.6	195.154.168.209
May 20, 2024 09:24:40.355601072 CEST	443	49743	88.216.223.2	192.168.2.6
May 20, 2024 09:24:40.355829000 CEST	49744	443	192.168.2.6	135.148.53.59
May 20, 2024 09:24:40.355834007 CEST	443	49744	135.148.53.59	192.168.2.6
May 20, 2024 09:24:40.355989933 CEST	49746	9001	192.168.2.6	193.142.146.239
May 20, 2024 09:24:40.355990887 CEST	49747	443	192.168.2.6	95.217.199.55
May 20, 2024 09:24:40.356000900 CEST	443	49747	95.217.199.55	192.168.2.6
May 20, 2024 09:24:40.356106997 CEST	49748	9100	192.168.2.6	145.239.41.102
May 20, 2024 09:24:40.356129885 CEST	49745	443	192.168.2.6	162.251.116.82
May 20, 2024 09:24:40.356141090 CEST	443	49745	162.251.116.82	192.168.2.6
May 20, 2024 09:24:40.360270023 CEST	9001	49753	144.217.32.158	192.168.2.6
May 20, 2024 09:24:40.360570908 CEST	49753	9001	192.168.2.6	144.217.32.158
May 20, 2024 09:24:40.363728046 CEST	49736	443	192.168.2.6	23.92.34.123
May 20, 2024 09:24:40.363841057 CEST	49737	443	192.168.2.6	38.154.240.58
May 20, 2024 09:24:40.367840052 CEST	49753	9001	192.168.2.6	144.217.32.158
May 20, 2024 09:24:40.391932964 CEST	49754	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:40.404119015 CEST	443	49736	23.92.34.123	192.168.2.6
May 20, 2024 09:24:40.404122114 CEST	443	49737	38.154.240.58	192.168.2.6
May 20, 2024 09:24:40.408226013 CEST	49747	443	192.168.2.6	95.217.199.55
May 20, 2024 09:24:40.408477068 CEST	49751	443	192.168.2.6	89.168.70.178
May 20, 2024 09:24:40.408642054 CEST	49746	9001	192.168.2.6	193.142.146.239
May 20, 2024 09:24:40.408778906 CEST	49749	443	192.168.2.6	23.157.136.251
May 20, 2024 09:24:40.408848047 CEST	49752	9001	192.168.2.6	107.189.8.12
May 20, 2024 09:24:40.408889055 CEST	9001	49752	107.189.8.12	192.168.2.6
May 20, 2024 09:24:40.408895016 CEST	49745	443	192.168.2.6	162.251.116.82
May 20, 2024 09:24:40.408936024 CEST	49744	443	192.168.2.6	135.148.53.59
May 20, 2024 09:24:40.408953905 CEST	1234	49738	195.201.199.223	192.168.2.6
May 20, 2024 09:24:40.408970118 CEST	9001	49740	51.210.103.252	192.168.2.6
May 20, 2024 09:24:40.408982038 CEST	49748	9100	192.168.2.6	145.239.41.102
May 20, 2024 09:24:40.408984900 CEST	666	49739	192.99.228.114	192.168.2.6
May 20, 2024 09:24:40.409039021 CEST	9500	49742	195.154.168.209	192.168.2.6
May 20, 2024 09:24:40.409063101 CEST	49743	443	192.168.2.6	88.216.223.2
May 20, 2024 09:24:40.409071922 CEST	9001	49746	193.142.146.239	192.168.2.6
May 20, 2024 09:24:40.409077883 CEST	49750	443	192.168.2.6	162.19.252.175
May 20, 2024 09:24:40.409086943 CEST	9100	49748	145.239.41.102	192.168.2.6
May 20, 2024 09:24:40.409184933 CEST	49738	1234	192.168.2.6	195.201.199.223
May 20, 2024 09:24:40.409187078 CEST	49742	9500	192.168.2.6	195.154.168.209
May 20, 2024 09:24:40.409251928 CEST	49741	443	192.168.2.6	65.109.93.180
May 20, 2024 09:24:40.409251928 CEST	49753	9001	192.168.2.6	144.217.32.158
May 20, 2024 09:24:40.409348011 CEST	49740	9001	192.168.2.6	51.210.103.252
May 20, 2024 09:24:40.409663916 CEST	49739	666	192.168.2.6	192.99.228.114
May 20, 2024 09:24:40.413599968 CEST	9001	49753	144.217.32.158	192.168.2.6
May 20, 2024 09:24:40.413618088 CEST	9001	49754	148.251.41.235	192.168.2.6
May 20, 2024 09:24:40.413935900 CEST	49754	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:40.417588949 CEST	49754	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:40.431385040 CEST	49755	443	192.168.2.6	91.143.81.27
May 20, 2024 09:24:40.431427002 CEST	443	49755	91.143.81.27	192.168.2.6
May 20, 2024 09:24:40.431544065 CEST	49755	443	192.168.2.6	91.143.81.27
May 20, 2024 09:24:40.431706905 CEST	49756	9003	192.168.2.6	193.11.114.46
May 20, 2024 09:24:40.431744099 CEST	49757	443	192.168.2.6	135.148.150.100
May 20, 2024 09:24:40.431754112 CEST	443	49757	135.148.150.100	192.168.2.6
May 20, 2024 09:24:40.431910992 CEST	49758	9100	192.168.2.6	5.253.84.137
May 20, 2024 09:24:40.432117939 CEST	49757	443	192.168.2.6	135.148.150.100
May 20, 2024 09:24:40.432327032 CEST	49760	443	192.168.2.6	185.220.101.211
May 20, 2024 09:24:40.432332039 CEST	49759	443	192.168.2.6	5.45.98.188
May 20, 2024 09:24:40.432338953 CEST	443	49760	185.220.101.211	192.168.2.6
May 20, 2024 09:24:40.432370901 CEST	443	49759	5.45.98.188	192.168.2.6
May 20, 2024 09:24:40.432522058 CEST	49761	443	192.168.2.6	185.233.104.172
May 20, 2024 09:24:40.432545900 CEST	443	49761	185.233.104.172	192.168.2.6
May 20, 2024 09:24:40.432563066 CEST	49760	443	192.168.2.6	185.220.101.211
May 20, 2024 09:24:40.432564020 CEST	49759	443	192.168.2.6	5.45.98.188
May 20, 2024 09:24:40.432667017 CEST	49761	443	192.168.2.6	185.233.104.172
May 20, 2024 09:24:40.432878017 CEST	49762	443	192.168.2.6	83.212.72.189
May 20, 2024 09:24:40.432887077 CEST	443	49762	83.212.72.189	192.168.2.6
May 20, 2024 09:24:40.432984114 CEST	49762	443	192.168.2.6	83.212.72.189
May 20, 2024 09:24:40.433175087 CEST	49763	11154	192.168.2.6	185.220.101.154
May 20, 2024 09:24:40.433363914 CEST	49764	60443	192.168.2.6	85.93.254.36
May 20, 2024 09:24:40.433640003 CEST	49765	9001	192.168.2.6	91.234.199.232
May 20, 2024 09:24:40.433778048 CEST	49766	443	192.168.2.6	147.135.16.147
May 20, 2024 09:24:40.433789015 CEST	443	49766	147.135.16.147	192.168.2.6
May 20, 2024 09:24:40.433854103 CEST	49766	443	192.168.2.6	147.135.16.147
May 20, 2024 09:24:40.434937954 CEST	49767	9001	192.168.2.6	195.154.104.174
May 20, 2024 09:24:40.452133894 CEST	443	49750	162.19.252.175	192.168.2.6
May 20, 2024 09:24:40.452156067 CEST	443	49747	95.217.199.55	192.168.2.6
May 20, 2024 09:24:40.456104040 CEST	443	49741	65.109.93.180	192.168.2.6
May 20, 2024 09:24:40.456110001 CEST	443	49745	162.251.116.82	192.168.2.6
May 20, 2024 09:24:40.456110001 CEST	443	49743	88.216.223.2	192.168.2.6
May 20, 2024 09:24:40.456115007 CEST	443	49749	23.157.136.251	192.168.2.6
May 20, 2024 09:24:40.456121922 CEST	443	49751	89.168.70.178	192.168.2.6
May 20, 2024 09:24:40.456132889 CEST	443	49744	135.148.53.59	192.168.2.6
May 20, 2024 09:24:40.456860065 CEST	49768	443	192.168.2.6	147.135.64.217
May 20, 2024 09:24:40.456868887 CEST	443	49768	147.135.64.217	192.168.2.6
May 20, 2024 09:24:40.457039118 CEST	49768	443	192.168.2.6	147.135.64.217
May 20, 2024 09:24:40.457039118 CEST	49769	9001	192.168.2.6	193.105.134.186
May 20, 2024 09:24:40.457278967 CEST	49770	46856	192.168.2.6	217.194.154.18
May 20, 2024 09:24:40.457279921 CEST	49771	80	192.168.2.6	95.217.112.218
May 20, 2024 09:24:40.457479000 CEST	49760	443	192.168.2.6	185.220.101.211
May 20, 2024 09:24:40.457480907 CEST	49761	443	192.168.2.6	185.233.104.172
May 20, 2024 09:24:40.457489014 CEST	443	49760	185.220.101.211	192.168.2.6
May 20, 2024 09:24:40.457494974 CEST	443	49761	185.233.104.172	192.168.2.6
May 20, 2024 09:24:40.457637072 CEST	49762	443	192.168.2.6	83.212.72.189
May 20, 2024 09:24:40.457640886 CEST	49766	443	192.168.2.6	147.135.16.147
May 20, 2024 09:24:40.457650900 CEST	443	49766	147.135.16.147	192.168.2.6
May 20, 2024 09:24:40.457650900 CEST	443	49762	83.212.72.189	192.168.2.6
May 20, 2024 09:24:40.457803011 CEST	49755	443	192.168.2.6	91.143.81.27
May 20, 2024 09:24:40.457849026 CEST	443	49755	91.143.81.27	192.168.2.6
May 20, 2024 09:24:40.457881927 CEST	49759	443	192.168.2.6	5.45.98.188
May 20, 2024 09:24:40.457885027 CEST	49757	443	192.168.2.6	135.148.150.100
May 20, 2024 09:24:40.457890987 CEST	443	49757	135.148.150.100	192.168.2.6
May 20, 2024 09:24:40.457895041 CEST	443	49759	5.45.98.188	192.168.2.6
May 20, 2024 09:24:40.463758945 CEST	9001	49740	51.210.103.252	192.168.2.6
May 20, 2024 09:24:40.463774920 CEST	9001	49753	144.217.32.158	192.168.2.6
May 20, 2024 09:24:40.463812113 CEST	9500	49742	195.154.168.209	192.168.2.6
May 20, 2024 09:24:40.463829041 CEST	1234	49738	195.201.199.223	192.168.2.6
May 20, 2024 09:24:40.463843107 CEST	9100	49748	145.239.41.102	192.168.2.6
May 20, 2024 09:24:40.463855982 CEST	9001	49752	107.189.8.12	192.168.2.6
May 20, 2024 09:24:40.463870049 CEST	9001	49746	193.142.146.239	192.168.2.6
May 20, 2024 09:24:40.463886023 CEST	666	49739	192.99.228.114	192.168.2.6
May 20, 2024 09:24:40.463970900 CEST	49754	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:40.466269016 CEST	49768	443	192.168.2.6	147.135.64.217
May 20, 2024 09:24:40.466279984 CEST	443	49768	147.135.64.217	192.168.2.6
May 20, 2024 09:24:40.490124941 CEST	49772	8443	192.168.2.6	15.204.140.9
May 20, 2024 09:24:40.490127087 CEST	49773	9001	192.168.2.6	134.102.200.101
May 20, 2024 09:24:40.490329027 CEST	49774	443	192.168.2.6	176.107.176.31
May 20, 2024 09:24:40.490339994 CEST	443	49774	176.107.176.31	192.168.2.6
May 20, 2024 09:24:40.490488052 CEST	49774	443	192.168.2.6	176.107.176.31
May 20, 2024 09:24:40.490731955 CEST	49775	9001	192.168.2.6	51.222.24.62
May 20, 2024 09:24:40.490731955 CEST	49776	9001	192.168.2.6	135.148.54.98
May 20, 2024 09:24:40.490732908 CEST	49777	13443	192.168.2.6	185.243.218.202
May 20, 2024 09:24:40.491013050 CEST	49778	443	192.168.2.6	147.135.31.134
May 20, 2024 09:24:40.491014957 CEST	49779	9100	192.168.2.6	15.204.234.61
May 20, 2024 09:24:40.491022110 CEST	443	49778	147.135.31.134	192.168.2.6
May 20, 2024 09:24:40.491275072 CEST	49780	443	192.168.2.6	46.20.35.116
May 20, 2024 09:24:40.491288900 CEST	443	49780	46.20.35.116	192.168.2.6
May 20, 2024 09:24:40.491313934 CEST	49778	443	192.168.2.6	147.135.31.134
May 20, 2024 09:24:40.491420031 CEST	49781	8443	192.168.2.6	185.220.101.196
May 20, 2024 09:24:40.491622925 CEST	49783	9001	192.168.2.6	65.21.195.87
May 20, 2024 09:24:40.491622925 CEST	49782	9001	192.168.2.6	89.58.34.53
May 20, 2024 09:24:40.491755009 CEST	9001	49754	148.251.41.235	192.168.2.6
May 20, 2024 09:24:40.491771936 CEST	9003	49756	193.11.114.46	192.168.2.6
May 20, 2024 09:24:40.491782904 CEST	49784	2087	192.168.2.6	202.61.237.56
May 20, 2024 09:24:40.491786003 CEST	9100	49758	5.253.84.137	192.168.2.6
May 20, 2024 09:24:40.491801023 CEST	11154	49763	185.220.101.154	192.168.2.6
May 20, 2024 09:24:40.491816044 CEST	60443	49764	85.93.254.36	192.168.2.6
May 20, 2024 09:24:40.491830111 CEST	9001	49765	91.234.199.232	192.168.2.6
May 20, 2024 09:24:40.491832018 CEST	49780	443	192.168.2.6	46.20.35.116
May 20, 2024 09:24:40.491843939 CEST	9001	49767	195.154.104.174	192.168.2.6
May 20, 2024 09:24:40.491858006 CEST	9001	49769	193.105.134.186	192.168.2.6
May 20, 2024 09:24:40.491872072 CEST	46856	49770	217.194.154.18	192.168.2.6
May 20, 2024 09:24:40.491877079 CEST	80	49771	95.217.112.218	192.168.2.6
May 20, 2024 09:24:40.491976023 CEST	49756	9003	192.168.2.6	193.11.114.46
May 20, 2024 09:24:40.491976023 CEST	49758	9100	192.168.2.6	5.253.84.137
May 20, 2024 09:24:40.491986990 CEST	49767	9001	192.168.2.6	195.154.104.174
May 20, 2024 09:24:40.491987944 CEST	49764	60443	192.168.2.6	85.93.254.36
May 20, 2024 09:24:40.492032051 CEST	49769	9001	192.168.2.6	193.105.134.186
May 20, 2024 09:24:40.492032051 CEST	49770	46856	192.168.2.6	217.194.154.18
May 20, 2024 09:24:40.492032051 CEST	49771	80	192.168.2.6	95.217.112.218
May 20, 2024 09:24:40.492145061 CEST	49763	11154	192.168.2.6	185.220.101.154
May 20, 2024 09:24:40.492146015 CEST	49765	9001	192.168.2.6	91.234.199.232
May 20, 2024 09:24:40.497850895 CEST	49756	9003	192.168.2.6	193.11.114.46
May 20, 2024 09:24:40.497885942 CEST	49758	9100	192.168.2.6	5.253.84.137
May 20, 2024 09:24:40.497885942 CEST	49765	9001	192.168.2.6	91.234.199.232
May 20, 2024 09:24:40.497888088 CEST	49767	9001	192.168.2.6	195.154.104.174
May 20, 2024 09:24:40.497961998 CEST	49764	60443	192.168.2.6	85.93.254.36
May 20, 2024 09:24:40.498569965 CEST	49774	443	192.168.2.6	176.107.176.31
May 20, 2024 09:24:40.498569965 CEST	49769	9001	192.168.2.6	193.105.134.186
May 20, 2024 09:24:40.498583078 CEST	443	49774	176.107.176.31	192.168.2.6
May 20, 2024 09:24:40.498739958 CEST	49778	443	192.168.2.6	147.135.31.134
May 20, 2024 09:24:40.498750925 CEST	443	49778	147.135.31.134	192.168.2.6
May 20, 2024 09:24:40.498919010 CEST	49771	80	192.168.2.6	95.217.112.218
May 20, 2024 09:24:40.498920918 CEST	49763	11154	192.168.2.6	185.220.101.154
May 20, 2024 09:24:40.498920918 CEST	49780	443	192.168.2.6	46.20.35.116
May 20, 2024 09:24:40.498943090 CEST	443	49780	46.20.35.116	192.168.2.6
May 20, 2024 09:24:40.499053001 CEST	49770	46856	192.168.2.6	217.194.154.18
May 20, 2024 09:24:40.501264095 CEST	8443	49772	15.204.140.9	192.168.2.6
May 20, 2024 09:24:40.501280069 CEST	9001	49773	134.102.200.101	192.168.2.6
May 20, 2024 09:24:40.501292944 CEST	13443	49777	185.243.218.202	192.168.2.6
May 20, 2024 09:24:40.501307011 CEST	9001	49775	51.222.24.62	192.168.2.6
May 20, 2024 09:24:40.501319885 CEST	9001	49776	135.148.54.98	192.168.2.6
May 20, 2024 09:24:40.501334906 CEST	9100	49779	15.204.234.61	192.168.2.6
May 20, 2024 09:24:40.501348019 CEST	49772	8443	192.168.2.6	15.204.140.9
May 20, 2024 09:24:40.501348972 CEST	8443	49781	185.220.101.196	192.168.2.6
May 20, 2024 09:24:40.501363993 CEST	9001	49783	65.21.195.87	192.168.2.6
May 20, 2024 09:24:40.501369953 CEST	9001	49782	89.58.34.53	192.168.2.6
May 20, 2024 09:24:40.501374960 CEST	2087	49784	202.61.237.56	192.168.2.6
May 20, 2024 09:24:40.501434088 CEST	49777	13443	192.168.2.6	185.243.218.202
May 20, 2024 09:24:40.501435041 CEST	49773	9001	192.168.2.6	134.102.200.101
May 20, 2024 09:24:40.501475096 CEST	49779	9100	192.168.2.6	15.204.234.61
May 20, 2024 09:24:40.501487017 CEST	49781	8443	192.168.2.6	185.220.101.196
May 20, 2024 09:24:40.501568079 CEST	49783	9001	192.168.2.6	65.21.195.87
May 20, 2024 09:24:40.501568079 CEST	49775	9001	192.168.2.6	51.222.24.62
May 20, 2024 09:24:40.501568079 CEST	49784	2087	192.168.2.6	202.61.237.56
May 20, 2024 09:24:40.501566887 CEST	49782	9001	192.168.2.6	89.58.34.53
May 20, 2024 09:24:40.501568079 CEST	49776	9001	192.168.2.6	135.148.54.98
May 20, 2024 09:24:40.503865004 CEST	49772	8443	192.168.2.6	15.204.140.9
May 20, 2024 09:24:40.510852098 CEST	9003	49756	193.11.114.46	192.168.2.6
May 20, 2024 09:24:40.510868073 CEST	9001	49769	193.105.134.186	192.168.2.6
May 20, 2024 09:24:40.510881901 CEST	80	49771	95.217.112.218	192.168.2.6
May 20, 2024 09:24:40.510915041 CEST	46856	49770	217.194.154.18	192.168.2.6
May 20, 2024 09:24:40.510938883 CEST	49756	9003	192.168.2.6	193.11.114.46
May 20, 2024 09:24:40.510960102 CEST	9100	49758	5.253.84.137	192.168.2.6
May 20, 2024 09:24:40.510973930 CEST	9001	49767	195.154.104.174	192.168.2.6
May 20, 2024 09:24:40.510987043 CEST	9001	49765	91.234.199.232	192.168.2.6
May 20, 2024 09:24:40.511001110 CEST	60443	49764	85.93.254.36	192.168.2.6
May 20, 2024 09:24:40.511013031 CEST	49758	9100	192.168.2.6	5.253.84.137
May 20, 2024 09:24:40.511014938 CEST	11154	49763	185.220.101.154	192.168.2.6
May 20, 2024 09:24:40.511024952 CEST	49767	9001	192.168.2.6	195.154.104.174
May 20, 2024 09:24:40.511070967 CEST	49764	60443	192.168.2.6	85.93.254.36
May 20, 2024 09:24:40.511106968 CEST	49763	11154	192.168.2.6	185.220.101.154
May 20, 2024 09:24:40.511136055 CEST	49765	9001	192.168.2.6	91.234.199.232
May 20, 2024 09:24:40.515769958 CEST	8443	49772	15.204.140.9	192.168.2.6
May 20, 2024 09:24:40.530699015 CEST	49786	443	192.168.2.6	98.115.87.163
May 20, 2024 09:24:40.530713081 CEST	443	49786	98.115.87.163	192.168.2.6
May 20, 2024 09:24:40.530980110 CEST	49787	443	192.168.2.6	77.162.229.73
May 20, 2024 09:24:40.530982971 CEST	49785	9001	192.168.2.6	109.104.152.127
May 20, 2024 09:24:40.530985117 CEST	443	49787	77.162.229.73	192.168.2.6
May 20, 2024 09:24:40.531042099 CEST	49786	443	192.168.2.6	98.115.87.163
May 20, 2024 09:24:40.531042099 CEST	49787	443	192.168.2.6	77.162.229.73
May 20, 2024 09:24:40.531444073 CEST	49784	2087	192.168.2.6	202.61.237.56
May 20, 2024 09:24:40.531582117 CEST	49783	9001	192.168.2.6	65.21.195.87
May 20, 2024 09:24:40.531594992 CEST	49775	9001	192.168.2.6	51.222.24.62
May 20, 2024 09:24:40.531677961 CEST	49781	8443	192.168.2.6	185.220.101.196
May 20, 2024 09:24:40.531801939 CEST	49777	13443	192.168.2.6	185.243.218.202
May 20, 2024 09:24:40.531966925 CEST	49773	9001	192.168.2.6	134.102.200.101
May 20, 2024 09:24:40.532116890 CEST	49776	9001	192.168.2.6	135.148.54.98
May 20, 2024 09:24:40.532134056 CEST	49786	443	192.168.2.6	98.115.87.163
May 20, 2024 09:24:40.532143116 CEST	443	49786	98.115.87.163	192.168.2.6
May 20, 2024 09:24:40.532145023 CEST	49779	9100	192.168.2.6	15.204.234.61
May 20, 2024 09:24:40.532277107 CEST	49787	443	192.168.2.6	77.162.229.73
May 20, 2024 09:24:40.532283068 CEST	49782	9001	192.168.2.6	89.58.34.53
May 20, 2024 09:24:40.532286882 CEST	443	49787	77.162.229.73	192.168.2.6
May 20, 2024 09:24:40.538158894 CEST	49760	443	192.168.2.6	185.220.101.211
May 20, 2024 09:24:40.538271904 CEST	49755	443	192.168.2.6	91.143.81.27
May 20, 2024 09:24:40.538656950 CEST	49766	443	192.168.2.6	147.135.16.147
May 20, 2024 09:24:40.538660049 CEST	49761	443	192.168.2.6	185.233.104.172
May 20, 2024 09:24:40.538727045 CEST	49768	443	192.168.2.6	147.135.64.217
May 20, 2024 09:24:40.538727999 CEST	49762	443	192.168.2.6	83.212.72.189
May 20, 2024 09:24:40.538729906 CEST	49757	443	192.168.2.6	135.148.150.100
May 20, 2024 09:24:40.538814068 CEST	49759	443	192.168.2.6	5.45.98.188
May 20, 2024 09:24:40.540658951 CEST	9001	49785	109.104.152.127	192.168.2.6
May 20, 2024 09:24:40.540678978 CEST	2087	49784	202.61.237.56	192.168.2.6
May 20, 2024 09:24:40.540693998 CEST	9001	49783	65.21.195.87	192.168.2.6
May 20, 2024 09:24:40.540709019 CEST	9001	49775	51.222.24.62	192.168.2.6
May 20, 2024 09:24:40.540730000 CEST	8443	49781	185.220.101.196	192.168.2.6
May 20, 2024 09:24:40.540744066 CEST	13443	49777	185.243.218.202	192.168.2.6
May 20, 2024 09:24:40.540759087 CEST	9001	49754	148.251.41.235	192.168.2.6
May 20, 2024 09:24:40.543297052 CEST	49788	9001	192.168.2.6	45.141.57.69
May 20, 2024 09:24:40.543297052 CEST	49785	9001	192.168.2.6	109.104.152.127
May 20, 2024 09:24:40.548121929 CEST	9001	49773	134.102.200.101	192.168.2.6
May 20, 2024 09:24:40.548139095 CEST	9001	49776	135.148.54.98	192.168.2.6
May 20, 2024 09:24:40.548154116 CEST	9100	49779	15.204.234.61	192.168.2.6
May 20, 2024 09:24:40.548167944 CEST	9001	49782	89.58.34.53	192.168.2.6
May 20, 2024 09:24:40.552803040 CEST	9001	49788	45.141.57.69	192.168.2.6
May 20, 2024 09:24:40.554246902 CEST	49788	9001	192.168.2.6	45.141.57.69
May 20, 2024 09:24:40.562228918 CEST	49789	443	192.168.2.6	23.92.34.123
May 20, 2024 09:24:40.562253952 CEST	443	49789	23.92.34.123	192.168.2.6
May 20, 2024 09:24:40.562412977 CEST	49789	443	192.168.2.6	23.92.34.123
May 20, 2024 09:24:40.562484026 CEST	49790	9001	192.168.2.6	96.234.180.68
May 20, 2024 09:24:40.562597036 CEST	49791	9001	192.168.2.6	84.247.164.65
May 20, 2024 09:24:40.562870979 CEST	49792	9001	192.168.2.6	5.255.109.214
May 20, 2024 09:24:40.562971115 CEST	49793	443	192.168.2.6	142.44.247.102
May 20, 2024 09:24:40.562978983 CEST	443	49793	142.44.247.102	192.168.2.6
May 20, 2024 09:24:40.563357115 CEST	49795	8080	192.168.2.6	51.89.17.143
May 20, 2024 09:24:40.563359022 CEST	49794	9001	192.168.2.6	37.1.204.243
May 20, 2024 09:24:40.563566923 CEST	49793	443	192.168.2.6	142.44.247.102
May 20, 2024 09:24:40.563570023 CEST	49796	443	192.168.2.6	51.81.93.39
May 20, 2024 09:24:40.563587904 CEST	443	49796	51.81.93.39	192.168.2.6
May 20, 2024 09:24:40.563724041 CEST	49796	443	192.168.2.6	51.81.93.39
May 20, 2024 09:24:40.563803911 CEST	49797	443	192.168.2.6	62.210.123.24
May 20, 2024 09:24:40.563811064 CEST	443	49797	62.210.123.24	192.168.2.6
May 20, 2024 09:24:40.563874006 CEST	49797	443	192.168.2.6	62.210.123.24
May 20, 2024 09:24:40.564039946 CEST	49785	9001	192.168.2.6	109.104.152.127
May 20, 2024 09:24:40.564040899 CEST	49788	9001	192.168.2.6	45.141.57.69
May 20, 2024 09:24:40.567358971 CEST	9001	49790	96.234.180.68	192.168.2.6
May 20, 2024 09:24:40.568135023 CEST	49790	9001	192.168.2.6	96.234.180.68
May 20, 2024 09:24:40.572300911 CEST	9001	49791	84.247.164.65	192.168.2.6
May 20, 2024 09:24:40.573229074 CEST	49791	9001	192.168.2.6	84.247.164.65
May 20, 2024 09:24:40.577035904 CEST	9001	49792	5.255.109.214	192.168.2.6
May 20, 2024 09:24:40.577050924 CEST	9001	49794	37.1.204.243	192.168.2.6
May 20, 2024 09:24:40.577064991 CEST	8080	49795	51.89.17.143	192.168.2.6
May 20, 2024 09:24:40.577079058 CEST	9001	49785	109.104.152.127	192.168.2.6
May 20, 2024 09:24:40.577091932 CEST	9001	49788	45.141.57.69	192.168.2.6
May 20, 2024 09:24:40.577102900 CEST	49792	9001	192.168.2.6	5.255.109.214
May 20, 2024 09:24:40.577143908 CEST	49794	9001	192.168.2.6	37.1.204.243
May 20, 2024 09:24:40.577143908 CEST	49795	8080	192.168.2.6	51.89.17.143
May 20, 2024 09:24:40.584105968 CEST	443	49762	83.212.72.189	192.168.2.6
May 20, 2024 09:24:40.584106922 CEST	443	49755	91.143.81.27	192.168.2.6
May 20, 2024 09:24:40.584106922 CEST	443	49757	135.148.150.100	192.168.2.6
May 20, 2024 09:24:40.584110975 CEST	443	49768	147.135.64.217	192.168.2.6
May 20, 2024 09:24:40.584119081 CEST	443	49766	147.135.16.147	192.168.2.6
May 20, 2024 09:24:40.584131002 CEST	443	49759	5.45.98.188	192.168.2.6
May 20, 2024 09:24:40.584131956 CEST	443	49761	185.233.104.172	192.168.2.6
May 20, 2024 09:24:40.584137917 CEST	443	49760	185.220.101.211	192.168.2.6
May 20, 2024 09:24:40.589095116 CEST	49774	443	192.168.2.6	176.107.176.31
May 20, 2024 09:24:40.589095116 CEST	49771	80	192.168.2.6	95.217.112.218
May 20, 2024 09:24:40.589215994 CEST	49772	8443	192.168.2.6	15.204.140.9
May 20, 2024 09:24:40.589339972 CEST	49769	9001	192.168.2.6	193.105.134.186
May 20, 2024 09:24:40.589413881 CEST	49778	443	192.168.2.6	147.135.31.134
May 20, 2024 09:24:40.589413881 CEST	49770	46856	192.168.2.6	217.194.154.18
May 20, 2024 09:24:40.589492083 CEST	49780	443	192.168.2.6	46.20.35.116
May 20, 2024 09:24:40.589992046 CEST	49791	9001	192.168.2.6	84.247.164.65
May 20, 2024 09:24:40.590173006 CEST	49793	443	192.168.2.6	142.44.247.102
May 20, 2024 09:24:40.590183020 CEST	49792	9001	192.168.2.6	5.255.109.214
May 20, 2024 09:24:40.590183973 CEST	443	49793	142.44.247.102	192.168.2.6
May 20, 2024 09:24:40.590199947 CEST	49789	443	192.168.2.6	23.92.34.123
May 20, 2024 09:24:40.590212107 CEST	443	49789	23.92.34.123	192.168.2.6
May 20, 2024 09:24:40.590363026 CEST	49795	8080	192.168.2.6	51.89.17.143
May 20, 2024 09:24:40.590363979 CEST	49794	9001	192.168.2.6	37.1.204.243
May 20, 2024 09:24:40.590390921 CEST	49790	9001	192.168.2.6	96.234.180.68
May 20, 2024 09:24:40.590457916 CEST	49797	443	192.168.2.6	62.210.123.24
May 20, 2024 09:24:40.590466022 CEST	443	49797	62.210.123.24	192.168.2.6
May 20, 2024 09:24:40.590548992 CEST	49796	443	192.168.2.6	51.81.93.39
May 20, 2024 09:24:40.590559006 CEST	443	49796	51.81.93.39	192.168.2.6
May 20, 2024 09:24:40.596199989 CEST	9001	49791	84.247.164.65	192.168.2.6
May 20, 2024 09:24:40.604258060 CEST	49787	443	192.168.2.6	77.162.229.73
May 20, 2024 09:24:40.604260921 CEST	49773	9001	192.168.2.6	134.102.200.101
May 20, 2024 09:24:40.604312897 CEST	49783	9001	192.168.2.6	65.21.195.87
May 20, 2024 09:24:40.604398966 CEST	49776	9001	192.168.2.6	135.148.54.98
May 20, 2024 09:24:40.604515076 CEST	49775	9001	192.168.2.6	51.222.24.62
May 20, 2024 09:24:40.604851961 CEST	49782	9001	192.168.2.6	89.58.34.53
May 20, 2024 09:24:40.604872942 CEST	49781	8443	192.168.2.6	185.220.101.196
May 20, 2024 09:24:40.604938030 CEST	49777	13443	192.168.2.6	185.243.218.202
May 20, 2024 09:24:40.605014086 CEST	49786	443	192.168.2.6	98.115.87.163
May 20, 2024 09:24:40.605035067 CEST	49779	9100	192.168.2.6	15.204.234.61
May 20, 2024 09:24:40.605093956 CEST	49784	2087	192.168.2.6	202.61.237.56
May 20, 2024 09:24:40.607882977 CEST	49798	443	192.168.2.6	38.154.240.58
May 20, 2024 09:24:40.607897043 CEST	443	49798	38.154.240.58	192.168.2.6
May 20, 2024 09:24:40.612178087 CEST	49798	443	192.168.2.6	38.154.240.58
May 20, 2024 09:24:40.620732069 CEST	49788	9001	192.168.2.6	45.141.57.69
May 20, 2024 09:24:40.620855093 CEST	49785	9001	192.168.2.6	109.104.152.127
May 20, 2024 09:24:40.621085882 CEST	49798	443	192.168.2.6	38.154.240.58
May 20, 2024 09:24:40.621095896 CEST	443	49798	38.154.240.58	192.168.2.6
May 20, 2024 09:24:40.635857105 CEST	49799	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:40.636106014 CEST	443	49780	46.20.35.116	192.168.2.6
May 20, 2024 09:24:40.636111975 CEST	443	49774	176.107.176.31	192.168.2.6
May 20, 2024 09:24:40.636115074 CEST	443	49778	147.135.31.134	192.168.2.6
May 20, 2024 09:24:40.641812086 CEST	49794	9001	192.168.2.6	37.1.204.243
May 20, 2024 09:24:40.641899109 CEST	49790	9001	192.168.2.6	96.234.180.68
May 20, 2024 09:24:40.641900063 CEST	49792	9001	192.168.2.6	5.255.109.214
May 20, 2024 09:24:40.641984940 CEST	49789	443	192.168.2.6	23.92.34.123
May 20, 2024 09:24:40.641985893 CEST	49791	9001	192.168.2.6	84.247.164.65
May 20, 2024 09:24:40.642121077 CEST	49793	443	192.168.2.6	142.44.247.102
May 20, 2024 09:24:40.642131090 CEST	49797	443	192.168.2.6	62.210.123.24
May 20, 2024 09:24:40.642669916 CEST	49796	443	192.168.2.6	51.81.93.39
May 20, 2024 09:24:40.642735004 CEST	49795	8080	192.168.2.6	51.89.17.143
May 20, 2024 09:24:40.644874096 CEST	9001	49792	5.255.109.214	192.168.2.6
May 20, 2024 09:24:40.644889116 CEST	8080	49795	51.89.17.143	192.168.2.6
May 20, 2024 09:24:40.644901991 CEST	9001	49794	37.1.204.243	192.168.2.6
May 20, 2024 09:24:40.644915104 CEST	9001	49790	96.234.180.68	192.168.2.6
May 20, 2024 09:24:40.652107000 CEST	443	49786	98.115.87.163	192.168.2.6
May 20, 2024 09:24:40.652133942 CEST	443	49787	77.162.229.73	192.168.2.6
May 20, 2024 09:24:40.678087950 CEST	49798	443	192.168.2.6	38.154.240.58
May 20, 2024 09:24:40.679330111 CEST	49800	9001	192.168.2.6	51.210.103.252
May 20, 2024 09:24:40.679579020 CEST	49801	1234	192.168.2.6	195.201.199.223
May 20, 2024 09:24:40.679797888 CEST	49802	666	192.168.2.6	192.99.228.114
May 20, 2024 09:24:40.684104919 CEST	443	49793	142.44.247.102	192.168.2.6
May 20, 2024 09:24:40.686882019 CEST	49803	443	192.168.2.6	65.109.93.180
May 20, 2024 09:24:40.686887980 CEST	49804	9500	192.168.2.6	195.154.168.209
May 20, 2024 09:24:40.686897993 CEST	443	49803	65.109.93.180	192.168.2.6
May 20, 2024 09:24:40.687212944 CEST	49805	443	192.168.2.6	88.216.223.2
May 20, 2024 09:24:40.687279940 CEST	443	49805	88.216.223.2	192.168.2.6
May 20, 2024 09:24:40.687285900 CEST	49803	443	192.168.2.6	65.109.93.180
May 20, 2024 09:24:40.688106060 CEST	443	49797	62.210.123.24	192.168.2.6
May 20, 2024 09:24:40.688113928 CEST	443	49789	23.92.34.123	192.168.2.6
May 20, 2024 09:24:40.688121080 CEST	443	49796	51.81.93.39	192.168.2.6
May 20, 2024 09:24:40.688148975 CEST	49805	443	192.168.2.6	88.216.223.2
May 20, 2024 09:24:40.694582939 CEST	49807	443	192.168.2.6	162.251.116.82
May 20, 2024 09:24:40.694586992 CEST	49806	443	192.168.2.6	135.148.53.59
May 20, 2024 09:24:40.694613934 CEST	443	49806	135.148.53.59	192.168.2.6
May 20, 2024 09:24:40.694626093 CEST	443	49807	162.251.116.82	192.168.2.6
May 20, 2024 09:24:40.694688082 CEST	49806	443	192.168.2.6	135.148.53.59
May 20, 2024 09:24:40.694749117 CEST	49807	443	192.168.2.6	162.251.116.82
May 20, 2024 09:24:40.694832087 CEST	49808	9001	192.168.2.6	193.142.146.239
May 20, 2024 09:24:40.695000887 CEST	49805	443	192.168.2.6	88.216.223.2
May 20, 2024 09:24:40.695029974 CEST	443	49805	88.216.223.2	192.168.2.6
May 20, 2024 09:24:40.695149899 CEST	49803	443	192.168.2.6	65.109.93.180
May 20, 2024 09:24:40.695159912 CEST	443	49803	65.109.93.180	192.168.2.6
May 20, 2024 09:24:40.702091932 CEST	49806	443	192.168.2.6	135.148.53.59
May 20, 2024 09:24:40.702092886 CEST	49807	443	192.168.2.6	162.251.116.82
May 20, 2024 09:24:40.702106953 CEST	443	49806	135.148.53.59	192.168.2.6
May 20, 2024 09:24:40.702107906 CEST	443	49807	162.251.116.82	192.168.2.6
May 20, 2024 09:24:40.711719036 CEST	49810	9100	192.168.2.6	145.239.41.102
May 20, 2024 09:24:40.711719036 CEST	49809	443	192.168.2.6	95.217.199.55
May 20, 2024 09:24:40.711731911 CEST	443	49809	95.217.199.55	192.168.2.6
May 20, 2024 09:24:40.711944103 CEST	49809	443	192.168.2.6	95.217.199.55
May 20, 2024 09:24:40.712012053 CEST	49811	443	192.168.2.6	23.157.136.251
May 20, 2024 09:24:40.712023973 CEST	443	49811	23.157.136.251	192.168.2.6
May 20, 2024 09:24:40.712085962 CEST	49811	443	192.168.2.6	23.157.136.251
May 20, 2024 09:24:40.712387085 CEST	49813	443	192.168.2.6	89.168.70.178
May 20, 2024 09:24:40.712414026 CEST	443	49813	89.168.70.178	192.168.2.6
May 20, 2024 09:24:40.712568998 CEST	49814	9001	192.168.2.6	107.189.8.12
May 20, 2024 09:24:40.712717056 CEST	49813	443	192.168.2.6	89.168.70.178
May 20, 2024 09:24:40.712727070 CEST	49815	9001	192.168.2.6	144.217.32.158
May 20, 2024 09:24:40.712986946 CEST	49816	9003	192.168.2.6	193.11.114.46
May 20, 2024 09:24:40.712986946 CEST	49812	443	192.168.2.6	162.19.252.175
May 20, 2024 09:24:40.712986946 CEST	49817	443	192.168.2.6	135.148.150.100
May 20, 2024 09:24:40.712996006 CEST	443	49812	162.19.252.175	192.168.2.6
May 20, 2024 09:24:40.713005066 CEST	443	49817	135.148.150.100	192.168.2.6
May 20, 2024 09:24:40.713063955 CEST	49817	443	192.168.2.6	135.148.150.100
May 20, 2024 09:24:40.713063955 CEST	49812	443	192.168.2.6	162.19.252.175
May 20, 2024 09:24:40.713314056 CEST	49819	443	192.168.2.6	5.45.98.188
May 20, 2024 09:24:40.713323116 CEST	443	49819	5.45.98.188	192.168.2.6
May 20, 2024 09:24:40.713398933 CEST	49818	9100	192.168.2.6	5.253.84.137
May 20, 2024 09:24:40.713490963 CEST	49819	443	192.168.2.6	5.45.98.188
May 20, 2024 09:24:40.713669062 CEST	49820	443	192.168.2.6	185.220.101.211
May 20, 2024 09:24:40.713682890 CEST	443	49820	185.220.101.211	192.168.2.6
May 20, 2024 09:24:40.713828087 CEST	49820	443	192.168.2.6	185.220.101.211
May 20, 2024 09:24:40.720738888 CEST	49821	443	192.168.2.6	185.233.104.172
May 20, 2024 09:24:40.720787048 CEST	443	49821	185.233.104.172	192.168.2.6
May 20, 2024 09:24:40.721129894 CEST	49823	11154	192.168.2.6	185.220.101.154
May 20, 2024 09:24:40.721142054 CEST	49822	443	192.168.2.6	83.212.72.189
May 20, 2024 09:24:40.721174002 CEST	443	49822	83.212.72.189	192.168.2.6
May 20, 2024 09:24:40.721216917 CEST	49821	443	192.168.2.6	185.233.104.172
May 20, 2024 09:24:40.721263885 CEST	49811	443	192.168.2.6	23.157.136.251
May 20, 2024 09:24:40.721271038 CEST	49822	443	192.168.2.6	83.212.72.189
May 20, 2024 09:24:40.721276045 CEST	443	49811	23.157.136.251	192.168.2.6
May 20, 2024 09:24:40.721472025 CEST	49813	443	192.168.2.6	89.168.70.178
May 20, 2024 09:24:40.721492052 CEST	49812	443	192.168.2.6	162.19.252.175
May 20, 2024 09:24:40.721492052 CEST	443	49813	89.168.70.178	192.168.2.6
May 20, 2024 09:24:40.721503019 CEST	443	49812	162.19.252.175	192.168.2.6
May 20, 2024 09:24:40.721661091 CEST	49819	443	192.168.2.6	5.45.98.188
May 20, 2024 09:24:40.721662045 CEST	49817	443	192.168.2.6	135.148.150.100
May 20, 2024 09:24:40.721669912 CEST	443	49817	135.148.150.100	192.168.2.6
May 20, 2024 09:24:40.721669912 CEST	443	49819	5.45.98.188	192.168.2.6
May 20, 2024 09:24:40.721833944 CEST	49820	443	192.168.2.6	185.220.101.211
May 20, 2024 09:24:40.721848965 CEST	443	49820	185.220.101.211	192.168.2.6
May 20, 2024 09:24:40.723870039 CEST	49809	443	192.168.2.6	95.217.199.55
May 20, 2024 09:24:40.723877907 CEST	443	49809	95.217.199.55	192.168.2.6
May 20, 2024 09:24:40.724107027 CEST	443	49798	38.154.240.58	192.168.2.6
May 20, 2024 09:24:40.728252888 CEST	49821	443	192.168.2.6	185.233.104.172
May 20, 2024 09:24:40.728296041 CEST	443	49821	185.233.104.172	192.168.2.6
May 20, 2024 09:24:40.728373051 CEST	49822	443	192.168.2.6	83.212.72.189
May 20, 2024 09:24:40.728429079 CEST	443	49822	83.212.72.189	192.168.2.6
May 20, 2024 09:24:40.735555887 CEST	49824	60443	192.168.2.6	85.93.254.36
May 20, 2024 09:24:40.735919952 CEST	49825	9001	192.168.2.6	91.234.199.232
May 20, 2024 09:24:40.735949993 CEST	49826	443	192.168.2.6	147.135.16.147
May 20, 2024 09:24:40.735969067 CEST	443	49826	147.135.16.147	192.168.2.6
May 20, 2024 09:24:40.736023903 CEST	49826	443	192.168.2.6	147.135.16.147
May 20, 2024 09:24:40.743944883 CEST	49827	9001	192.168.2.6	195.154.104.174
May 20, 2024 09:24:40.744128942 CEST	49828	443	192.168.2.6	91.143.81.27
May 20, 2024 09:24:40.744163036 CEST	443	49828	91.143.81.27	192.168.2.6
May 20, 2024 09:24:40.744239092 CEST	49828	443	192.168.2.6	91.143.81.27
May 20, 2024 09:24:40.744455099 CEST	49829	9001	192.168.2.6	193.105.134.186
May 20, 2024 09:24:40.744606018 CEST	49826	443	192.168.2.6	147.135.16.147
May 20, 2024 09:24:40.744618893 CEST	443	49826	147.135.16.147	192.168.2.6
May 20, 2024 09:24:40.751539946 CEST	49828	443	192.168.2.6	91.143.81.27
May 20, 2024 09:24:40.751552105 CEST	443	49828	91.143.81.27	192.168.2.6
May 20, 2024 09:24:40.761428118 CEST	49803	443	192.168.2.6	65.109.93.180
May 20, 2024 09:24:40.761506081 CEST	49805	443	192.168.2.6	88.216.223.2
May 20, 2024 09:24:40.761811972 CEST	49830	46856	192.168.2.6	217.194.154.18
May 20, 2024 09:24:40.761977911 CEST	49831	80	192.168.2.6	95.217.112.218
May 20, 2024 09:24:40.762135029 CEST	49832	443	192.168.2.6	147.135.64.217
May 20, 2024 09:24:40.762154102 CEST	443	49832	147.135.64.217	192.168.2.6
May 20, 2024 09:24:40.762217999 CEST	49832	443	192.168.2.6	147.135.64.217
May 20, 2024 09:24:40.762427092 CEST	49833	8443	192.168.2.6	15.204.140.9
May 20, 2024 09:24:40.762613058 CEST	49834	9001	192.168.2.6	134.102.200.101
May 20, 2024 09:24:40.762814999 CEST	49835	443	192.168.2.6	176.107.176.31
May 20, 2024 09:24:40.762841940 CEST	443	49835	176.107.176.31	192.168.2.6
May 20, 2024 09:24:40.762913942 CEST	49835	443	192.168.2.6	176.107.176.31
May 20, 2024 09:24:40.762995958 CEST	49836	9001	192.168.2.6	51.222.24.62
May 20, 2024 09:24:40.763197899 CEST	49837	9001	192.168.2.6	135.148.54.98
May 20, 2024 09:24:40.763443947 CEST	49838	13443	192.168.2.6	185.243.218.202
May 20, 2024 09:24:40.770392895 CEST	49806	443	192.168.2.6	135.148.53.59
May 20, 2024 09:24:40.770437956 CEST	49807	443	192.168.2.6	162.251.116.82
May 20, 2024 09:24:40.771096945 CEST	49839	443	192.168.2.6	147.135.31.134
May 20, 2024 09:24:40.771109104 CEST	443	49839	147.135.31.134	192.168.2.6
May 20, 2024 09:24:40.771193027 CEST	49839	443	192.168.2.6	147.135.31.134
May 20, 2024 09:24:40.771317959 CEST	49840	9100	192.168.2.6	15.204.234.61
May 20, 2024 09:24:40.771464109 CEST	49832	443	192.168.2.6	147.135.64.217
May 20, 2024 09:24:40.771478891 CEST	443	49832	147.135.64.217	192.168.2.6
May 20, 2024 09:24:40.771590948 CEST	49835	443	192.168.2.6	176.107.176.31
May 20, 2024 09:24:40.771612883 CEST	443	49835	176.107.176.31	192.168.2.6
May 20, 2024 09:24:40.778491020 CEST	49839	443	192.168.2.6	147.135.31.134
May 20, 2024 09:24:40.778501034 CEST	443	49839	147.135.31.134	192.168.2.6
May 20, 2024 09:24:40.787292004 CEST	49811	443	192.168.2.6	23.157.136.251
May 20, 2024 09:24:40.787384033 CEST	49809	443	192.168.2.6	95.217.199.55
May 20, 2024 09:24:40.787384033 CEST	49817	443	192.168.2.6	135.148.150.100
May 20, 2024 09:24:40.787751913 CEST	49813	443	192.168.2.6	89.168.70.178
May 20, 2024 09:24:40.787796021 CEST	49820	443	192.168.2.6	185.220.101.211
May 20, 2024 09:24:40.787832022 CEST	49812	443	192.168.2.6	162.19.252.175
May 20, 2024 09:24:40.787986040 CEST	49819	443	192.168.2.6	5.45.98.188
May 20, 2024 09:24:40.788302898 CEST	49841	443	192.168.2.6	46.20.35.116
May 20, 2024 09:24:40.788319111 CEST	443	49841	46.20.35.116	192.168.2.6
May 20, 2024 09:24:40.788451910 CEST	49842	8443	192.168.2.6	185.220.101.196
May 20, 2024 09:24:40.788477898 CEST	49841	443	192.168.2.6	46.20.35.116
May 20, 2024 09:24:40.788825989 CEST	49845	2087	192.168.2.6	202.61.237.56
May 20, 2024 09:24:40.789062977 CEST	49843	9001	192.168.2.6	89.58.34.53
May 20, 2024 09:24:40.789257050 CEST	49846	443	192.168.2.6	178.254.31.125
May 20, 2024 09:24:40.789269924 CEST	443	49846	178.254.31.125	192.168.2.6
May 20, 2024 09:24:40.789313078 CEST	49846	443	192.168.2.6	178.254.31.125
May 20, 2024 09:24:40.789345026 CEST	49844	9001	192.168.2.6	65.21.195.87
May 20, 2024 09:24:40.796295881 CEST	49821	443	192.168.2.6	185.233.104.172
May 20, 2024 09:24:40.796364069 CEST	49822	443	192.168.2.6	83.212.72.189
May 20, 2024 09:24:40.796962023 CEST	49847	443	192.168.2.6	23.92.34.123
May 20, 2024 09:24:40.796983004 CEST	443	49847	23.92.34.123	192.168.2.6
May 20, 2024 09:24:40.797070026 CEST	49847	443	192.168.2.6	23.92.34.123
May 20, 2024 09:24:40.797199965 CEST	49848	443	192.168.2.6	38.154.240.58
May 20, 2024 09:24:40.797218084 CEST	443	49848	38.154.240.58	192.168.2.6
May 20, 2024 09:24:40.797297001 CEST	49848	443	192.168.2.6	38.154.240.58
May 20, 2024 09:24:40.797396898 CEST	49841	443	192.168.2.6	46.20.35.116
May 20, 2024 09:24:40.797411919 CEST	443	49841	46.20.35.116	192.168.2.6
May 20, 2024 09:24:40.797990084 CEST	49846	443	192.168.2.6	178.254.31.125
May 20, 2024 09:24:40.798005104 CEST	443	49846	178.254.31.125	192.168.2.6
May 20, 2024 09:24:40.804109097 CEST	443	49805	88.216.223.2	192.168.2.6
May 20, 2024 09:24:40.804119110 CEST	443	49803	65.109.93.180	192.168.2.6
May 20, 2024 09:24:40.805687904 CEST	49848	443	192.168.2.6	38.154.240.58
May 20, 2024 09:24:40.805699110 CEST	443	49848	38.154.240.58	192.168.2.6
May 20, 2024 09:24:40.805871010 CEST	49847	443	192.168.2.6	23.92.34.123
May 20, 2024 09:24:40.805883884 CEST	443	49847	23.92.34.123	192.168.2.6
May 20, 2024 09:24:40.816134930 CEST	443	49806	135.148.53.59	192.168.2.6
May 20, 2024 09:24:40.816138029 CEST	443	49807	162.251.116.82	192.168.2.6
May 20, 2024 09:24:40.816412926 CEST	49826	443	192.168.2.6	147.135.16.147
May 20, 2024 09:24:40.823571920 CEST	49828	443	192.168.2.6	91.143.81.27
May 20, 2024 09:24:40.828162909 CEST	443	49813	89.168.70.178	192.168.2.6
May 20, 2024 09:24:40.832118034 CEST	443	49812	162.19.252.175	192.168.2.6
May 20, 2024 09:24:40.832118988 CEST	443	49820	185.220.101.211	192.168.2.6
May 20, 2024 09:24:40.832128048 CEST	443	49817	135.148.150.100	192.168.2.6
May 20, 2024 09:24:40.832134008 CEST	443	49809	95.217.199.55	192.168.2.6
May 20, 2024 09:24:40.832149982 CEST	443	49819	5.45.98.188	192.168.2.6
May 20, 2024 09:24:40.832168102 CEST	443	49811	23.157.136.251	192.168.2.6
May 20, 2024 09:24:40.840116024 CEST	443	49821	185.233.104.172	192.168.2.6
May 20, 2024 09:24:40.840125084 CEST	443	49822	83.212.72.189	192.168.2.6
May 20, 2024 09:24:40.864115953 CEST	443	49826	147.135.16.147	192.168.2.6
May 20, 2024 09:24:40.868129015 CEST	443	49828	91.143.81.27	192.168.2.6
May 20, 2024 09:24:40.871824980 CEST	46856	49770	217.194.154.18	192.168.2.6
May 20, 2024 09:24:40.873492002 CEST	9001	49769	193.105.134.186	192.168.2.6
May 20, 2024 09:24:40.873524904 CEST	8443	49772	15.204.140.9	192.168.2.6
May 20, 2024 09:24:40.873555899 CEST	80	49771	95.217.112.218	192.168.2.6
May 20, 2024 09:24:40.873665094 CEST	666	49739	192.99.228.114	192.168.2.6
May 20, 2024 09:24:40.873694897 CEST	9100	49748	145.239.41.102	192.168.2.6
May 20, 2024 09:24:40.873724937 CEST	9001	49753	144.217.32.158	192.168.2.6
May 20, 2024 09:24:40.873754978 CEST	9001	49746	193.142.146.239	192.168.2.6
May 20, 2024 09:24:40.873784065 CEST	1234	49738	195.201.199.223	192.168.2.6
May 20, 2024 09:24:40.873785973 CEST	49748	9100	192.168.2.6	145.239.41.102
May 20, 2024 09:24:40.873814106 CEST	9500	49742	195.154.168.209	192.168.2.6
May 20, 2024 09:24:40.873830080 CEST	49753	9001	192.168.2.6	144.217.32.158
May 20, 2024 09:24:40.873832941 CEST	49739	666	192.168.2.6	192.99.228.114
May 20, 2024 09:24:40.873841047 CEST	49746	9001	192.168.2.6	193.142.146.239
May 20, 2024 09:24:40.873855114 CEST	9001	49740	51.210.103.252	192.168.2.6
May 20, 2024 09:24:40.873883963 CEST	49738	1234	192.168.2.6	195.201.199.223
May 20, 2024 09:24:40.873889923 CEST	9001	49752	107.189.8.12	192.168.2.6
May 20, 2024 09:24:40.873920918 CEST	49742	9500	192.168.2.6	195.154.168.209
May 20, 2024 09:24:40.873955011 CEST	49740	9001	192.168.2.6	51.210.103.252
May 20, 2024 09:24:40.873972893 CEST	49752	9001	192.168.2.6	107.189.8.12
May 20, 2024 09:24:40.874000072 CEST	9001	49799	148.251.41.235	192.168.2.6
May 20, 2024 09:24:40.874067068 CEST	49799	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:40.874085903 CEST	9001	49800	51.210.103.252	192.168.2.6
May 20, 2024 09:24:40.874134064 CEST	49800	9001	192.168.2.6	51.210.103.252
May 20, 2024 09:24:40.876568079 CEST	1234	49801	195.201.199.223	192.168.2.6
May 20, 2024 09:24:40.876604080 CEST	666	49802	192.99.228.114	192.168.2.6
May 20, 2024 09:24:40.876635075 CEST	9500	49804	195.154.168.209	192.168.2.6
May 20, 2024 09:24:40.876650095 CEST	49801	1234	192.168.2.6	195.201.199.223
May 20, 2024 09:24:40.876665115 CEST	9001	49808	193.142.146.239	192.168.2.6
May 20, 2024 09:24:40.876677036 CEST	49802	666	192.168.2.6	192.99.228.114
May 20, 2024 09:24:40.876709938 CEST	49804	9500	192.168.2.6	195.154.168.209
May 20, 2024 09:24:40.876718998 CEST	49808	9001	192.168.2.6	193.142.146.239
May 20, 2024 09:24:40.876863003 CEST	9100	49810	145.239.41.102	192.168.2.6
May 20, 2024 09:24:40.876894951 CEST	9001	49814	107.189.8.12	192.168.2.6
May 20, 2024 09:24:40.876905918 CEST	49810	9100	192.168.2.6	145.239.41.102
May 20, 2024 09:24:40.876924992 CEST	9001	49815	144.217.32.158	192.168.2.6
May 20, 2024 09:24:40.876945019 CEST	49814	9001	192.168.2.6	107.189.8.12
May 20, 2024 09:24:40.876955032 CEST	9003	49816	193.11.114.46	192.168.2.6
May 20, 2024 09:24:40.876970053 CEST	49815	9001	192.168.2.6	144.217.32.158
May 20, 2024 09:24:40.876983881 CEST	9100	49818	5.253.84.137	192.168.2.6
May 20, 2024 09:24:40.877005100 CEST	49816	9003	192.168.2.6	193.11.114.46
May 20, 2024 09:24:40.877012968 CEST	11154	49823	185.220.101.154	192.168.2.6
May 20, 2024 09:24:40.877055883 CEST	49823	11154	192.168.2.6	185.220.101.154
May 20, 2024 09:24:40.877154112 CEST	49818	9100	192.168.2.6	5.253.84.137
May 20, 2024 09:24:40.881536961 CEST	60443	49824	85.93.254.36	192.168.2.6
May 20, 2024 09:24:40.881568909 CEST	9001	49825	91.234.199.232	192.168.2.6
May 20, 2024 09:24:40.881589890 CEST	49824	60443	192.168.2.6	85.93.254.36
May 20, 2024 09:24:40.881599903 CEST	9001	49827	195.154.104.174	192.168.2.6
May 20, 2024 09:24:40.881629944 CEST	9001	49829	193.105.134.186	192.168.2.6
May 20, 2024 09:24:40.881649017 CEST	49827	9001	192.168.2.6	195.154.104.174
May 20, 2024 09:24:40.881675005 CEST	49829	9001	192.168.2.6	193.105.134.186
May 20, 2024 09:24:40.881680965 CEST	49825	9001	192.168.2.6	91.234.199.232
May 20, 2024 09:24:40.881737947 CEST	46856	49830	217.194.154.18	192.168.2.6
May 20, 2024 09:24:40.881768942 CEST	80	49831	95.217.112.218	192.168.2.6
May 20, 2024 09:24:40.881798983 CEST	8443	49833	15.204.140.9	192.168.2.6
May 20, 2024 09:24:40.881812096 CEST	49830	46856	192.168.2.6	217.194.154.18
May 20, 2024 09:24:40.881829977 CEST	9001	49834	134.102.200.101	192.168.2.6
May 20, 2024 09:24:40.881835938 CEST	49831	80	192.168.2.6	95.217.112.218
May 20, 2024 09:24:40.881860971 CEST	9001	49836	51.222.24.62	192.168.2.6
May 20, 2024 09:24:40.881864071 CEST	49833	8443	192.168.2.6	15.204.140.9
May 20, 2024 09:24:40.881891012 CEST	9001	49837	135.148.54.98	192.168.2.6
May 20, 2024 09:24:40.881891966 CEST	49834	9001	192.168.2.6	134.102.200.101
May 20, 2024 09:24:40.881911993 CEST	49836	9001	192.168.2.6	51.222.24.62
May 20, 2024 09:24:40.881921053 CEST	13443	49838	185.243.218.202	192.168.2.6
May 20, 2024 09:24:40.881937981 CEST	49837	9001	192.168.2.6	135.148.54.98
May 20, 2024 09:24:40.881975889 CEST	49838	13443	192.168.2.6	185.243.218.202
May 20, 2024 09:24:40.882167101 CEST	49830	46856	192.168.2.6	217.194.154.18
May 20, 2024 09:24:40.886082888 CEST	9100	49840	15.204.234.61	192.168.2.6
May 20, 2024 09:24:40.886149883 CEST	49840	9100	192.168.2.6	15.204.234.61
May 20, 2024 09:24:40.886225939 CEST	8443	49842	185.220.101.196	192.168.2.6
May 20, 2024 09:24:40.886255980 CEST	2087	49845	202.61.237.56	192.168.2.6
May 20, 2024 09:24:40.886286020 CEST	9001	49843	89.58.34.53	192.168.2.6
May 20, 2024 09:24:40.886286020 CEST	49842	8443	192.168.2.6	185.220.101.196
May 20, 2024 09:24:40.886305094 CEST	49845	2087	192.168.2.6	202.61.237.56
May 20, 2024 09:24:40.886317015 CEST	9001	49844	65.21.195.87	192.168.2.6
May 20, 2024 09:24:40.886353970 CEST	49843	9001	192.168.2.6	89.58.34.53
May 20, 2024 09:24:40.886419058 CEST	49844	9001	192.168.2.6	65.21.195.87
May 20, 2024 09:24:40.906155109 CEST	49840	9100	192.168.2.6	15.204.234.61
May 20, 2024 09:24:40.906215906 CEST	49837	9001	192.168.2.6	135.148.54.98
May 20, 2024 09:24:40.906230927 CEST	49784	2087	192.168.2.6	202.61.237.56
May 20, 2024 09:24:40.906253099 CEST	49779	9100	192.168.2.6	15.204.234.61
May 20, 2024 09:24:40.906256914 CEST	49773	9001	192.168.2.6	134.102.200.101
May 20, 2024 09:24:40.906255960 CEST	49777	13443	192.168.2.6	185.243.218.202
May 20, 2024 09:24:40.906266928 CEST	49781	8443	192.168.2.6	185.220.101.196
May 20, 2024 09:24:40.906287909 CEST	49782	9001	192.168.2.6	89.58.34.53
May 20, 2024 09:24:40.906290054 CEST	49783	9001	192.168.2.6	65.21.195.87
May 20, 2024 09:24:40.906316996 CEST	49775	9001	192.168.2.6	51.222.24.62
May 20, 2024 09:24:40.906316996 CEST	49776	9001	192.168.2.6	135.148.54.98
May 20, 2024 09:24:40.906383038 CEST	49848	443	192.168.2.6	38.154.240.58
May 20, 2024 09:24:40.906430960 CEST	49836	9001	192.168.2.6	51.222.24.62
May 20, 2024 09:24:40.906491995 CEST	49835	443	192.168.2.6	176.107.176.31
May 20, 2024 09:24:40.906532049 CEST	49834	9001	192.168.2.6	134.102.200.101
May 20, 2024 09:24:40.906563997 CEST	49845	2087	192.168.2.6	202.61.237.56
May 20, 2024 09:24:40.906616926 CEST	49838	13443	192.168.2.6	185.243.218.202
May 20, 2024 09:24:40.906629086 CEST	49843	9001	192.168.2.6	89.58.34.53
May 20, 2024 09:24:40.906632900 CEST	49844	9001	192.168.2.6	65.21.195.87
May 20, 2024 09:24:40.906651974 CEST	49833	8443	192.168.2.6	15.204.140.9
May 20, 2024 09:24:40.906677961 CEST	49841	443	192.168.2.6	46.20.35.116
May 20, 2024 09:24:40.906718016 CEST	49839	443	192.168.2.6	147.135.31.134
May 20, 2024 09:24:40.906793118 CEST	49842	8443	192.168.2.6	185.220.101.196
May 20, 2024 09:24:40.906821966 CEST	49831	80	192.168.2.6	95.217.112.218
May 20, 2024 09:24:40.906863928 CEST	49847	443	192.168.2.6	23.92.34.123
May 20, 2024 09:24:40.907236099 CEST	49846	443	192.168.2.6	178.254.31.125
May 20, 2024 09:24:40.907300949 CEST	49832	443	192.168.2.6	147.135.64.217
May 20, 2024 09:24:40.911138058 CEST	46856	49830	217.194.154.18	192.168.2.6
May 20, 2024 09:24:40.911267996 CEST	8443	49772	15.204.140.9	192.168.2.6
May 20, 2024 09:24:40.911299944 CEST	9100	49779	15.204.234.61	192.168.2.6
May 20, 2024 09:24:40.911326885 CEST	49772	8443	192.168.2.6	15.204.140.9
May 20, 2024 09:24:40.911386967 CEST	9001	49776	135.148.54.98	192.168.2.6
May 20, 2024 09:24:40.911469936 CEST	49776	9001	192.168.2.6	135.148.54.98
May 20, 2024 09:24:40.911473989 CEST	49779	9100	192.168.2.6	15.204.234.61
May 20, 2024 09:24:40.915816069 CEST	9100	49840	15.204.234.61	192.168.2.6
May 20, 2024 09:24:40.915848970 CEST	8080	49795	51.89.17.143	192.168.2.6
May 20, 2024 09:24:40.915879965 CEST	9001	49791	84.247.164.65	192.168.2.6
May 20, 2024 09:24:40.915891886 CEST	49840	9100	192.168.2.6	15.204.234.61
May 20, 2024 09:24:40.915910959 CEST	9001	49790	96.234.180.68	192.168.2.6
May 20, 2024 09:24:40.915941000 CEST	9001	49792	5.255.109.214	192.168.2.6
May 20, 2024 09:24:40.915970087 CEST	9001	49794	37.1.204.243	192.168.2.6
May 20, 2024 09:24:40.915998936 CEST	9001	49785	109.104.152.127	192.168.2.6
May 20, 2024 09:24:40.916028023 CEST	9001	49788	45.141.57.69	192.168.2.6
May 20, 2024 09:24:40.916058064 CEST	2087	49784	202.61.237.56	192.168.2.6
May 20, 2024 09:24:40.916086912 CEST	13443	49777	185.243.218.202	192.168.2.6
May 20, 2024 09:24:40.916801929 CEST	8443	49781	185.220.101.196	192.168.2.6
May 20, 2024 09:24:40.916860104 CEST	9001	49782	89.58.34.53	192.168.2.6
May 20, 2024 09:24:40.916892052 CEST	9001	49775	51.222.24.62	192.168.2.6
May 20, 2024 09:24:40.916922092 CEST	9001	49783	65.21.195.87	192.168.2.6
May 20, 2024 09:24:40.916953087 CEST	9001	49773	134.102.200.101	192.168.2.6
May 20, 2024 09:24:40.916974068 CEST	49849	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:40.916982889 CEST	2087	49784	202.61.237.56	192.168.2.6
May 20, 2024 09:24:40.917013884 CEST	9100	49779	15.204.234.61	192.168.2.6
May 20, 2024 09:24:40.917042971 CEST	9001	49773	134.102.200.101	192.168.2.6
May 20, 2024 09:24:40.917072058 CEST	9001	49837	135.148.54.98	192.168.2.6
May 20, 2024 09:24:40.917099953 CEST	13443	49777	185.243.218.202	192.168.2.6
May 20, 2024 09:24:40.917119026 CEST	49837	9001	192.168.2.6	135.148.54.98
May 20, 2024 09:24:40.917129040 CEST	9001	49783	65.21.195.87	192.168.2.6
May 20, 2024 09:24:40.917157888 CEST	9001	49782	89.58.34.53	192.168.2.6
May 20, 2024 09:24:40.917186975 CEST	8443	49781	185.220.101.196	192.168.2.6
May 20, 2024 09:24:40.917213917 CEST	9001	49775	51.222.24.62	192.168.2.6
May 20, 2024 09:24:40.917243004 CEST	9001	49776	135.148.54.98	192.168.2.6
May 20, 2024 09:24:40.917272091 CEST	9001	49836	51.222.24.62	192.168.2.6
May 20, 2024 09:24:40.917299986 CEST	9001	49834	134.102.200.101	192.168.2.6
May 20, 2024 09:24:40.917329073 CEST	2087	49845	202.61.237.56	192.168.2.6
May 20, 2024 09:24:40.917356968 CEST	49834	9001	192.168.2.6	134.102.200.101
May 20, 2024 09:24:40.917359114 CEST	13443	49838	185.243.218.202	192.168.2.6
May 20, 2024 09:24:40.917387962 CEST	9001	49843	89.58.34.53	192.168.2.6
May 20, 2024 09:24:40.917404890 CEST	49836	9001	192.168.2.6	51.222.24.62
May 20, 2024 09:24:40.917404890 CEST	49845	2087	192.168.2.6	202.61.237.56
May 20, 2024 09:24:40.917409897 CEST	49838	13443	192.168.2.6	185.243.218.202
May 20, 2024 09:24:40.917462111 CEST	49843	9001	192.168.2.6	89.58.34.53
May 20, 2024 09:24:40.920639992 CEST	9001	49844	65.21.195.87	192.168.2.6
May 20, 2024 09:24:40.920670033 CEST	8443	49833	15.204.140.9	192.168.2.6
May 20, 2024 09:24:40.920700073 CEST	8443	49842	185.220.101.196	192.168.2.6
May 20, 2024 09:24:40.920727015 CEST	49833	8443	192.168.2.6	15.204.140.9
May 20, 2024 09:24:40.920728922 CEST	80	49831	95.217.112.218	192.168.2.6
May 20, 2024 09:24:40.920753002 CEST	49842	8443	192.168.2.6	185.220.101.196
May 20, 2024 09:24:40.920759916 CEST	49844	9001	192.168.2.6	65.21.195.87
May 20, 2024 09:24:40.920778990 CEST	49831	80	192.168.2.6	95.217.112.218
May 20, 2024 09:24:40.925580025 CEST	9001	49775	51.222.24.62	192.168.2.6
May 20, 2024 09:24:40.925700903 CEST	49775	9001	192.168.2.6	51.222.24.62
May 20, 2024 09:24:40.929532051 CEST	49830	46856	192.168.2.6	217.194.154.18
May 20, 2024 09:24:40.930109978 CEST	9001	49849	148.251.41.235	192.168.2.6
May 20, 2024 09:24:40.930195093 CEST	49849	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:40.936373949 CEST	49849	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:40.937304020 CEST	9001	49754	148.251.41.235	192.168.2.6
May 20, 2024 09:24:40.937398911 CEST	49754	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:40.942095041 CEST	9001	49849	148.251.41.235	192.168.2.6
May 20, 2024 09:24:40.952116966 CEST	443	49846	178.254.31.125	192.168.2.6
May 20, 2024 09:24:40.952132940 CEST	443	49847	23.92.34.123	192.168.2.6
May 20, 2024 09:24:40.952131033 CEST	443	49832	147.135.64.217	192.168.2.6
May 20, 2024 09:24:40.952145100 CEST	443	49835	176.107.176.31	192.168.2.6
May 20, 2024 09:24:40.952152014 CEST	443	49839	147.135.31.134	192.168.2.6
May 20, 2024 09:24:40.952162027 CEST	443	49841	46.20.35.116	192.168.2.6
May 20, 2024 09:24:40.952172041 CEST	443	49848	38.154.240.58	192.168.2.6
May 20, 2024 09:24:40.958792925 CEST	9001	49785	109.104.152.127	192.168.2.6
May 20, 2024 09:24:40.958861113 CEST	49850	1234	192.168.2.6	195.201.199.223
May 20, 2024 09:24:40.958956957 CEST	49785	9001	192.168.2.6	109.104.152.127
May 20, 2024 09:24:40.959280014 CEST	49852	9001	192.168.2.6	51.210.103.252
May 20, 2024 09:24:40.959315062 CEST	49851	666	192.168.2.6	192.99.228.114
May 20, 2024 09:24:40.959399939 CEST	49853	443	192.168.2.6	65.109.93.180
May 20, 2024 09:24:40.959445000 CEST	443	49853	65.109.93.180	192.168.2.6
May 20, 2024 09:24:40.959573984 CEST	49853	443	192.168.2.6	65.109.93.180
May 20, 2024 09:24:40.959614038 CEST	49854	9500	192.168.2.6	195.154.168.209
May 20, 2024 09:24:40.959835052 CEST	49855	443	192.168.2.6	88.216.223.2
May 20, 2024 09:24:40.959868908 CEST	443	49855	88.216.223.2	192.168.2.6
May 20, 2024 09:24:40.959919930 CEST	49856	443	192.168.2.6	135.148.53.59
May 20, 2024 09:24:40.959981918 CEST	443	49856	135.148.53.59	192.168.2.6
May 20, 2024 09:24:40.960036039 CEST	49855	443	192.168.2.6	88.216.223.2
May 20, 2024 09:24:40.960062027 CEST	49857	443	192.168.2.6	162.251.116.82
May 20, 2024 09:24:40.960086107 CEST	49856	443	192.168.2.6	135.148.53.59
May 20, 2024 09:24:40.960092068 CEST	443	49857	162.251.116.82	192.168.2.6
May 20, 2024 09:24:40.960135937 CEST	49857	443	192.168.2.6	162.251.116.82
May 20, 2024 09:24:40.960284948 CEST	49858	9001	192.168.2.6	193.142.146.239
May 20, 2024 09:24:40.960437059 CEST	49859	443	192.168.2.6	95.217.199.55
May 20, 2024 09:24:40.960500002 CEST	443	49859	95.217.199.55	192.168.2.6
May 20, 2024 09:24:40.960557938 CEST	49860	9100	192.168.2.6	145.239.41.102
May 20, 2024 09:24:40.960583925 CEST	49859	443	192.168.2.6	95.217.199.55
May 20, 2024 09:24:40.964026928 CEST	1234	49850	195.201.199.223	192.168.2.6
May 20, 2024 09:24:40.964096069 CEST	49850	1234	192.168.2.6	195.201.199.223
May 20, 2024 09:24:40.967932940 CEST	49861	443	192.168.2.6	23.157.136.251
May 20, 2024 09:24:40.967952013 CEST	443	49861	23.157.136.251	192.168.2.6
May 20, 2024 09:24:40.968014002 CEST	49861	443	192.168.2.6	23.157.136.251
May 20, 2024 09:24:40.968156099 CEST	49862	443	192.168.2.6	162.19.252.175
May 20, 2024 09:24:40.968177080 CEST	443	49862	162.19.252.175	192.168.2.6
May 20, 2024 09:24:40.968234062 CEST	49862	443	192.168.2.6	162.19.252.175
May 20, 2024 09:24:40.968352079 CEST	49863	443	192.168.2.6	89.168.70.178
May 20, 2024 09:24:40.968373060 CEST	443	49863	89.168.70.178	192.168.2.6
May 20, 2024 09:24:40.968425989 CEST	49863	443	192.168.2.6	89.168.70.178
May 20, 2024 09:24:40.968561888 CEST	49864	9001	192.168.2.6	107.189.8.12
May 20, 2024 09:24:40.968822002 CEST	9001	49852	51.210.103.252	192.168.2.6
May 20, 2024 09:24:40.968873024 CEST	49852	9001	192.168.2.6	51.210.103.252
May 20, 2024 09:24:40.968986988 CEST	49865	9001	192.168.2.6	144.217.32.158
May 20, 2024 09:24:40.969193935 CEST	49855	443	192.168.2.6	88.216.223.2
May 20, 2024 09:24:40.969208956 CEST	443	49855	88.216.223.2	192.168.2.6
May 20, 2024 09:24:40.969259977 CEST	49856	443	192.168.2.6	135.148.53.59
May 20, 2024 09:24:40.969285965 CEST	443	49856	135.148.53.59	192.168.2.6
May 20, 2024 09:24:40.969424963 CEST	49857	443	192.168.2.6	162.251.116.82
May 20, 2024 09:24:40.969439983 CEST	443	49857	162.251.116.82	192.168.2.6
May 20, 2024 09:24:40.969486952 CEST	49859	443	192.168.2.6	95.217.199.55
May 20, 2024 09:24:40.969515085 CEST	443	49859	95.217.199.55	192.168.2.6
May 20, 2024 09:24:40.969559908 CEST	49850	1234	192.168.2.6	195.201.199.223
May 20, 2024 09:24:40.969618082 CEST	49853	443	192.168.2.6	65.109.93.180
May 20, 2024 09:24:40.969650984 CEST	443	49853	65.109.93.180	192.168.2.6
May 20, 2024 09:24:40.969882965 CEST	49863	443	192.168.2.6	89.168.70.178
May 20, 2024 09:24:40.969893932 CEST	49862	443	192.168.2.6	162.19.252.175
May 20, 2024 09:24:40.969903946 CEST	49861	443	192.168.2.6	23.157.136.251
May 20, 2024 09:24:40.969948053 CEST	443	49863	89.168.70.178	192.168.2.6
May 20, 2024 09:24:40.970089912 CEST	443	49861	23.157.136.251	192.168.2.6
May 20, 2024 09:24:40.970123053 CEST	49856	443	192.168.2.6	135.148.53.59
May 20, 2024 09:24:40.970139980 CEST	49863	443	192.168.2.6	89.168.70.178
May 20, 2024 09:24:40.970143080 CEST	49861	443	192.168.2.6	23.157.136.251
May 20, 2024 09:24:40.970174074 CEST	49855	443	192.168.2.6	88.216.223.2
May 20, 2024 09:24:40.970172882 CEST	443	49862	162.19.252.175	192.168.2.6
May 20, 2024 09:24:40.970238924 CEST	49862	443	192.168.2.6	162.19.252.175
May 20, 2024 09:24:40.970259905 CEST	49852	9001	192.168.2.6	51.210.103.252
May 20, 2024 09:24:40.970793962 CEST	49849	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:40.971173048 CEST	49866	443	192.168.2.6	23.92.34.123
May 20, 2024 09:24:40.971194029 CEST	443	49866	23.92.34.123	192.168.2.6
May 20, 2024 09:24:40.971272945 CEST	49866	443	192.168.2.6	23.92.34.123
May 20, 2024 09:24:40.971344948 CEST	49867	443	192.168.2.6	193.23.244.244
May 20, 2024 09:24:40.971354961 CEST	443	49867	193.23.244.244	192.168.2.6
May 20, 2024 09:24:40.971657038 CEST	49867	443	192.168.2.6	193.23.244.244
May 20, 2024 09:24:40.973536968 CEST	666	49851	192.99.228.114	192.168.2.6
May 20, 2024 09:24:40.973568916 CEST	9500	49854	195.154.168.209	192.168.2.6
May 20, 2024 09:24:40.973598957 CEST	9001	49858	193.142.146.239	192.168.2.6
May 20, 2024 09:24:40.973603964 CEST	49851	666	192.168.2.6	192.99.228.114
May 20, 2024 09:24:40.973627090 CEST	49854	9500	192.168.2.6	195.154.168.209
May 20, 2024 09:24:40.973630905 CEST	9100	49860	145.239.41.102	192.168.2.6
May 20, 2024 09:24:40.973661900 CEST	9001	49790	96.234.180.68	192.168.2.6
May 20, 2024 09:24:40.973671913 CEST	49858	9001	192.168.2.6	193.142.146.239
May 20, 2024 09:24:40.973673105 CEST	49860	9100	192.168.2.6	145.239.41.102
May 20, 2024 09:24:40.973692894 CEST	9001	49782	89.58.34.53	192.168.2.6
May 20, 2024 09:24:40.973735094 CEST	49782	9001	192.168.2.6	89.58.34.53
May 20, 2024 09:24:40.973766088 CEST	49790	9001	192.168.2.6	96.234.180.68
May 20, 2024 09:24:40.978292942 CEST	9001	49864	107.189.8.12	192.168.2.6
May 20, 2024 09:24:40.978322983 CEST	46856	49830	217.194.154.18	192.168.2.6
May 20, 2024 09:24:40.978342056 CEST	49864	9001	192.168.2.6	107.189.8.12
May 20, 2024 09:24:40.983021975 CEST	9001	49865	144.217.32.158	192.168.2.6
May 20, 2024 09:24:40.983050108 CEST	1234	49850	195.201.199.223	192.168.2.6
May 20, 2024 09:24:40.983069897 CEST	49865	9001	192.168.2.6	144.217.32.158
May 20, 2024 09:24:40.983328104 CEST	9001	49852	51.210.103.252	192.168.2.6
May 20, 2024 09:24:40.983355999 CEST	9001	49852	51.210.103.252	192.168.2.6
May 20, 2024 09:24:40.983402967 CEST	49852	9001	192.168.2.6	51.210.103.252
May 20, 2024 09:24:40.987226963 CEST	49867	443	192.168.2.6	193.23.244.244
May 20, 2024 09:24:40.987241983 CEST	443	49867	193.23.244.244	192.168.2.6
May 20, 2024 09:24:40.987401009 CEST	49866	443	192.168.2.6	23.92.34.123
May 20, 2024 09:24:40.987415075 CEST	443	49866	23.92.34.123	192.168.2.6
May 20, 2024 09:24:40.987795115 CEST	46856	49770	217.194.154.18	192.168.2.6
May 20, 2024 09:24:40.987823963 CEST	8443	49781	185.220.101.196	192.168.2.6
May 20, 2024 09:24:40.987862110 CEST	49770	46856	192.168.2.6	217.194.154.18
May 20, 2024 09:24:40.987914085 CEST	49781	8443	192.168.2.6	185.220.101.196
May 20, 2024 09:24:40.992532969 CEST	9001	49783	65.21.195.87	192.168.2.6
May 20, 2024 09:24:40.992563009 CEST	9001	49773	134.102.200.101	192.168.2.6
May 20, 2024 09:24:40.992592096 CEST	13443	49777	185.243.218.202	192.168.2.6
May 20, 2024 09:24:40.992614985 CEST	49783	9001	192.168.2.6	65.21.195.87
May 20, 2024 09:24:40.992638111 CEST	49773	9001	192.168.2.6	134.102.200.101
May 20, 2024 09:24:40.992647886 CEST	49777	13443	192.168.2.6	185.243.218.202
May 20, 2024 09:24:41.001987934 CEST	80	49771	95.217.112.218	192.168.2.6
May 20, 2024 09:24:41.002082109 CEST	49771	80	192.168.2.6	95.217.112.218
May 20, 2024 09:24:41.011509895 CEST	2087	49784	202.61.237.56	192.168.2.6
May 20, 2024 09:24:41.011629105 CEST	49784	2087	192.168.2.6	202.61.237.56
May 20, 2024 09:24:41.016110897 CEST	443	49856	135.148.53.59	192.168.2.6
May 20, 2024 09:24:41.016117096 CEST	443	49855	88.216.223.2	192.168.2.6
May 20, 2024 09:24:41.021094084 CEST	9001	49849	148.251.41.235	192.168.2.6
May 20, 2024 09:24:41.042737007 CEST	443	49744	135.148.53.59	192.168.2.6
May 20, 2024 09:24:41.042804003 CEST	49744	443	192.168.2.6	135.148.53.59
May 20, 2024 09:24:41.042804003 CEST	49744	443	192.168.2.6	135.148.53.59
May 20, 2024 09:24:41.076529980 CEST	9001	49788	45.141.57.69	192.168.2.6
May 20, 2024 09:24:41.076572895 CEST	8080	49795	51.89.17.143	192.168.2.6
May 20, 2024 09:24:41.076597929 CEST	49788	9001	192.168.2.6	45.141.57.69
May 20, 2024 09:24:41.076602936 CEST	9001	49791	84.247.164.65	192.168.2.6
May 20, 2024 09:24:41.076633930 CEST	49795	8080	192.168.2.6	51.89.17.143
May 20, 2024 09:24:41.076653004 CEST	49791	9001	192.168.2.6	84.247.164.65
May 20, 2024 09:24:41.076668978 CEST	9001	49794	37.1.204.243	192.168.2.6
May 20, 2024 09:24:41.076766968 CEST	49794	9001	192.168.2.6	37.1.204.243
May 20, 2024 09:24:41.115914106 CEST	443	49757	135.148.150.100	192.168.2.6
May 20, 2024 09:24:41.115982056 CEST	49757	443	192.168.2.6	135.148.150.100
May 20, 2024 09:24:41.115995884 CEST	49757	443	192.168.2.6	135.148.150.100
May 20, 2024 09:24:41.135489941 CEST	443	49766	147.135.16.147	192.168.2.6
May 20, 2024 09:24:41.135555029 CEST	49766	443	192.168.2.6	147.135.16.147
May 20, 2024 09:24:41.135576963 CEST	49766	443	192.168.2.6	147.135.16.147
May 20, 2024 09:24:41.176206112 CEST	443	49768	147.135.64.217	192.168.2.6
May 20, 2024 09:24:41.176282883 CEST	49768	443	192.168.2.6	147.135.64.217
May 20, 2024 09:24:41.176282883 CEST	49768	443	192.168.2.6	147.135.64.217
May 20, 2024 09:24:41.200027943 CEST	443	49786	98.115.87.163	192.168.2.6
May 20, 2024 09:24:41.200090885 CEST	49786	443	192.168.2.6	98.115.87.163
May 20, 2024 09:24:41.200120926 CEST	49786	443	192.168.2.6	98.115.87.163
May 20, 2024 09:24:41.324687958 CEST	443	49743	88.216.223.2	192.168.2.6
May 20, 2024 09:24:41.324745893 CEST	49743	443	192.168.2.6	88.216.223.2
May 20, 2024 09:24:41.324765921 CEST	49743	443	192.168.2.6	88.216.223.2
May 20, 2024 09:24:41.328165054 CEST	443	49750	162.19.252.175	192.168.2.6
May 20, 2024 09:24:41.328249931 CEST	49750	443	192.168.2.6	162.19.252.175
May 20, 2024 09:24:41.328249931 CEST	49750	443	192.168.2.6	162.19.252.175
May 20, 2024 09:24:41.368963957 CEST	443	49749	23.157.136.251	192.168.2.6
May 20, 2024 09:24:41.369034052 CEST	49749	443	192.168.2.6	23.157.136.251
May 20, 2024 09:24:41.369035006 CEST	49749	443	192.168.2.6	23.157.136.251
May 20, 2024 09:24:41.372674942 CEST	443	49741	65.109.93.180	192.168.2.6
May 20, 2024 09:24:41.372735023 CEST	49741	443	192.168.2.6	65.109.93.180
May 20, 2024 09:24:41.372735977 CEST	49741	443	192.168.2.6	65.109.93.180
May 20, 2024 09:24:41.376152039 CEST	443	49745	162.251.116.82	192.168.2.6
May 20, 2024 09:24:41.376200914 CEST	49745	443	192.168.2.6	162.251.116.82
May 20, 2024 09:24:41.376214981 CEST	49745	443	192.168.2.6	162.251.116.82
May 20, 2024 09:24:41.379534006 CEST	443	49747	95.217.199.55	192.168.2.6
May 20, 2024 09:24:41.379595041 CEST	49747	443	192.168.2.6	95.217.199.55
May 20, 2024 09:24:41.379595041 CEST	49747	443	192.168.2.6	95.217.199.55
May 20, 2024 09:24:41.417148113 CEST	46856	49830	217.194.154.18	192.168.2.6
May 20, 2024 09:24:41.417222023 CEST	49830	46856	192.168.2.6	217.194.154.18
May 20, 2024 09:24:41.417470932 CEST	9001	49849	148.251.41.235	192.168.2.6
May 20, 2024 09:24:41.417538881 CEST	49849	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:41.448429108 CEST	443	49780	46.20.35.116	192.168.2.6
May 20, 2024 09:24:41.448484898 CEST	49780	443	192.168.2.6	46.20.35.116
May 20, 2024 09:24:41.448498011 CEST	49780	443	192.168.2.6	46.20.35.116
May 20, 2024 09:24:41.480907917 CEST	443	49755	91.143.81.27	192.168.2.6
May 20, 2024 09:24:41.480979919 CEST	49755	443	192.168.2.6	91.143.81.27
May 20, 2024 09:24:41.480979919 CEST	49755	443	192.168.2.6	91.143.81.27
May 20, 2024 09:24:41.540560007 CEST	443	49806	135.148.53.59	192.168.2.6
May 20, 2024 09:24:41.540622950 CEST	49806	443	192.168.2.6	135.148.53.59
May 20, 2024 09:24:41.540661097 CEST	49806	443	192.168.2.6	135.148.53.59
May 20, 2024 09:24:41.548610926 CEST	443	49826	147.135.16.147	192.168.2.6
May 20, 2024 09:24:41.548674107 CEST	49826	443	192.168.2.6	147.135.16.147
May 20, 2024 09:24:41.548701048 CEST	49826	443	192.168.2.6	147.135.16.147
May 20, 2024 09:24:41.549455881 CEST	443	49759	5.45.98.188	192.168.2.6
May 20, 2024 09:24:41.549523115 CEST	49759	443	192.168.2.6	5.45.98.188
May 20, 2024 09:24:41.549523115 CEST	49759	443	192.168.2.6	5.45.98.188
May 20, 2024 09:24:41.552409887 CEST	443	49817	135.148.150.100	192.168.2.6
May 20, 2024 09:24:41.552475929 CEST	49817	443	192.168.2.6	135.148.150.100
May 20, 2024 09:24:41.552475929 CEST	49817	443	192.168.2.6	135.148.150.100
May 20, 2024 09:24:41.562334061 CEST	443	49832	147.135.64.217	192.168.2.6
May 20, 2024 09:24:41.562414885 CEST	49832	443	192.168.2.6	147.135.64.217
May 20, 2024 09:24:41.562414885 CEST	49832	443	192.168.2.6	147.135.64.217
May 20, 2024 09:24:41.638828993 CEST	443	49762	83.212.72.189	192.168.2.6
May 20, 2024 09:24:41.638914108 CEST	49762	443	192.168.2.6	83.212.72.189
May 20, 2024 09:24:41.638932943 CEST	49762	443	192.168.2.6	83.212.72.189
May 20, 2024 09:24:41.642127991 CEST	443	49774	176.107.176.31	192.168.2.6
May 20, 2024 09:24:41.642196894 CEST	49774	443	192.168.2.6	176.107.176.31
May 20, 2024 09:24:41.642196894 CEST	49774	443	192.168.2.6	176.107.176.31
May 20, 2024 09:24:41.643776894 CEST	443	49807	162.251.116.82	192.168.2.6
May 20, 2024 09:24:41.643858910 CEST	49807	443	192.168.2.6	162.251.116.82
May 20, 2024 09:24:41.643858910 CEST	49807	443	192.168.2.6	162.251.116.82
May 20, 2024 09:24:41.661570072 CEST	443	49856	135.148.53.59	192.168.2.6
May 20, 2024 09:24:41.661640882 CEST	49856	443	192.168.2.6	135.148.53.59
May 20, 2024 09:24:41.661640882 CEST	49856	443	192.168.2.6	135.148.53.59
May 20, 2024 09:24:41.694401979 CEST	443	49796	51.81.93.39	192.168.2.6
May 20, 2024 09:24:41.694459915 CEST	49796	443	192.168.2.6	51.81.93.39
May 20, 2024 09:24:41.694459915 CEST	49796	443	192.168.2.6	51.81.93.39
May 20, 2024 09:24:41.720015049 CEST	443	49793	142.44.247.102	192.168.2.6
May 20, 2024 09:24:41.720076084 CEST	49793	443	192.168.2.6	142.44.247.102
May 20, 2024 09:24:41.720076084 CEST	49793	443	192.168.2.6	142.44.247.102
May 20, 2024 09:24:41.759463072 CEST	443	49805	88.216.223.2	192.168.2.6
May 20, 2024 09:24:41.759637117 CEST	443	49805	88.216.223.2	192.168.2.6
May 20, 2024 09:24:41.759660959 CEST	49805	443	192.168.2.6	88.216.223.2
May 20, 2024 09:24:41.759660959 CEST	49805	443	192.168.2.6	88.216.223.2
May 20, 2024 09:24:41.759918928 CEST	49805	443	192.168.2.6	88.216.223.2
May 20, 2024 09:24:41.785835028 CEST	443	49812	162.19.252.175	192.168.2.6
May 20, 2024 09:24:41.785897017 CEST	49812	443	192.168.2.6	162.19.252.175
May 20, 2024 09:24:41.785897017 CEST	49812	443	192.168.2.6	162.19.252.175
May 20, 2024 09:24:41.792782068 CEST	443	49797	62.210.123.24	192.168.2.6
May 20, 2024 09:24:41.792845964 CEST	49797	443	192.168.2.6	62.210.123.24
May 20, 2024 09:24:41.792845964 CEST	49797	443	192.168.2.6	62.210.123.24
May 20, 2024 09:24:41.798146009 CEST	443	49847	23.92.34.123	192.168.2.6
May 20, 2024 09:24:41.798218966 CEST	49847	443	192.168.2.6	23.92.34.123
May 20, 2024 09:24:41.798218966 CEST	49847	443	192.168.2.6	23.92.34.123
May 20, 2024 09:24:41.799556017 CEST	443	49841	46.20.35.116	192.168.2.6
May 20, 2024 09:24:41.799623013 CEST	49841	443	192.168.2.6	46.20.35.116
May 20, 2024 09:24:41.799623966 CEST	49841	443	192.168.2.6	46.20.35.116
May 20, 2024 09:24:41.801136017 CEST	443	49789	23.92.34.123	192.168.2.6
May 20, 2024 09:24:41.801193953 CEST	49789	443	192.168.2.6	23.92.34.123
May 20, 2024 09:24:41.801193953 CEST	49789	443	192.168.2.6	23.92.34.123
May 20, 2024 09:24:41.822333097 CEST	443	49803	65.109.93.180	192.168.2.6
May 20, 2024 09:24:41.822391987 CEST	49803	443	192.168.2.6	65.109.93.180
May 20, 2024 09:24:41.822458029 CEST	49803	443	192.168.2.6	65.109.93.180
May 20, 2024 09:24:41.830662966 CEST	443	49857	162.251.116.82	192.168.2.6
May 20, 2024 09:24:41.830795050 CEST	49857	443	192.168.2.6	162.251.116.82
May 20, 2024 09:24:41.833226919 CEST	443	49828	91.143.81.27	192.168.2.6
May 20, 2024 09:24:41.833292961 CEST	49828	443	192.168.2.6	91.143.81.27
May 20, 2024 09:24:41.833292961 CEST	49828	443	192.168.2.6	91.143.81.27
May 20, 2024 09:24:41.835869074 CEST	49857	443	192.168.2.6	162.251.116.82
May 20, 2024 09:24:41.835895061 CEST	443	49857	162.251.116.82	192.168.2.6
May 20, 2024 09:24:41.836272955 CEST	443	49857	162.251.116.82	192.168.2.6
May 20, 2024 09:24:41.841413021 CEST	443	49809	95.217.199.55	192.168.2.6
May 20, 2024 09:24:41.841526031 CEST	49809	443	192.168.2.6	95.217.199.55
May 20, 2024 09:24:41.841526031 CEST	49809	443	192.168.2.6	95.217.199.55
May 20, 2024 09:24:41.849407911 CEST	443	49819	5.45.98.188	192.168.2.6
May 20, 2024 09:24:41.849510908 CEST	49819	443	192.168.2.6	5.45.98.188
May 20, 2024 09:24:41.849510908 CEST	49819	443	192.168.2.6	5.45.98.188
May 20, 2024 09:24:41.851787090 CEST	443	49855	88.216.223.2	192.168.2.6
May 20, 2024 09:24:41.851875067 CEST	49855	443	192.168.2.6	88.216.223.2
May 20, 2024 09:24:41.851875067 CEST	49855	443	192.168.2.6	88.216.223.2
May 20, 2024 09:24:41.866657972 CEST	49867	443	192.168.2.6	193.23.244.244
May 20, 2024 09:24:41.866657972 CEST	49866	443	192.168.2.6	23.92.34.123
May 20, 2024 09:24:41.866718054 CEST	49850	1234	192.168.2.6	195.201.199.223
May 20, 2024 09:24:41.866885900 CEST	49859	443	192.168.2.6	95.217.199.55
May 20, 2024 09:24:41.867058992 CEST	49853	443	192.168.2.6	65.109.93.180
May 20, 2024 09:24:41.867157936 CEST	49857	443	192.168.2.6	162.251.116.82
May 20, 2024 09:24:41.868218899 CEST	49868	9101	192.168.2.6	128.31.0.39
May 20, 2024 09:24:41.868403912 CEST	49869	443	192.168.2.6	38.154.240.58
May 20, 2024 09:24:41.868439913 CEST	443	49869	38.154.240.58	192.168.2.6
May 20, 2024 09:24:41.868547916 CEST	49869	443	192.168.2.6	38.154.240.58
May 20, 2024 09:24:41.868664980 CEST	49870	443	192.168.2.6	204.13.164.118
May 20, 2024 09:24:41.868674040 CEST	443	49870	204.13.164.118	192.168.2.6
May 20, 2024 09:24:41.868722916 CEST	49870	443	192.168.2.6	204.13.164.118
May 20, 2024 09:24:41.868942976 CEST	49870	443	192.168.2.6	204.13.164.118
May 20, 2024 09:24:41.868942976 CEST	49869	443	192.168.2.6	38.154.240.58
May 20, 2024 09:24:41.868952990 CEST	443	49870	204.13.164.118	192.168.2.6
May 20, 2024 09:24:41.868971109 CEST	443	49869	38.154.240.58	192.168.2.6
May 20, 2024 09:24:41.879502058 CEST	9101	49868	128.31.0.39	192.168.2.6
May 20, 2024 09:24:41.879539013 CEST	1234	49850	195.201.199.223	192.168.2.6
May 20, 2024 09:24:41.879631996 CEST	49850	1234	192.168.2.6	195.201.199.223
May 20, 2024 09:24:41.879719973 CEST	49868	9101	192.168.2.6	128.31.0.39
May 20, 2024 09:24:41.880367994 CEST	49871	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:41.880371094 CEST	49868	9101	192.168.2.6	128.31.0.39
May 20, 2024 09:24:41.880585909 CEST	49872	80	192.168.2.6	171.25.193.9
May 20, 2024 09:24:41.893954039 CEST	9101	49868	128.31.0.39	192.168.2.6
May 20, 2024 09:24:41.893985987 CEST	9001	49871	148.251.41.235	192.168.2.6
May 20, 2024 09:24:41.894016981 CEST	80	49872	171.25.193.9	192.168.2.6
May 20, 2024 09:24:41.894095898 CEST	49872	80	192.168.2.6	171.25.193.9
May 20, 2024 09:24:41.894115925 CEST	49871	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:41.894370079 CEST	49871	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:41.896174908 CEST	49872	80	192.168.2.6	171.25.193.9
May 20, 2024 09:24:41.908888102 CEST	9001	49871	148.251.41.235	192.168.2.6
May 20, 2024 09:24:41.908919096 CEST	80	49872	171.25.193.9	192.168.2.6
May 20, 2024 09:24:41.909287930 CEST	443	49859	95.217.199.55	192.168.2.6
May 20, 2024 09:24:41.909359932 CEST	49859	443	192.168.2.6	95.217.199.55
May 20, 2024 09:24:41.909359932 CEST	49859	443	192.168.2.6	95.217.199.55
May 20, 2024 09:24:41.912117004 CEST	443	49853	65.109.93.180	192.168.2.6
May 20, 2024 09:24:41.912134886 CEST	443	49866	23.92.34.123	192.168.2.6
May 20, 2024 09:24:41.912146091 CEST	443	49867	193.23.244.244	192.168.2.6
May 20, 2024 09:24:41.916555882 CEST	443	49867	193.23.244.244	192.168.2.6
May 20, 2024 09:24:41.916661024 CEST	49867	443	192.168.2.6	193.23.244.244
May 20, 2024 09:24:41.916661024 CEST	49867	443	192.168.2.6	193.23.244.244
May 20, 2024 09:24:41.921483040 CEST	443	49835	176.107.176.31	192.168.2.6
May 20, 2024 09:24:41.921572924 CEST	49835	443	192.168.2.6	176.107.176.31
May 20, 2024 09:24:41.921572924 CEST	49835	443	192.168.2.6	176.107.176.31
May 20, 2024 09:24:41.921588898 CEST	443	49835	176.107.176.31	192.168.2.6
May 20, 2024 09:24:41.921654940 CEST	49835	443	192.168.2.6	176.107.176.31
May 20, 2024 09:24:41.924840927 CEST	443	49811	23.157.136.251	192.168.2.6
May 20, 2024 09:24:41.924946070 CEST	49811	443	192.168.2.6	23.157.136.251
May 20, 2024 09:24:41.924946070 CEST	49811	443	192.168.2.6	23.157.136.251
May 20, 2024 09:24:41.940148115 CEST	443	49866	23.92.34.123	192.168.2.6
May 20, 2024 09:24:41.940227032 CEST	49866	443	192.168.2.6	23.92.34.123
May 20, 2024 09:24:41.940227032 CEST	49866	443	192.168.2.6	23.92.34.123
May 20, 2024 09:24:41.988797903 CEST	443	49853	65.109.93.180	192.168.2.6
May 20, 2024 09:24:41.988933086 CEST	49853	443	192.168.2.6	65.109.93.180
May 20, 2024 09:24:41.988933086 CEST	49853	443	192.168.2.6	65.109.93.180
May 20, 2024 09:24:41.988944054 CEST	443	49853	65.109.93.180	192.168.2.6
May 20, 2024 09:24:41.989165068 CEST	49853	443	192.168.2.6	65.109.93.180
May 20, 2024 09:24:42.134526014 CEST	443	49822	83.212.72.189	192.168.2.6
May 20, 2024 09:24:42.134649038 CEST	443	49822	83.212.72.189	192.168.2.6
May 20, 2024 09:24:42.134670019 CEST	49822	443	192.168.2.6	83.212.72.189
May 20, 2024 09:24:42.134670973 CEST	49822	443	192.168.2.6	83.212.72.189
May 20, 2024 09:24:42.134743929 CEST	49822	443	192.168.2.6	83.212.72.189
May 20, 2024 09:24:42.190675020 CEST	443	49736	23.92.34.123	192.168.2.6
May 20, 2024 09:24:42.190756083 CEST	49736	443	192.168.2.6	23.92.34.123
May 20, 2024 09:24:42.190756083 CEST	49736	443	192.168.2.6	23.92.34.123
May 20, 2024 09:24:42.281590939 CEST	49868	9101	192.168.2.6	128.31.0.39
May 20, 2024 09:24:42.281692028 CEST	49869	443	192.168.2.6	38.154.240.58
May 20, 2024 09:24:42.281747103 CEST	49870	443	192.168.2.6	204.13.164.118
May 20, 2024 09:24:42.281817913 CEST	49871	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:42.281960964 CEST	49872	80	192.168.2.6	171.25.193.9
May 20, 2024 09:24:42.282378912 CEST	49873	443	192.168.2.6	199.58.81.140
May 20, 2024 09:24:42.282413960 CEST	443	49873	199.58.81.140	192.168.2.6
May 20, 2024 09:24:42.282577038 CEST	49873	443	192.168.2.6	199.58.81.140
May 20, 2024 09:24:42.297307968 CEST	49873	443	192.168.2.6	199.58.81.140
May 20, 2024 09:24:42.297348976 CEST	443	49873	199.58.81.140	192.168.2.6
May 20, 2024 09:24:42.298000097 CEST	49874	443	192.168.2.6	86.59.21.38
May 20, 2024 09:24:42.298041105 CEST	443	49874	86.59.21.38	192.168.2.6
May 20, 2024 09:24:42.298173904 CEST	49875	1234	192.168.2.6	195.201.199.223
May 20, 2024 09:24:42.298222065 CEST	49874	443	192.168.2.6	86.59.21.38
May 20, 2024 09:24:42.298404932 CEST	49874	443	192.168.2.6	86.59.21.38
May 20, 2024 09:24:42.298424006 CEST	443	49874	86.59.21.38	192.168.2.6
May 20, 2024 09:24:42.307615995 CEST	1234	49875	195.201.199.223	192.168.2.6
May 20, 2024 09:24:42.307790041 CEST	49875	1234	192.168.2.6	195.201.199.223
May 20, 2024 09:24:42.307948112 CEST	49875	1234	192.168.2.6	195.201.199.223
May 20, 2024 09:24:42.308728933 CEST	49876	666	192.168.2.6	192.99.228.114
May 20, 2024 09:24:42.321728945 CEST	1234	49875	195.201.199.223	192.168.2.6
May 20, 2024 09:24:42.321764946 CEST	666	49876	192.99.228.114	192.168.2.6
May 20, 2024 09:24:42.321923971 CEST	49876	666	192.168.2.6	192.99.228.114
May 20, 2024 09:24:42.322206974 CEST	49876	666	192.168.2.6	192.99.228.114
May 20, 2024 09:24:42.322218895 CEST	49873	443	192.168.2.6	199.58.81.140
May 20, 2024 09:24:42.322684050 CEST	49877	9001	192.168.2.6	51.210.103.252
May 20, 2024 09:24:42.328110933 CEST	443	49870	204.13.164.118	192.168.2.6
May 20, 2024 09:24:42.328126907 CEST	443	49869	38.154.240.58	192.168.2.6
May 20, 2024 09:24:42.331479073 CEST	9101	49868	128.31.0.39	192.168.2.6
May 20, 2024 09:24:42.368117094 CEST	443	49873	199.58.81.140	192.168.2.6
May 20, 2024 09:24:42.378838062 CEST	666	49876	192.99.228.114	192.168.2.6
May 20, 2024 09:24:42.378856897 CEST	9001	49877	51.210.103.252	192.168.2.6
May 20, 2024 09:24:42.378873110 CEST	80	49872	171.25.193.9	192.168.2.6
May 20, 2024 09:24:42.378915071 CEST	9001	49871	148.251.41.235	192.168.2.6
May 20, 2024 09:24:42.378932953 CEST	49877	9001	192.168.2.6	51.210.103.252
May 20, 2024 09:24:42.379040003 CEST	9001	49871	148.251.41.235	192.168.2.6
May 20, 2024 09:24:42.379070044 CEST	80	49872	171.25.193.9	192.168.2.6
May 20, 2024 09:24:42.379120111 CEST	49871	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:42.379132986 CEST	49872	80	192.168.2.6	171.25.193.9
May 20, 2024 09:24:42.379241943 CEST	49877	9001	192.168.2.6	51.210.103.252
May 20, 2024 09:24:42.393923998 CEST	49876	666	192.168.2.6	192.99.228.114
May 20, 2024 09:24:42.393929958 CEST	49874	443	192.168.2.6	86.59.21.38
May 20, 2024 09:24:42.394160032 CEST	49875	1234	192.168.2.6	195.201.199.223
May 20, 2024 09:24:42.394470930 CEST	49878	443	192.168.2.6	131.188.40.189
May 20, 2024 09:24:42.394474030 CEST	49879	443	192.168.2.6	65.109.93.180
May 20, 2024 09:24:42.394494057 CEST	443	49878	131.188.40.189	192.168.2.6
May 20, 2024 09:24:42.394495010 CEST	443	49879	65.109.93.180	192.168.2.6
May 20, 2024 09:24:42.394558907 CEST	49879	443	192.168.2.6	65.109.93.180
May 20, 2024 09:24:42.394597054 CEST	49878	443	192.168.2.6	131.188.40.189
May 20, 2024 09:24:42.394777060 CEST	49878	443	192.168.2.6	131.188.40.189
May 20, 2024 09:24:42.394792080 CEST	443	49878	131.188.40.189	192.168.2.6
May 20, 2024 09:24:42.394902945 CEST	49879	443	192.168.2.6	65.109.93.180
May 20, 2024 09:24:42.394918919 CEST	443	49879	65.109.93.180	192.168.2.6
May 20, 2024 09:24:42.405890942 CEST	443	49787	77.162.229.73	192.168.2.6
May 20, 2024 09:24:42.405987978 CEST	49787	443	192.168.2.6	77.162.229.73
May 20, 2024 09:24:42.405987978 CEST	49787	443	192.168.2.6	77.162.229.73
May 20, 2024 09:24:42.440129042 CEST	443	49874	86.59.21.38	192.168.2.6
May 20, 2024 09:24:42.485014915 CEST	9001	49877	51.210.103.252	192.168.2.6
May 20, 2024 09:24:42.485264063 CEST	1234	49875	195.201.199.223	192.168.2.6
May 20, 2024 09:24:42.485279083 CEST	666	49876	192.99.228.114	192.168.2.6
May 20, 2024 09:24:42.684730053 CEST	443	49870	204.13.164.118	192.168.2.6
May 20, 2024 09:24:42.684865952 CEST	443	49870	204.13.164.118	192.168.2.6
May 20, 2024 09:24:42.684900045 CEST	49870	443	192.168.2.6	204.13.164.118
May 20, 2024 09:24:42.684900045 CEST	49870	443	192.168.2.6	204.13.164.118
May 20, 2024 09:24:42.685000896 CEST	49870	443	192.168.2.6	204.13.164.118
May 20, 2024 09:24:42.725584030 CEST	666	49876	192.99.228.114	192.168.2.6
May 20, 2024 09:24:42.725709915 CEST	49876	666	192.168.2.6	192.99.228.114
May 20, 2024 09:24:42.788964033 CEST	1234	49875	195.201.199.223	192.168.2.6
May 20, 2024 09:24:42.789030075 CEST	49875	1234	192.168.2.6	195.201.199.223
May 20, 2024 09:24:42.995645046 CEST	443	49873	199.58.81.140	192.168.2.6
May 20, 2024 09:24:42.995732069 CEST	49873	443	192.168.2.6	199.58.81.140
May 20, 2024 09:24:42.995732069 CEST	49873	443	192.168.2.6	199.58.81.140
May 20, 2024 09:24:43.061764002 CEST	9001	49877	51.210.103.252	192.168.2.6
May 20, 2024 09:24:43.065510988 CEST	49877	9001	192.168.2.6	51.210.103.252
May 20, 2024 09:24:43.070502996 CEST	9001	49877	51.210.103.252	192.168.2.6
May 20, 2024 09:24:43.102879047 CEST	49877	9001	192.168.2.6	51.210.103.252
May 20, 2024 09:24:43.102966070 CEST	49878	443	192.168.2.6	131.188.40.189
May 20, 2024 09:24:43.103079081 CEST	49879	443	192.168.2.6	65.109.93.180
May 20, 2024 09:24:43.103432894 CEST	49880	443	192.168.2.6	38.154.240.58
May 20, 2024 09:24:43.103511095 CEST	443	49880	38.154.240.58	192.168.2.6
May 20, 2024 09:24:43.103586912 CEST	49880	443	192.168.2.6	38.154.240.58
May 20, 2024 09:24:43.104120970 CEST	49881	443	192.168.2.6	86.59.21.38
May 20, 2024 09:24:43.104145050 CEST	443	49881	86.59.21.38	192.168.2.6
May 20, 2024 09:24:43.104255915 CEST	49881	443	192.168.2.6	86.59.21.38
May 20, 2024 09:24:43.104465961 CEST	49880	443	192.168.2.6	38.154.240.58
May 20, 2024 09:24:43.104499102 CEST	443	49880	38.154.240.58	192.168.2.6
May 20, 2024 09:24:43.104536057 CEST	49881	443	192.168.2.6	86.59.21.38
May 20, 2024 09:24:43.104546070 CEST	443	49881	86.59.21.38	192.168.2.6
May 20, 2024 09:24:43.112504959 CEST	9001	49877	51.210.103.252	192.168.2.6
May 20, 2024 09:24:43.112576962 CEST	49877	9001	192.168.2.6	51.210.103.252
May 20, 2024 09:24:43.148124933 CEST	443	49879	65.109.93.180	192.168.2.6
May 20, 2024 09:24:43.148154020 CEST	443	49878	131.188.40.189	192.168.2.6
May 20, 2024 09:24:43.498018980 CEST	443	49879	65.109.93.180	192.168.2.6
May 20, 2024 09:24:43.498111963 CEST	49879	443	192.168.2.6	65.109.93.180
May 20, 2024 09:24:43.498111963 CEST	49879	443	192.168.2.6	65.109.93.180
May 20, 2024 09:24:43.589256048 CEST	49881	443	192.168.2.6	86.59.21.38
May 20, 2024 09:24:43.589406013 CEST	49880	443	192.168.2.6	38.154.240.58
May 20, 2024 09:24:43.589770079 CEST	49882	80	192.168.2.6	171.25.193.9
May 20, 2024 09:24:43.594810009 CEST	80	49882	171.25.193.9	192.168.2.6
May 20, 2024 09:24:43.594877958 CEST	49882	80	192.168.2.6	171.25.193.9
May 20, 2024 09:24:43.595035076 CEST	49882	80	192.168.2.6	171.25.193.9
May 20, 2024 09:24:43.604557991 CEST	80	49882	171.25.193.9	192.168.2.6
May 20, 2024 09:24:43.632157087 CEST	443	49880	38.154.240.58	192.168.2.6
May 20, 2024 09:24:43.636112928 CEST	443	49881	86.59.21.38	192.168.2.6
May 20, 2024 09:24:44.189230919 CEST	443	49874	86.59.21.38	192.168.2.6
May 20, 2024 09:24:44.189325094 CEST	49874	443	192.168.2.6	86.59.21.38
May 20, 2024 09:24:44.333172083 CEST	80	49882	171.25.193.9	192.168.2.6
May 20, 2024 09:24:44.336397886 CEST	49882	80	192.168.2.6	171.25.193.9
May 20, 2024 09:24:44.355427027 CEST	49882	80	192.168.2.6	171.25.193.9
May 20, 2024 09:24:44.355987072 CEST	443	49878	131.188.40.189	192.168.2.6
May 20, 2024 09:24:44.356048107 CEST	49878	443	192.168.2.6	131.188.40.189
May 20, 2024 09:24:44.356085062 CEST	49878	443	192.168.2.6	131.188.40.189
May 20, 2024 09:24:44.356282949 CEST	49883	443	192.168.2.6	154.35.175.225
May 20, 2024 09:24:44.356369019 CEST	443	49883	154.35.175.225	192.168.2.6
May 20, 2024 09:24:44.356440067 CEST	49883	443	192.168.2.6	154.35.175.225
May 20, 2024 09:24:44.356647968 CEST	49884	443	192.168.2.6	38.154.240.58
May 20, 2024 09:24:44.356724977 CEST	443	49884	38.154.240.58	192.168.2.6
May 20, 2024 09:24:44.356808901 CEST	49884	443	192.168.2.6	38.154.240.58
May 20, 2024 09:24:44.356897116 CEST	49883	443	192.168.2.6	154.35.175.225
May 20, 2024 09:24:44.356929064 CEST	443	49883	154.35.175.225	192.168.2.6
May 20, 2024 09:24:44.357016087 CEST	49884	443	192.168.2.6	38.154.240.58
May 20, 2024 09:24:44.357037067 CEST	443	49884	38.154.240.58	192.168.2.6
May 20, 2024 09:24:44.436935902 CEST	80	49882	171.25.193.9	192.168.2.6
May 20, 2024 09:24:44.437103987 CEST	80	49882	171.25.193.9	192.168.2.6
May 20, 2024 09:24:44.437351942 CEST	49882	80	192.168.2.6	171.25.193.9
May 20, 2024 09:24:44.547152996 CEST	49884	443	192.168.2.6	38.154.240.58
May 20, 2024 09:24:44.547302008 CEST	49883	443	192.168.2.6	154.35.175.225
May 20, 2024 09:24:44.547693968 CEST	49885	443	192.168.2.6	131.188.40.189
May 20, 2024 09:24:44.547760963 CEST	443	49885	131.188.40.189	192.168.2.6
May 20, 2024 09:24:44.547893047 CEST	49885	443	192.168.2.6	131.188.40.189
May 20, 2024 09:24:44.548054934 CEST	49885	443	192.168.2.6	131.188.40.189
May 20, 2024 09:24:44.548089981 CEST	443	49885	131.188.40.189	192.168.2.6
May 20, 2024 09:24:44.588139057 CEST	443	49883	154.35.175.225	192.168.2.6
May 20, 2024 09:24:44.592117071 CEST	443	49884	38.154.240.58	192.168.2.6
May 20, 2024 09:24:44.656491041 CEST	49885	443	192.168.2.6	131.188.40.189
May 20, 2024 09:24:44.656802893 CEST	49886	443	192.168.2.6	204.13.164.118
May 20, 2024 09:24:44.656845093 CEST	443	49886	204.13.164.118	192.168.2.6
May 20, 2024 09:24:44.656970978 CEST	49886	443	192.168.2.6	204.13.164.118
May 20, 2024 09:24:44.657098055 CEST	49886	443	192.168.2.6	204.13.164.118
May 20, 2024 09:24:44.657107115 CEST	443	49886	204.13.164.118	192.168.2.6
May 20, 2024 09:24:44.704119921 CEST	443	49885	131.188.40.189	192.168.2.6
May 20, 2024 09:24:44.876856089 CEST	49886	443	192.168.2.6	204.13.164.118
May 20, 2024 09:24:44.877232075 CEST	49887	443	192.168.2.6	45.66.35.11
May 20, 2024 09:24:44.877322912 CEST	443	49887	45.66.35.11	192.168.2.6
May 20, 2024 09:24:44.877403975 CEST	49887	443	192.168.2.6	45.66.35.11
May 20, 2024 09:24:44.877458096 CEST	49888	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:44.877664089 CEST	49887	443	192.168.2.6	45.66.35.11
May 20, 2024 09:24:44.877690077 CEST	443	49887	45.66.35.11	192.168.2.6
May 20, 2024 09:24:44.882541895 CEST	9001	49888	148.251.41.235	192.168.2.6
May 20, 2024 09:24:44.882617950 CEST	49888	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:44.882755995 CEST	49888	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:44.924112082 CEST	443	49886	204.13.164.118	192.168.2.6
May 20, 2024 09:24:44.933588028 CEST	9001	49888	148.251.41.235	192.168.2.6
May 20, 2024 09:24:44.985441923 CEST	443	49881	86.59.21.38	192.168.2.6
May 20, 2024 09:24:44.985506058 CEST	49881	443	192.168.2.6	86.59.21.38
May 20, 2024 09:24:45.487186909 CEST	443	49885	131.188.40.189	192.168.2.6
May 20, 2024 09:24:45.487272978 CEST	49885	443	192.168.2.6	131.188.40.189
May 20, 2024 09:24:45.487272978 CEST	49885	443	192.168.2.6	131.188.40.189
May 20, 2024 09:24:45.550103903 CEST	443	49886	204.13.164.118	192.168.2.6
May 20, 2024 09:24:45.550180912 CEST	49886	443	192.168.2.6	204.13.164.118
May 20, 2024 09:24:45.550180912 CEST	49886	443	192.168.2.6	204.13.164.118
May 20, 2024 09:24:45.905690908 CEST	49888	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:45.905788898 CEST	49887	443	192.168.2.6	45.66.35.11
May 20, 2024 09:24:45.906809092 CEST	49889	443	192.168.2.6	199.58.81.140
May 20, 2024 09:24:45.906846046 CEST	443	49889	199.58.81.140	192.168.2.6
May 20, 2024 09:24:45.907047033 CEST	49889	443	192.168.2.6	199.58.81.140
May 20, 2024 09:24:45.907216072 CEST	49889	443	192.168.2.6	199.58.81.140
May 20, 2024 09:24:45.907231092 CEST	443	49889	199.58.81.140	192.168.2.6
May 20, 2024 09:24:45.911469936 CEST	9001	49888	148.251.41.235	192.168.2.6
May 20, 2024 09:24:45.914170980 CEST	49888	9001	192.168.2.6	148.251.41.235
May 20, 2024 09:24:45.948158979 CEST	443	49887	45.66.35.11	192.168.2.6
May 20, 2024 09:24:46.099668980 CEST	443	49887	45.66.35.11	192.168.2.6
May 20, 2024 09:24:46.099786997 CEST	49887	443	192.168.2.6	45.66.35.11
May 20, 2024 09:24:46.099786997 CEST	49887	443	192.168.2.6	45.66.35.11
May 20, 2024 09:24:46.621885061 CEST	443	49889	199.58.81.140	192.168.2.6
May 20, 2024 09:24:46.622184038 CEST	49889	443	192.168.2.6	199.58.81.140
May 20, 2024 09:24:46.626499891 CEST	49889	443	192.168.2.6	199.58.81.140
May 20, 2024 09:24:46.626507998 CEST	443	49889	199.58.81.140	192.168.2.6
May 20, 2024 09:24:46.626903057 CEST	443	49889	199.58.81.140	192.168.2.6
May 20, 2024 09:24:46.640017986 CEST	49889	443	192.168.2.6	199.58.81.140
May 20, 2024 09:24:46.640017033 CEST	49891	443	192.168.2.6	38.154.240.58
May 20, 2024 09:24:46.640069962 CEST	443	49891	38.154.240.58	192.168.2.6
May 20, 2024 09:24:46.640199900 CEST	49891	443	192.168.2.6	38.154.240.58
May 20, 2024 09:24:46.640425920 CEST	49891	443	192.168.2.6	38.154.240.58
May 20, 2024 09:24:46.640443087 CEST	443	49891	38.154.240.58	192.168.2.6
May 20, 2024 09:24:47.371471882 CEST	49891	443	192.168.2.6	38.154.240.58
May 20, 2024 09:24:47.371525049 CEST	49892	443	192.168.2.6	193.23.244.244
May 20, 2024 09:24:47.371583939 CEST	443	49892	193.23.244.244	192.168.2.6
May 20, 2024 09:24:47.371637106 CEST	49892	443	192.168.2.6	193.23.244.244
May 20, 2024 09:24:47.371862888 CEST	49892	443	192.168.2.6	193.23.244.244
May 20, 2024 09:24:47.371876001 CEST	443	49892	193.23.244.244	192.168.2.6
May 20, 2024 09:24:47.416114092 CEST	443	49891	38.154.240.58	192.168.2.6
May 20, 2024 09:24:47.969881058 CEST	49892	443	192.168.2.6	193.23.244.244
May 20, 2024 09:24:48.012140036 CEST	443	49892	193.23.244.244	192.168.2.6
May 20, 2024 09:24:48.371498108 CEST	443	49892	193.23.244.244	192.168.2.6
May 20, 2024 09:24:48.371671915 CEST	443	49892	193.23.244.244	192.168.2.6
May 20, 2024 09:24:48.371722937 CEST	49892	443	192.168.2.6	193.23.244.244
May 20, 2024 09:24:48.371722937 CEST	49892	443	192.168.2.6	193.23.244.244
May 20, 2024 09:24:48.371805906 CEST	49892	443	192.168.2.6	193.23.244.244
May 20, 2024 09:24:48.865205050 CEST	9001	49769	193.105.134.186	192.168.2.6
May 20, 2024 09:24:48.865398884 CEST	49769	9001	192.168.2.6	193.105.134.186
May 20, 2024 09:24:48.972517014 CEST	9001	49792	5.255.109.214	192.168.2.6
May 20, 2024 09:24:48.972682953 CEST	49792	9001	192.168.2.6	5.255.109.214
May 20, 2024 09:24:48.977822065 CEST	443	49778	147.135.31.134	192.168.2.6
May 20, 2024 09:24:48.977916956 CEST	49778	443	192.168.2.6	147.135.31.134
May 20, 2024 09:24:49.314605951 CEST	443	49846	178.254.31.125	192.168.2.6
May 20, 2024 09:24:49.314640999 CEST	443	49839	147.135.31.134	192.168.2.6
May 20, 2024 09:24:49.314685106 CEST	49846	443	192.168.2.6	178.254.31.125
May 20, 2024 09:24:49.314822912 CEST	49839	443	192.168.2.6	147.135.31.134
May 20, 2024 09:24:49.615992069 CEST	49893	9101	192.168.2.6	128.31.0.39
May 20, 2024 09:24:49.621323109 CEST	9101	49893	128.31.0.39	192.168.2.6
May 20, 2024 09:24:49.621416092 CEST	49893	9101	192.168.2.6	128.31.0.39
May 20, 2024 09:24:49.621582031 CEST	49893	9101	192.168.2.6	128.31.0.39
May 20, 2024 09:24:49.705116987 CEST	9101	49893	128.31.0.39	192.168.2.6
May 20, 2024 09:24:50.253393888 CEST	9101	49868	128.31.0.39	192.168.2.6
May 20, 2024 09:24:50.253880024 CEST	49868	9101	192.168.2.6	128.31.0.39
May 20, 2024 09:24:50.640079021 CEST	49893	9101	192.168.2.6	128.31.0.39
May 20, 2024 09:24:50.640089035 CEST	49894	443	192.168.2.6	38.154.240.58
May 20, 2024 09:24:50.640196085 CEST	443	49894	38.154.240.58	192.168.2.6
May 20, 2024 09:24:50.640553951 CEST	49894	443	192.168.2.6	38.154.240.58
May 20, 2024 09:24:50.640553951 CEST	49894	443	192.168.2.6	38.154.240.58
May 20, 2024 09:24:50.640650034 CEST	443	49894	38.154.240.58	192.168.2.6
May 20, 2024 09:24:50.688035965 CEST	9101	49893	128.31.0.39	192.168.2.6
May 20, 2024 09:24:51.645179987 CEST	49894	443	192.168.2.6	38.154.240.58
May 20, 2024 09:24:51.692114115 CEST	443	49894	38.154.240.58	192.168.2.6
May 20, 2024 09:24:52.675854921 CEST	49895	9101	192.168.2.6	128.31.0.39
May 20, 2024 09:24:52.680974007 CEST	9101	49895	128.31.0.39	192.168.2.6
May 20, 2024 09:24:52.683955908 CEST	49895	9101	192.168.2.6	128.31.0.39
May 20, 2024 09:24:52.684115887 CEST	49895	9101	192.168.2.6	128.31.0.39
May 20, 2024 09:24:52.773056984 CEST	9101	49895	128.31.0.39	192.168.2.6
May 20, 2024 09:24:52.861454010 CEST	443	49883	154.35.175.225	192.168.2.6
May 20, 2024 09:24:52.861557961 CEST	49883	443	192.168.2.6	154.35.175.225
May 20, 2024 09:24:53.078458071 CEST	49895	9101	192.168.2.6	128.31.0.39
May 20, 2024 09:24:53.124165058 CEST	9101	49895	128.31.0.39	192.168.2.6
May 20, 2024 09:24:56.198560953 CEST	49896	443	192.168.2.6	131.188.40.189
May 20, 2024 09:24:56.198612928 CEST	443	49896	131.188.40.189	192.168.2.6
May 20, 2024 09:24:56.198962927 CEST	49896	443	192.168.2.6	131.188.40.189
May 20, 2024 09:24:56.199197054 CEST	49896	443	192.168.2.6	131.188.40.189
May 20, 2024 09:24:56.199214935 CEST	443	49896	131.188.40.189	192.168.2.6
May 20, 2024 09:24:57.111399889 CEST	443	49896	131.188.40.189	192.168.2.6
May 20, 2024 09:24:57.111463070 CEST	49896	443	192.168.2.6	131.188.40.189
May 20, 2024 09:24:57.117523909 CEST	49896	443	192.168.2.6	131.188.40.189
May 20, 2024 09:24:57.117533922 CEST	443	49896	131.188.40.189	192.168.2.6
May 20, 2024 09:24:57.117686987 CEST	49896	443	192.168.2.6	131.188.40.189
May 20, 2024 09:24:57.117928028 CEST	443	49896	131.188.40.189	192.168.2.6
May 20, 2024 09:24:57.117985010 CEST	49896	443	192.168.2.6	131.188.40.189
May 20, 2024 09:24:58.008148909 CEST	9101	49893	128.31.0.39	192.168.2.6
May 20, 2024 09:24:58.010262012 CEST	49893	9101	192.168.2.6	128.31.0.39
May 20, 2024 09:25:00.168718100 CEST	49897	443	192.168.2.6	38.154.240.58
May 20, 2024 09:25:00.168764114 CEST	443	49897	38.154.240.58	192.168.2.6
May 20, 2024 09:25:00.168977022 CEST	49897	443	192.168.2.6	38.154.240.58
May 20, 2024 09:25:00.168998957 CEST	49898	443	192.168.2.6	193.23.244.244
May 20, 2024 09:25:00.169094086 CEST	443	49898	193.23.244.244	192.168.2.6
May 20, 2024 09:25:00.169101000 CEST	49897	443	192.168.2.6	38.154.240.58
May 20, 2024 09:25:00.169110060 CEST	443	49897	38.154.240.58	192.168.2.6
May 20, 2024 09:25:00.170088053 CEST	49898	443	192.168.2.6	193.23.244.244
May 20, 2024 09:25:00.170416117 CEST	49898	443	192.168.2.6	193.23.244.244
May 20, 2024 09:25:00.170453072 CEST	443	49898	193.23.244.244	192.168.2.6
May 20, 2024 09:25:00.586085081 CEST	443	49731	38.154.240.58	192.168.2.6
May 20, 2024 09:25:00.586208105 CEST	49731	443	192.168.2.6	38.154.240.58
May 20, 2024 09:25:00.586208105 CEST	49731	443	192.168.2.6	38.154.240.58
May 20, 2024 09:25:01.054367065 CEST	9101	49895	128.31.0.39	192.168.2.6
May 20, 2024 09:25:01.054632902 CEST	49895	9101	192.168.2.6	128.31.0.39
May 20, 2024 09:25:01.122431993 CEST	443	49898	193.23.244.244	192.168.2.6
May 20, 2024 09:25:01.122529984 CEST	49898	443	192.168.2.6	193.23.244.244
May 20, 2024 09:25:01.313668013 CEST	49898	443	192.168.2.6	193.23.244.244
May 20, 2024 09:25:01.313749075 CEST	443	49898	193.23.244.244	192.168.2.6
May 20, 2024 09:25:01.313910961 CEST	49898	443	192.168.2.6	193.23.244.244
May 20, 2024 09:25:01.314084053 CEST	49897	443	192.168.2.6	38.154.240.58
May 20, 2024 09:25:01.314637899 CEST	443	49898	193.23.244.244	192.168.2.6
May 20, 2024 09:25:01.314703941 CEST	49898	443	192.168.2.6	193.23.244.244
May 20, 2024 09:25:01.356139898 CEST	443	49897	38.154.240.58	192.168.2.6
May 20, 2024 09:25:08.312022924 CEST	443	49751	89.168.70.178	192.168.2.6
May 20, 2024 09:25:08.312128067 CEST	49751	443	192.168.2.6	89.168.70.178
May 20, 2024 09:25:08.312129021 CEST	49751	443	192.168.2.6	89.168.70.178
May 20, 2024 09:25:08.537707090 CEST	49899	443	192.168.2.6	23.92.34.123
May 20, 2024 09:25:08.537746906 CEST	443	49899	23.92.34.123	192.168.2.6
May 20, 2024 09:25:08.537966967 CEST	49899	443	192.168.2.6	23.92.34.123
May 20, 2024 09:25:08.538134098 CEST	49899	443	192.168.2.6	23.92.34.123
May 20, 2024 09:25:08.538147926 CEST	443	49899	23.92.34.123	192.168.2.6
May 20, 2024 09:25:08.647124052 CEST	443	49813	89.168.70.178	192.168.2.6
May 20, 2024 09:25:08.647216082 CEST	49813	443	192.168.2.6	89.168.70.178
May 20, 2024 09:25:08.647217035 CEST	49813	443	192.168.2.6	89.168.70.178
May 20, 2024 09:25:10.272456884 CEST	443	49899	23.92.34.123	192.168.2.6
May 20, 2024 09:25:10.272533894 CEST	49899	443	192.168.2.6	23.92.34.123
May 20, 2024 09:25:10.276937008 CEST	49899	443	192.168.2.6	23.92.34.123
May 20, 2024 09:25:10.276968956 CEST	443	49899	23.92.34.123	192.168.2.6
May 20, 2024 09:25:10.277213097 CEST	443	49899	23.92.34.123	192.168.2.6
May 20, 2024 09:25:10.277493000 CEST	49899	443	192.168.2.6	23.92.34.123
May 20, 2024 09:25:10.324124098 CEST	443	49899	23.92.34.123	192.168.2.6

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49729	171.25.193.9	80	4412	C:\Users\user\Desktop\jXBjxhHQgR.exe

Timestamp	Bytes transferred	Direction	Data
May 20, 2024 09:23:48.820053101 CEST	199	OUT	Data Raw: 16 03 01 00 c2 01 00 00 be 03 03 f8 2f 01 5c 0e 6e 0d 6e 56 e7 85 a5 32 d6 b6 b7 82 9e 57 2e 91 10 2e f0 74 04 95 0b 13 7f c7 fc 00 00 1c c0 2b c0 2f c0 2c c0 30 c0 0a c0 09 c0 13 c0 14 00 33 00 39 00 2f 00 35 00 0a 00 ff 01 00 00 79 00 00 00 20 Data Ascii: /\nnV2W..t+/,039/5y www.tbryu5tsoc7plcbyf2u.com#
May 20, 2024 09:23:49.526485920 CEST	1008	IN	Data Raw: 16 03 03 00 39 02 00 00 35 03 03 c6 72 96 c6 38 b1 c3 10 00 43 43 1f f5 ce 70 34 17 d7 73 6f d7 ab 95 10 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 03 02 52 0b 00 02 4e 00 02 4b 00 02 48 30 82 02 44 30 Data Ascii: 95r8CCp4soDOWNGRD0RNKH0D0j;0H0&1$0"Uwww.dqjnjbxr4ypr2v3y4dp.com0240502000000Z240616000000Z010Uwww.uew4lf4l7rg.net0"0H
May 20, 2024 09:23:49.530174971 CEST	126	OUT	Data Raw: 16 03 03 00 46 10 00 00 42 41 04 f8 7c 63 8f 59 b0 92 79 82 1f 20 52 26 f0 36 f7 2a 17 f1 54 29 c5 69 ab e9 db 69 23 aa ec a4 6f be 2c 97 ff 2d 8e 7e 4e fd 75 a5 d4 0c 23 85 90 50 c7 68 47 41 a5 20 c9 a4 bf 60 ba 64 a9 66 38 14 03 03 00 01 01 16 Data Ascii: FBA\|cYy R&6*T)ii#o,-~Nu#PhGA `df8(, aZq1}Rxw27<S>[T%
May 20, 2024 09:23:49.764991999 CEST	51	IN	Data Raw: 14 03 03 00 01 01 16 03 03 00 28 6f 87 08 0a 6a 3f 76 bf bf cb 87 bb 00 ab 3f de d3 db cc 70 55 76 ea b0 6a 13 39 5e b6 e2 aa ae d1 c1 48 fc 2a 5b 62 ba Data Ascii: (oj?v?pUvj9^H*[b
May 20, 2024 09:23:49.765379906 CEST	40	OUT	Data Raw: 17 03 03 00 23 f5 2c d7 11 20 e7 61 a2 e8 bd 81 c5 30 c1 a3 0b 10 0f 77 e6 6b f7 64 0b 92 84 29 98 44 d9 01 94 8d 85 e7 Data Ascii: #, a0wkd)D
May 20, 2024 09:23:49.980727911 CEST	1236	IN	Data Raw: 17 03 03 08 15 6f 87 08 0a 6a 3f 76 c0 de 0e 33 a2 1b f7 bd ce 3a c6 ca 55 af 6f 6f 3d 5b 2d d0 61 3a 68 9c d9 b0 5f dc 23 86 53 8d ac 5a 50 aa a3 2e 58 51 05 d5 85 e9 27 ff 80 29 9b d7 c7 1c 17 38 cd a9 6d eb 0f fb 86 e6 6c 3c dd a9 25 37 f0 d9 Data Ascii: oj?v3:Uoo=[-a:h_#SZP.XQ')8ml<%7L=r3-TW%\|uH6`'U[J"ngeZF`4Kx:o<\#\,QZjdkk2%_`@zOp.Q2^+?6\4I@"Y
May 20, 2024 09:23:49.985460997 CEST	838	IN	Data Raw: f4 b1 04 64 6e bf c9 d0 00 54 08 54 72 8d bc 02 a9 35 31 4e d2 0b 85 bc 90 8f 73 a7 3a b1 31 d4 ca a5 36 95 13 c3 1d 07 6f 2a 62 90 b7 5e 8f c0 45 6e 9d 54 19 44 a9 61 32 5c 69 d0 5c 3b 31 fd 55 cd 84 18 ab 05 a3 00 c2 50 79 31 9c fd 6d 0c 7e b8 Data Ascii: dnTTr51Ns:16o*b^EnTDa2\i\;1UPy1m~;eEC""dUsqz{EE:~G,F\|>Pj1RR1-,\|WFing2c0=VgCc<-lE9Vq
May 20, 2024 09:23:49.993221998 CEST	1057	OUT	Data Raw: 17 03 03 04 1c f5 2c d7 11 20 e7 61 a3 84 19 f0 ed 86 8c 4f 6a 12 40 53 5c 84 60 13 c2 93 ef 47 6e 65 1f f1 f5 ed c8 46 37 5d 59 7d b3 43 4b 23 a9 48 3e 5f 9e 00 12 a1 fc 8b 42 1e 9a 7c da e4 b8 e8 12 34 2c b4 10 fa eb d7 8b a5 3f b3 e2 f7 36 c8 Data Ascii: , aOj@S\`GneF7]Y}CK#H>_B\|4,?6fH3y4dEMj0}vfD](C<Ld?GKTL1dx,a^`%S0f.~hc1"n#_J\`--\:NG 0(
May 20, 2024 09:23:50.204541922 CEST	543	IN	Data Raw: 17 03 03 02 1a 6f 87 08 0a 6a 3f 76 c1 74 35 d7 f5 cf 33 40 73 6c 16 40 a7 58 53 00 dd 0b 2d e4 3f 2e 53 89 f7 43 20 60 d8 f4 8c 8c 4e f6 77 2e 90 89 09 8b bd 29 c5 b6 37 ae eb 8c fd 50 27 02 48 2b 4a 43 aa e8 2d a6 7a 3e 3d 58 a3 cc 4d 37 02 ae Data Ascii: oj?vt53@sl@XS-?.SC `Nw.)7P'H+JC-z>=XM74EOpG:.l,Q`Qqf! }Jr(~)Or'b3TTp9^wuR!;3B[)[s ~(((aapl74ki+!<p
May 20, 2024 09:23:50.204860926 CEST	1057	OUT	Data Raw: 17 03 03 04 1c f5 2c d7 11 20 e7 61 a4 a7 60 98 31 bb 22 90 45 57 04 39 bf e8 fd 26 05 ce a6 cb b6 28 b6 fc b4 3e fc b5 1b 6d 0f 14 ec 4b b0 0f e3 ed 17 3d 4e 5c 73 8b 7e 94 f4 22 6b 5d 2e 3a 00 71 c7 48 ea ac 6e af 0b a2 61 44 2e b6 e5 fe 5f a2 Data Ascii: , a`1"EW9&(>mK=N\s~"k].:qHnaD._?DUkVz$73vK'{=a^0yrpFsho40i7@W?6?^iqs`0gT#JIm*4mFwGmRh3R6,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49771	95.217.112.218	80	4412	C:\Users\user\Desktop\jXBjxhHQgR.exe

Timestamp	Bytes transferred	Direction	Data
May 20, 2024 09:24:40.498919010 CEST	201	OUT	Data Raw: 16 03 01 00 c4 01 00 00 c0 03 03 b9 62 d9 3c 59 a8 ff 28 c9 e2 a5 45 d5 a3 eb 37 9a 03 16 18 03 2c 30 7e 34 08 10 3d d2 ae a1 33 00 00 1c c0 2b c0 2f c0 2c c0 30 c0 0a c0 09 c0 13 c0 14 00 33 00 39 00 2f 00 35 00 0a 00 ff 01 00 00 7b 00 00 00 22 Data Ascii: b<Y(E7,0~4=3+/,039/5{" www.pd2fel2efgdp2aotdyrk6.com#

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49872	171.25.193.9	80	4412	C:\Users\user\Desktop\jXBjxhHQgR.exe

Timestamp	Bytes transferred	Direction	Data
May 20, 2024 09:24:41.896174908 CEST	204	OUT	Data Raw: 16 03 01 00 c7 01 00 00 c3 03 03 0a 6d ee 7c 57 1c 6b 14 d3 59 e7 9f fe a6 78 67 3b 17 2b 12 cf aa 37 14 5f 48 b3 ee 73 e1 a6 c8 00 00 1c c0 2b c0 2f c0 2c c0 30 c0 0a c0 09 c0 13 c0 14 00 33 00 39 00 2f 00 35 00 0a 00 ff 01 00 00 7e 00 00 00 25 Data Ascii: m\|WkYxg;+7_Hs+/,039/5~%# www.qag7r2cnzasnalcclkgzlxhw.com#

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49882	171.25.193.9	80	4412	C:\Users\user\Desktop\jXBjxhHQgR.exe

Timestamp	Bytes transferred	Direction	Data
May 20, 2024 09:24:43.595035076 CEST	191	OUT	Data Raw: 16 03 01 00 ba 01 00 00 b6 03 03 b9 38 04 1c 8f 55 d6 41 bd d1 31 52 9e 65 9f f2 c7 24 59 5c 6c a5 e3 20 f2 da cd de 17 25 fb be 00 00 1c c0 2b c0 2f c0 2c c0 30 c0 0a c0 09 c0 13 c0 14 00 33 00 39 00 2f 00 35 00 0a 00 ff 01 00 00 71 00 00 00 18 Data Ascii: 8UA1Re$Y\l %+/,039/5qwww.rouwfmq3toc.com#
May 20, 2024 09:24:44.333172083 CEST	1008	IN	Data Raw: 16 03 03 00 39 02 00 00 35 03 03 1f 88 7a e0 45 cb 0a a8 5a 65 ad 6b 9d 49 e3 c0 58 48 30 f0 7c 50 f9 73 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 03 02 52 0b 00 02 4e 00 02 4b 00 02 48 30 82 02 44 30 Data Ascii: 95zEZekIXH0\|PsDOWNGRD0RNKH0D0j;0H0&1$0"Uwww.dqjnjbxr4ypr2v3y4dp.com0240502000000Z240616000000Z010Uwww.uew4lf4l7rg.net0"0H
May 20, 2024 09:24:44.336397886 CEST	126	OUT	Data Raw: 16 03 03 00 46 10 00 00 42 41 04 d3 bd be 56 39 71 0b a1 1e f6 1c 7b 84 c9 d9 95 dd 6f bf bf 71 d8 c6 2c 54 84 ac 9a b9 98 20 d3 31 f7 b7 9c 31 47 03 b6 b7 d9 97 af c7 58 be f5 92 27 03 e4 d4 5b c2 59 3a 18 5f b7 67 81 cf bb 14 03 03 00 01 01 16 Data Ascii: FBAV9q{oq,T 11GX'[Y:_g({9:!g`nwdi:t#GM

Target ID:	0
Start time:	03:23:00
Start date:	20/05/2024
Path:	C:\Users\user\Desktop\jXBjxhHQgR.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\jXBjxhHQgR.exe"
Imagebase:	0x400000
File size:	1'950'208 bytes
MD5 hash:	8305C45696B7E6763FF343CA024682D1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.2101368330.0000000002291000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	03:23:01
Start date:	20/05/2024
Path:	C:\Users\user\Desktop\jXBjxhHQgR.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\jXBjxhHQgR.exe"
Imagebase:	0x400000
File size:	1'950'208 bytes
MD5 hash:	8305C45696B7E6763FF343CA024682D1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	03:23:14
Start date:	20/05/2024
Path:	C:\ProgramData\Drivers\csrss.exe
Wow64 process (32bit):	true
Commandline:	"C:\ProgramData\Drivers\csrss.exe"
Imagebase:	0x400000
File size:	1'950'208 bytes
MD5 hash:	8305C45696B7E6763FF343CA024682D1
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000003.00000002.2269982007.0000000002600000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 42%, ReversingLabs Detection: 46%, Virustotal, Browse
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	03:23:18
Start date:	20/05/2024
Path:	C:\ProgramData\Drivers\csrss.exe
Wow64 process (32bit):	true
Commandline:	"C:\ProgramData\Drivers\csrss.exe"
Imagebase:	0x400000
File size:	1'950'208 bytes
MD5 hash:	8305C45696B7E6763FF343CA024682D1
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	5.5%
Dynamic/Decrypted Code Coverage:	5.1%
Signature Coverage:	13%
Total number of Nodes:	729
Total number of Limit Nodes:	10

Executed Functions

Function 02450110 Relevance: 22.7, APIs: 15, Instructions: 248
memorynativethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,00002800,00001000,00000004), ref: 02450156
GetModuleFileNameA.KERNELBASE(00000000,?,00002800), ref: 0245016C
CreateProcessA.KERNELBASE(?,00000000), ref: 02450255
VirtualFree.KERNELBASE(?,00000000,00008000), ref: 02450270
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 02450283
Wow64GetThreadContext.KERNEL32(00000000,?), ref: 0245029F
ReadProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 024502C8
NtUnmapViewOfSection.NTDLL(00000000,?), ref: 024502E3
VirtualAllocEx.KERNELBASE(00000000,?,?,00003000,00000040), ref: 02450304
NtWriteVirtualMemory.NTDLL(00000000,?,?,00000000,00000000), ref: 0245032A
NtWriteVirtualMemory.NTDLL(00000000,00000000,?,00000002,00000000), ref: 02450399
WriteProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 024503BF
Wow64SetThreadContext.KERNEL32(00000000,?), ref: 024503E1
ResumeThread.KERNELBASE(00000000), ref: 024503ED
ExitProcess.KERNEL32(00000000), ref: 02450412

Memory Dump Source

Source File: 00000000.00000002.2101482589.0000000002450000.00000040.00001000.00020000.00000000.sdmp, Offset: 02450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2450000_jXBjxhHQgR.jbxd

Similarity

API ID: Virtual$MemoryProcess$AllocThreadWrite$ContextWow64$CreateExitFileFreeModuleNameReadResumeSectionUnmapView
String ID:
API String ID: 93872480-0
Opcode ID: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
Instruction ID: 9e227ef3814888d28887ebf806879abaa81320976cd02bf11c54cee46917e6ef
Opcode Fuzzy Hash: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
Instruction Fuzzy Hash: 44B1C874A00208AFDB44CF98C895F9EBBB5FF88314F248158E949AB391D771AD41CF94

Function 022917C6 Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 022917EE
Module32First.KERNEL32(00000000,00000224), ref: 0229180E

Memory Dump Source

Source File: 00000000.00000002.2101368330.0000000002291000.00000040.00000020.00020000.00000000.sdmp, Offset: 02291000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2291000_jXBjxhHQgR.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: 08562b7901d77af7cc6566af21859842feba15ce7d2cf85527986847167e8284
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: 64F0F6322103176FEB203BF6A88CBAE76ECBF49625F500228E64B950C0CB70E8454A60

Function 00401555 Relevance: 49.2, APIs: 20, Strings: 8, Instructions: 174
librarymemorywindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetLastError.KERNEL32(00000000,00000000,00000001,00000000,?,00401B96), ref: 0040154B
LocalAlloc.KERNELBASE(?,001A6045), ref: 00401588
VirtualProtect.KERNELBASE(00000000,00000040,?,?,001A6045), ref: 004015A0
GetMenuItemID.USER32 ref: 004015AD
GetTickCount.KERNEL32 ref: 004015B6
RemoveDirectoryW.KERNEL32(00000000,?,?,?,?,001A6045), ref: 004015EF
IsBadStringPtrA.KERNEL32(sesowalotorufowefave wupeyusibetanuk,00000000), ref: 004015FC
LoadLibraryA.KERNEL32(xitecesacocihuyirimiyuzowoweteg,?,?,?,?,001A6045), ref: 00401607
GetVolumeInformationW.KERNEL32(lehekiroyukoluvumif,?,00000000,?,?,?,?,00000000,?,?,?,?,001A6045), ref: 0040162C
PurgeComm.KERNEL32(00000000,00000000,?,?,?,?,001A6045), ref: 00401636
SetComputerNameExW.KERNEL32(00000000,jubekihofivep sewudujo jepedelavehumujiconikufofoze nap lapiyico,?,?,?,?,001A6045), ref: 0040165A
WriteConsoleW.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,001A6045), ref: 0040166A
LoadLibraryExW.KERNEL32(xivuxigosazixani,00000000,00000000,?,?,?,?,001A6045), ref: 00401679
GetConsoleAliasA.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,001A6045), ref: 00401685
TzSpecificLocalTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,001A6045), ref: 004016F3
WriteConsoleW.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,001A6045), ref: 00401703
SetFileAttributesW.KERNEL32(meromuzinavuzohuvu,00000000,?,?,?,?,001A6045), ref: 0040170F
BuildCommDCBA.KERNEL32(00000000,?), ref: 0040171A
CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,001A6045), ref: 00401731
LoadLibraryA.KERNELBASE(msimg32.dll,?,?,?,?,001A6045), ref: 0040173F

Strings

meromuzinavuzohuvu, xrefs: 0040170A
sesowalotorufowefave wupeyusibetanuk, xrefs: 004015F7
8q , xrefs: 0040154D
lehekiroyukoluvumif, xrefs: 00401627
jubekihofivep sewudujo jepedelavehumujiconikufofoze nap lapiyico, xrefs: 00401653
xivuxigosazixani, xrefs: 00401674
xitecesacocihuyirimiyuzowoweteg, xrefs: 00401602
msimg32.dll, xrefs: 0040173A

Memory Dump Source

Source File: 00000000.00000002.2101006885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2100992683.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101024084.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101038921.0000000000419000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101053074.000000000041A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101176531.00000000005D2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101176531.0000000000619000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101213005.000000000061B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jXBjxhHQgR.jbxd

Similarity

API ID: ConsoleLibraryLoad$CommLocalTimeWrite$AliasAllocAttributesBuildComputerCountCreateDirectoryErrorEventFileInformationItemLastMenuNameProtectPurgeRemoveSpecificStringSystemTickVirtualVolume
String ID: 8q $jubekihofivep sewudujo jepedelavehumujiconikufofoze nap lapiyico$lehekiroyukoluvumif$meromuzinavuzohuvu$msimg32.dll$sesowalotorufowefave wupeyusibetanuk$xitecesacocihuyirimiyuzowoweteg$xivuxigosazixani
API String ID: 1097982066-555671594
Opcode ID: 9f856b582495d0113950c39e5206eaaff0737c4ccca12b285b4d16a400d3f38b
Instruction ID: 417d3da515f90f740dc63969b290accc104254ffe096fe2173360dad5b10573e
Opcode Fuzzy Hash: 9f856b582495d0113950c39e5206eaaff0737c4ccca12b285b4d16a400d3f38b
Instruction Fuzzy Hash: D051A171900204BFE7159BA4DD99FEB7B79EB4C700F14813AF615E21A0CAB89E41CB79

Function 00401783 Relevance: 26.5, APIs: 8, Strings: 7, Instructions: 209
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00403BAA: _doexit.LIBCMT ref: 00403BB4

GetCharWidthI.GDI32(00000000,00000000,00000000,00000000,00000000,7104DC19,4DDEDD50,32F16B60,185911A7,511CF560,39E28F6C,127C64A9,39C630B1,21870240,7EA84DC7,7EA84DC7), ref: 00401AEC
GetModuleFileNameA.KERNEL32(00000000,00000000,00000000,7104DC19,4DDEDD50,32F16B60,185911A7,511CF560,39E28F6C,127C64A9,39C630B1,21870240,7EA84DC7,7EA84DC7,4441C554,4E757E39), ref: 00401AF5
_calloc.LIBCMT ref: 00401B1A
_fseek.LIBCMT ref: 00401B22
GetNumberFormatW.KERNELBASE(00000000,00000000,00000000,00000000,?,00000000), ref: 00401B59
GetLastError.KERNEL32 ref: 00401B5F
SetLastError.KERNEL32(00000000), ref: 00401B66
GetSystemDirectoryA.KERNEL32(?,00000000), ref: 00401BB0

Strings

?<l-, xrefs: 0040188F
z&i>, xrefs: 0040190D
E%os, xrefs: 0040187C
9~uN, xrefs: 004017E0
8Y<6, xrefs: 00401957
8*@, xrefs: 00401942
r, xrefs: 00401849

Memory Dump Source

Source File: 00000000.00000002.2101006885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2100992683.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101024084.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101038921.0000000000419000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101053074.000000000041A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101176531.00000000005D2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101176531.0000000000619000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101213005.000000000061B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jXBjxhHQgR.jbxd

Similarity

API ID: ErrorLast$CharDirectoryFileFormatModuleNameNumberSystemWidth_calloc_doexit_fseek
String ID: 8*@$8Y<6$9~uN$?<l-$E%os$r$z&i>
API String ID: 1131423277-2732166875
Opcode ID: 3892c7c7819baf37f4422ce31bfdfa653686bb5e6a27d8e0d08de7f7e47db2d2
Instruction ID: f1a5d01fc65bfd6e269cc10e30e068661cae136ed33bd414c2324cbc557ff604
Opcode Fuzzy Hash: 3892c7c7819baf37f4422ce31bfdfa653686bb5e6a27d8e0d08de7f7e47db2d2
Instruction Fuzzy Hash: 83A140B15083809FC210DF2A958890BFBF4FF95714F408A1DF5AAA6621D778CA85CF5B

Function 02450420 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 113
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegisterClassExA.USER32(00000030), ref: 024504F1
CreateWindowExA.USER32(00000200,saodkfnosa9uin,mfoaskdfnoa,00CF0000,80000000,80000000,000003E8,000003E8,00000000,00000000,00000000,00000000), ref: 02450533

Strings

mfoaskdfnoa, xrefs: 02450520, 02450523
0, xrefs: 02450492
d, xrefs: 02450584
saodkfnosa9uin, xrefs: 024504DA

Memory Dump Source

Source File: 00000000.00000002.2101482589.0000000002450000.00000040.00001000.00020000.00000000.sdmp, Offset: 02450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2450000_jXBjxhHQgR.jbxd

Similarity

API ID: ClassCreateRegisterWindow
String ID: 0$d$mfoaskdfnoa$saodkfnosa9uin
API String ID: 3469048531-2341455598
Opcode ID: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
Instruction ID: ac91946515095f4dca20db3babc411618982661e0fd6b6011a4c26d9dc6e170d
Opcode Fuzzy Hash: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
Instruction Fuzzy Hash: 18512970D0838CDBEB11CBA8C849BDEBFB26F15708F144059D5846F286C3BA5659CB62

Function 024505B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNELBASE(apfHQ), ref: 024505EC

Strings

apfHQ, xrefs: 024505E2, 024505E5
o, xrefs: 02450600

Memory Dump Source

Source File: 00000000.00000002.2101482589.0000000002450000.00000040.00001000.00020000.00000000.sdmp, Offset: 02450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2450000_jXBjxhHQgR.jbxd

Similarity

API ID: AttributesFile
String ID: apfHQ$o
API String ID: 3188754299-2999369273
Opcode ID: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
Instruction ID: d02a8f60d721c9732b38a621dffe06592a9f3a904032a34cecb17601322922db
Opcode Fuzzy Hash: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
Instruction Fuzzy Hash: BB011E74C0425CEADB10DB98C5183AEBFB5AF45308F148099C8492B342D7769B99CBA1

Function 02291485 Relevance: 1.3, APIs: 1, Instructions: 48
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 022914D6

Memory Dump Source

Source File: 00000000.00000002.2101368330.0000000002291000.00000040.00000020.00020000.00000000.sdmp, Offset: 02291000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2291000_jXBjxhHQgR.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: 3a2aaf46c3dd547e0d6d44ec9285e2757ffd618c9604189d7675dc06b89452f5
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: 33113C79A00209EFDB01DF99C985E99BBF5AF08351F158094F9489B361D371EA90DF80

Non-executed Functions

Function 004071A7 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(00000000,?,0040486B,?,?,?,00000000), ref: 004071AC
UnhandledExceptionFilter.KERNEL32(?,?,?,00000000), ref: 004071B5

Memory Dump Source

Source File: 00000000.00000002.2101006885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2100992683.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101024084.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101038921.0000000000419000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101053074.000000000041A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101176531.00000000005D2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101176531.0000000000619000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101213005.000000000061B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jXBjxhHQgR.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 2d153f5ffd727ca5bc3b6ac29b936ffc0b3aa7be6dc9c8f4e9cfd24d687277b5
Instruction ID: 54207d67cd9cb7dd5fc761c296890b434a86de39998c3ad705edf13356c4a7a0
Opcode Fuzzy Hash: 2d153f5ffd727ca5bc3b6ac29b936ffc0b3aa7be6dc9c8f4e9cfd24d687277b5
Instruction Fuzzy Hash: 85B09271045208ABCB012B91EE09BC83F28EB08662F0081A0F70D860A0CBA25570CAA9

Function 00407176 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(?), ref: 0040717C

Memory Dump Source

Source File: 00000000.00000002.2101006885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2100992683.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101024084.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101038921.0000000000419000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101053074.000000000041A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101176531.00000000005D2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101176531.0000000000619000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101213005.000000000061B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jXBjxhHQgR.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 5dad44206e71198f812f3bbae644e226009fc8f4045d94cb2104a875b34935d1
Instruction ID: a59d2179b1e265b2f60a916209b50628fb661e81b0b718dec03e209840309d89
Opcode Fuzzy Hash: 5dad44206e71198f812f3bbae644e226009fc8f4045d94cb2104a875b34935d1
Instruction Fuzzy Hash: B2A0123000010CA78B011B41EC044C43F1CD6041717004060F50C41020C76255708598

Function 02450042 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2101482589.0000000002450000.00000040.00001000.00020000.00000000.sdmp, Offset: 02450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2450000_jXBjxhHQgR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction ID: 07ace88e047dd781c0cb372de7f242e132da5631da5bffb37cc6f3370aaf8456
Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction Fuzzy Hash: 9011A0763401109FD714CE65EC90EA673EAFF8C720B198056ED08CB312D675E842CB60

Function 022910A3 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2101368330.0000000002291000.00000040.00000020.00020000.00000000.sdmp, Offset: 02291000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2291000_jXBjxhHQgR.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction ID: 1b543de5e318c630c28549c6820d9d28f187173eb58999d6944c33652db8b2c3
Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction Fuzzy Hash: 6911A972350101AFDB54DF96DCC1FA673DAEB89360B198065ED08CB31AD676E851CB60

Function 0040554B Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 187
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__sopen_s.LIBCMT ref: 00405766

Part of subcall function 00404939: __getptd_noexit.LIBCMT ref: 00404939

Strings

Vv[, xrefs: 004056ED
UTF-8, xrefs: 004056E8
ccs, xrefs: 004056B6
Vhl2A, xrefs: 004056B5
UTF-16LE, xrefs: 00405707
zZ, xrefs: 004056BB
UNICODE, xrefs: 00405726

Memory Dump Source

Source File: 00000000.00000002.2101006885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2100992683.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101024084.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101038921.0000000000419000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101053074.000000000041A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101176531.00000000005D2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101176531.0000000000619000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101213005.000000000061B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jXBjxhHQgR.jbxd

Similarity

API ID: __getptd_noexit__sopen_s
String ID: UNICODE$UTF-16LE$UTF-8$Vhl2A$Vv[$ccs$zZ
API String ID: 159440951-1525659606
Opcode ID: ad1f2f647f31a8c9fa5e1338d8358565f81e81da6dde3d6a6a107a6f7abf57f0
Instruction ID: 08c1c572e636ce89fefd0b4b6c44fda4edae38c5b9330534f5627e85e56c3750
Opcode Fuzzy Hash: ad1f2f647f31a8c9fa5e1338d8358565f81e81da6dde3d6a6a107a6f7abf57f0
Instruction Fuzzy Hash: 05513871D04A04ADEF250E6988443776B85DF21344F694D7BDD4EB63C1E27E89419E0E

Function 004081AB Relevance: 10.5, APIs: 7, Instructions: 45
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__init_pointers.LIBCMT ref: 004081AB

Part of subcall function 004039D9: EncodePointer.KERNEL32(00000000,?,004081B0,00403C89,00417EF8,00000014,00000003,00417D8C,00000003,00000001), ref: 004039DC
Part of subcall function 004039D9: __initp_misc_winsig.LIBCMT ref: 004039F7
Part of subcall function 004039D9: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00406EF2
Part of subcall function 004039D9: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00406F06
Part of subcall function 004039D9: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00406F19
Part of subcall function 004039D9: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00406F2C
Part of subcall function 004039D9: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00406F3F
Part of subcall function 004039D9: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00406F52
Part of subcall function 004039D9: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 00406F65
Part of subcall function 004039D9: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00406F78
Part of subcall function 004039D9: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 00406F8B
Part of subcall function 004039D9: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 00406F9E
Part of subcall function 004039D9: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00406FB1
Part of subcall function 004039D9: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00406FC4
Part of subcall function 004039D9: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00406FD7
Part of subcall function 004039D9: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 00406FEA
Part of subcall function 004039D9: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 00406FFD
Part of subcall function 004039D9: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 00407010

__mtinitlocks.LIBCMT ref: 004081B0
__mtterm.LIBCMT ref: 004081B9
__calloc_crt.LIBCMT ref: 004081DE
__initptd.LIBCMT ref: 00408200
GetCurrentThreadId.KERNEL32 ref: 00408207

Memory Dump Source

Source File: 00000000.00000002.2101006885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2100992683.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101024084.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101038921.0000000000419000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101053074.000000000041A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101176531.00000000005D2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101176531.0000000000619000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101213005.000000000061B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jXBjxhHQgR.jbxd

Similarity

API ID: AddressProc$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm
String ID:
API String ID: 1593083391-0
Opcode ID: 9d5d94dd7e61b6aef5bf60bbc51743b58abd7fa4f35c6ba676076b254068f532
Instruction ID: 74c86698024f7ff2d6bf114253a918d6835fd01fe0a01658c8ad057136f450ae
Opcode Fuzzy Hash: 9d5d94dd7e61b6aef5bf60bbc51743b58abd7fa4f35c6ba676076b254068f532
Instruction Fuzzy Hash: 21F0F632258B1129E2247B75BD03A8736849F00734B214A3FF4A0F50D2FF38981141DC

Function 0040A4E7 Relevance: 7.6, APIs: 5, Instructions: 67
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_malloc.LIBCMT ref: 0040A4F3

Part of subcall function 00407D00: __FF_MSGBANNER.LIBCMT ref: 00407D17
Part of subcall function 00407D00: __NMSG_WRITE.LIBCMT ref: 00407D1E
Part of subcall function 00407D00: HeapAlloc.KERNEL32(?,00000000,00000001,00000000,00000000,00000000,?,00404E64,?,?,?,00000000,?,00406D27,00000018,00418000), ref: 00407D43

_free.LIBCMT ref: 0040A506

Memory Dump Source

Source File: 00000000.00000002.2101006885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2100992683.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101024084.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101038921.0000000000419000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101053074.000000000041A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101176531.00000000005D2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101176531.0000000000619000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101213005.000000000061B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jXBjxhHQgR.jbxd

Similarity

API ID: AllocHeap_free_malloc
String ID:
API String ID: 2734353464-0
Opcode ID: cfb87086132b0ca509044d8f8f29d2241ac4f9161810e9c0d4d2a12d1b6dbead
Instruction ID: d595ae039b1f4b1bc13dfa0751540a2cd1da7368941a28acb3683e276b5d294f
Opcode Fuzzy Hash: cfb87086132b0ca509044d8f8f29d2241ac4f9161810e9c0d4d2a12d1b6dbead
Instruction Fuzzy Hash: 9B11C8B2805311BBCB213FB5AC0476B3794AF54364F10453BFA44BA2E0DA7C8960969E

Function 00406BAC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

APIs

__lock.LIBCMT ref: 00406BBA

Part of subcall function 00406C5D: __mtinitlocknum.LIBCMT ref: 00406C6F
Part of subcall function 00406C5D: EnterCriticalSection.KERNEL32(?,?,00403A70,00000008,0040333C,00417E78,0000000C,0040342E,?,?,00401014,00411B29), ref: 00406C88

_free.LIBCMT ref: 00406BEB
_free.LIBCMT ref: 00406BF4

Strings

d+], xrefs: 00406BD4

Memory Dump Source

Source File: 00000000.00000002.2101006885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2100992683.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101024084.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101038921.0000000000419000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101053074.000000000041A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101176531.00000000005D2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101176531.0000000000619000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101213005.000000000061B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jXBjxhHQgR.jbxd

Similarity

API ID: _free$CriticalEnterSection__lock__mtinitlocknum
String ID: d+]
API String ID: 3990512260-3543493326
Opcode ID: 251d0508bfb045a731843aa665b369ec68824c99daf94c681f35ea94f5d2226f
Instruction ID: 635779f864f703cbaabf52a87e9dd7c525ca44406f4ac6ed1ad848e2288fa63e
Opcode Fuzzy Hash: 251d0508bfb045a731843aa665b369ec68824c99daf94c681f35ea94f5d2226f
Instruction Fuzzy Hash: CCF0A971201701ABEB24AF25C50272B77A0EF40729F21C03FA446AF2D1CA7CE8919B48

Function 004094E4 Relevance: 6.2, APIs: 4, Instructions: 162COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 00409575
_memmove.LIBCMT ref: 004095E9
___AdjustPointer.LIBCMT ref: 0040963A
_memmove.LIBCMT ref: 00409643

Memory Dump Source

Source File: 00000000.00000002.2101006885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2100992683.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101024084.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101038921.0000000000419000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101053074.000000000041A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101176531.00000000005D2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101176531.0000000000619000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101213005.000000000061B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jXBjxhHQgR.jbxd

Similarity

API ID: AdjustPointer_memmove
String ID:
API String ID: 1721217611-0
Opcode ID: 25e0dd34112a8a5fe865c3faa1f852adc595f72bb8239f6889414fda9929eded
Instruction ID: 3fe9dd214f1b07e26e253aa8b95581e7de349a429b80cdf2a32a2cd83bfd1103
Opcode Fuzzy Hash: 25e0dd34112a8a5fe865c3faa1f852adc595f72bb8239f6889414fda9929eded
Instruction Fuzzy Hash: AB41D7716043029AEB259F66D8A1B6733A49F40754F244A3FFC10B72D2EB7ADD81C61D

Function 0040F0B5 Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0040F0EB
__isleadbyte_l.LIBCMT ref: 0040F119
MultiByteToWideChar.KERNEL32(840FFFF8,00000009,0F3060F4,E1C11FE1,00BFBBEF,00000000,?,00000000,00000000,?,0040ECAE,0F3060F4,00BFBBEF,00000003), ref: 0040F147
MultiByteToWideChar.KERNEL32(840FFFF8,00000009,0F3060F4,00000001,00BFBBEF,00000000,?,00000000,00000000,?,0040ECAE,0F3060F4,00BFBBEF,00000003), ref: 0040F17D

Memory Dump Source

Source File: 00000000.00000002.2101006885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2100992683.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101024084.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101038921.0000000000419000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101053074.000000000041A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101176531.00000000005D2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101176531.0000000000619000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101213005.000000000061B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jXBjxhHQgR.jbxd

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: 3f3084fd5263cd1dabddd675546f6d132f271b1f0e3fc4f4f3b3e125c495f7eb
Instruction ID: 50409f91587497db8b13e2e371de7dcaace727cd6919e663916f678a4aaa5484
Opcode Fuzzy Hash: 3f3084fd5263cd1dabddd675546f6d132f271b1f0e3fc4f4f3b3e125c495f7eb
Instruction Fuzzy Hash: A131C030604246EFDB318E75CC44BAB7BA5FF41310F15813AE814AB6D1E734AC59DB98

Function 0040D682 Relevance: 6.1, APIs: 4, Instructions: 64COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 0040D6B6
MultiByteToWideChar.KERNEL32(?,00000001,?,?), ref: 0040D6EE
GetStringTypeW.KERNEL32(?,?,00000000,?), ref: 0040D700
__freea.LIBCMT ref: 0040D709

Memory Dump Source

Source File: 00000000.00000002.2101006885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2100992683.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101024084.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101038921.0000000000419000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101053074.000000000041A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101176531.00000000005D2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101176531.0000000000619000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101213005.000000000061B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jXBjxhHQgR.jbxd

Similarity

API ID: ByteCharMultiStringTypeWide__freea_malloc
String ID:
API String ID: 1687186797-0
Opcode ID: b1ab821d117d41be0bf8a8a67fd54c33ec9ede1402eeade50ca2e9eb1c40aed9
Instruction ID: 13d5c54d04c8278e73d9330411ef358464ccd5e123ddb8aa0738bec849efbd1a
Opcode Fuzzy Hash: b1ab821d117d41be0bf8a8a67fd54c33ec9ede1402eeade50ca2e9eb1c40aed9
Instruction Fuzzy Hash: 8D11C872D01115ABDB205F91EC40EBF7B95EF04354B14093BFD08F62D0D73A8D158699

Function 00409936 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

__cftof_l.LIBCMT ref: 0040995A

Part of subcall function 0040A041: __fltout2.LIBCMT ref: 0040A06A

__cftog_l.LIBCMT ref: 00409980
__cftoe_l.LIBCMT ref: 004099B2

Memory Dump Source

Source File: 00000000.00000002.2101006885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2100992683.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101024084.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101038921.0000000000419000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101053074.000000000041A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101176531.00000000005D2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101176531.0000000000619000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101213005.000000000061B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jXBjxhHQgR.jbxd

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
Instruction ID: 12fa68648396bb1ceea170b51bf60127e57d640db18298cc4567b447ffc2cf18
Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
Instruction Fuzzy Hash: 26014272000149BBCF125E94CC418EE3F26BF59354F58852AFE5868272D33BC9B1AB85

Function 00408E28 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

___BuildCatchObject.LIBCMT ref: 00408E3F

Part of subcall function 00409456: ___AdjustPointer.LIBCMT ref: 0040949F

_UnwindNestedFrames.LIBCMT ref: 00408E56
___FrameUnwindToState.LIBCMT ref: 00408E68
CallCatchBlock.LIBCMT ref: 00408E8C

Memory Dump Source

Source File: 00000000.00000002.2101006885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2100992683.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101024084.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101038921.0000000000419000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101053074.000000000041A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101176531.00000000005D2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101176531.0000000000619000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101213005.000000000061B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jXBjxhHQgR.jbxd

Similarity

API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
String ID:
API String ID: 2633735394-0
Opcode ID: f9d3b7a30e38f13d7fde29b061af4ea1347a5e88d77c866b69bca2c0e0536a04
Instruction ID: c63877a4ed4841c5a835f9bf5336d705e1c8d5502b90add4ab7b3c953910bad7
Opcode Fuzzy Hash: f9d3b7a30e38f13d7fde29b061af4ea1347a5e88d77c866b69bca2c0e0536a04
Instruction Fuzzy Hash: 4C012D32000108BBCF126F55CD01EDB3B76EF58754F05442AFA5875161C73AE861DBA8

Function 0040489F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

DecodePointer.KERNEL32(?,004048D6,00000000,00000000,00000000,00000000,00000000,0040886E,?,004071C4,00000003,00407D1C,00000000,00000000,00000000), ref: 004048A8
__invoke_watson.LIBCMT ref: 004048C4

Strings

PN7w, xrefs: 004048A8

Memory Dump Source

Source File: 00000000.00000002.2101006885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2100992683.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101024084.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101038921.0000000000419000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101053074.000000000041A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101176531.00000000005D2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101176531.0000000000619000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101213005.000000000061B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jXBjxhHQgR.jbxd

Similarity

API ID: DecodePointer__invoke_watson
String ID: PN7w
API String ID: 4034010525-3458938079
Opcode ID: 1d1fbc60780de98aec4cb2cf2b7a0d142b4ba744d6472e197b4101e21d820bfb
Instruction ID: f22a6f53f1a1218edd0a541a66cee6e23863e2be31cfa2b025b355028e54e8ba
Opcode Fuzzy Hash: 1d1fbc60780de98aec4cb2cf2b7a0d142b4ba744d6472e197b4101e21d820bfb
Instruction Fuzzy Hash: 01E0EC76000549BBDF052FB1DC058AA3F65BB54244B448876FF1094171D636C871EB94

Function 0040354B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11COMMON

Download Yara Rule

APIs

DecodePointer.KERNEL32 ref: 00403550
__set_abort_behavior.LIBCMT ref: 00403560

Strings

PN7w, xrefs: 00403550

Memory Dump Source

Source File: 00000000.00000002.2101006885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2100992683.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101024084.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101038921.0000000000419000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101053074.000000000041A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101176531.00000000005D2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101176531.0000000000619000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2101213005.000000000061B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jXBjxhHQgR.jbxd

Similarity

API ID: DecodePointer__set_abort_behavior
String ID: PN7w
API String ID: 4109001881-3458938079
Opcode ID: 7873a66d5e764f6421fbb574afcda89244eac52cc81acb4bd36b595936f1a1b7
Instruction ID: 354122713c9e9d39b85581d3b2b9b643982304f2c041b3eb88adacb4180547fb
Opcode Fuzzy Hash: 7873a66d5e764f6421fbb574afcda89244eac52cc81acb4bd36b595936f1a1b7
Instruction Fuzzy Hash: B1C02B6032830268F6143BB22D0A3390F40BB00B03F10803BF140EC1D0DCE4C000813E

Analysis Process: csrss.exePID: 2792, Parent PID: 4004COMMON

Execution Graph

Execution Coverage:	40.6%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	39
Total number of Limit Nodes:	7

Executed Functions

Function 02800110 Relevance: 22.7, APIs: 15, Instructions: 248
memorynativethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,00002800,00001000,00000004), ref: 02800156
GetModuleFileNameA.KERNELBASE(00000000,?,00002800), ref: 0280016C
CreateProcessA.KERNELBASE(?,00000000), ref: 02800255
VirtualFree.KERNELBASE(?,00000000,00008000), ref: 02800270
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 02800283
Wow64GetThreadContext.KERNEL32(00000000,?), ref: 0280029F
ReadProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 028002C8
NtUnmapViewOfSection.NTDLL(00000000,?), ref: 028002E3
VirtualAllocEx.KERNELBASE(00000000,?,?,00003000,00000040), ref: 02800304
NtWriteVirtualMemory.NTDLL(00000000,?,?,00000000,00000000), ref: 0280032A
NtWriteVirtualMemory.NTDLL(00000000,00000000,?,00000002,00000000), ref: 02800399
WriteProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 028003BF
Wow64SetThreadContext.KERNEL32(00000000,?), ref: 028003E1
ResumeThread.KERNELBASE(00000000), ref: 028003ED
ExitProcess.KERNEL32(00000000), ref: 02800412

Memory Dump Source

Source File: 00000003.00000002.2270087326.0000000002800000.00000040.00001000.00020000.00000000.sdmp, Offset: 02800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2800000_csrss.jbxd

Similarity

API ID: Virtual$MemoryProcess$AllocThreadWrite$ContextWow64$CreateExitFileFreeModuleNameReadResumeSectionUnmapView
String ID:
API String ID: 93872480-0
Opcode ID: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
Instruction ID: ad6a51920a3c03d758e56489c536e5f719b9fd8ce27811530a9207a6fb3b0e39
Opcode Fuzzy Hash: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
Instruction Fuzzy Hash: DBB1C774A00208AFDB44CF98C895F9EBBB5FF88314F248158E909AB391D771AE41CF94

Function 02800420 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 113
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExA.USER32(00000200,saodkfnosa9uin,mfoaskdfnoa,00CF0000,80000000,80000000,000003E8,000003E8,00000000,00000000,00000000,00000000), ref: 02800533

Strings

mfoaskdfnoa, xrefs: 02800520, 02800523
saodkfnosa9uin, xrefs: 028004DA
0, xrefs: 02800492
d, xrefs: 02800584

Memory Dump Source

Source File: 00000003.00000002.2270087326.0000000002800000.00000040.00001000.00020000.00000000.sdmp, Offset: 02800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2800000_csrss.jbxd

Similarity

API ID: CreateWindow
String ID: 0$d$mfoaskdfnoa$saodkfnosa9uin
API String ID: 716092398-2341455598
Opcode ID: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
Instruction ID: 65ba1077dcd052a91dd15c265c4bfef529dc573d0b08f675cad87c1f6fea1d40
Opcode Fuzzy Hash: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
Instruction Fuzzy Hash: B8510874D08388DAEB11CBA8C849BDDBFB2AF15708F144058D5487F2C6C7BA5658CB66

Function 028005B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNELBASE(apfHQ), ref: 028005EC

Strings

apfHQ, xrefs: 028005E2, 028005E5
o, xrefs: 02800600

Memory Dump Source

Source File: 00000003.00000002.2270087326.0000000002800000.00000040.00001000.00020000.00000000.sdmp, Offset: 02800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2800000_csrss.jbxd

Similarity

API ID: AttributesFile
String ID: apfHQ$o
API String ID: 3188754299-2999369273
Opcode ID: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
Instruction ID: 363ecc16c78db35335e5a3aab2fb5dc8301e2a2a59485bc44a12ebd112691bc8
Opcode Fuzzy Hash: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
Instruction Fuzzy Hash: 66011E74C0425CEEDB50DBD8C9583EEBFB5AF41309F188099C4196B282D7769B58CBA2

Function 026007A6 Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 026007CE
Module32First.KERNEL32(00000000,00000224), ref: 026007EE

Memory Dump Source

Source File: 00000003.00000002.2269982007.0000000002600000.00000040.00000020.00020000.00000000.sdmp, Offset: 02600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2600000_csrss.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: 2c886ea474e2fbddecac49cc8f02500142e4d175a826ea77a777fadd2edb490e
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: 44F062311017156BD7243AB598CCBAF76E8AF49665F100528E642911C0DB74F8455A61

Function 02600465 Relevance: 1.3, APIs: 1, Instructions: 48
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 026004B6

Memory Dump Source

Source File: 00000003.00000002.2269982007.0000000002600000.00000040.00000020.00020000.00000000.sdmp, Offset: 02600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2600000_csrss.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: 573d3e0f69b1142b016c16b90d4e05ad4f6b2715c4db2ce901a90098d5aaa664
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: B0113C79A40208EFDB01DF98C985E99BBF5EF08350F058094F9489B361D775EA50EF84

Analysis Process: csrss.exePID: 1468, Parent PID: 2792COMMON

Executed Functions

Function 006C5FE7 Relevance: 4.5, APIs: 3, Instructions: 19COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 006C5FF3

Part of subcall function 006959A8: __getptd_noexit.LIBCMT ref: 006959AB
Part of subcall function 006959A8: __amsg_exit.LIBCMT ref: 006959B8

__endthreadex.LIBCMT ref: 006C6003

Part of subcall function 006C5FAA: __IsNonwritableInCurrentImage.LIBCMT ref: 006C5FBD
Part of subcall function 006C5FAA: __getptd_noexit.LIBCMT ref: 006C5FCD
Part of subcall function 006C5FAA: __freeptd.LIBCMT ref: 006C5FD7
Part of subcall function 006C5FAA: RtlExitUserThread.NTDLL(?,?,006C6008,00000000), ref: 006C5FE0
Part of subcall function 006C5FAA: __XcptFilter.LIBCMT ref: 006C6014

Memory Dump Source

Source File: 00000005.00000002.3335454812.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.3335454812.0000000000824000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3335454812.000000000083D000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000005.00000002.3335454812.0000000000843000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_csrss.jbxd

Similarity

API ID: __getptd_noexit$CurrentExitFilterImageNonwritableThreadUserXcpt__amsg_exit__endthreadex__freeptd__getptd
String ID:
API String ID: 1003287236-0
Opcode ID: a89283c4aba3c99d0b47ffbdad6a7f8d104b49c00d8e382c7f34c9978f4e5ab4
Instruction ID: d5ace2e70bc2d3c52d8088d9385be9d0b72b17dae02ad738aec28fd26f28fbfb
Opcode Fuzzy Hash: a89283c4aba3c99d0b47ffbdad6a7f8d104b49c00d8e382c7f34c9978f4e5ab4
Instruction Fuzzy Hash: 65E0ECB5954605DFEB58ABA0C806E7E776AEF48311F20404CF1029B6A2CA75A984DF25

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	To disguise the source of malicious traffic, adversaries may chain together multiple proxies. Typically, a defender will be able to identify the last proxy traffic traversed before it enters their network; the defender may or may not be able to identify any previous proxies before the last-hop proxy. This technique makes identifying the original source of the malicious traffic even more difficult by requiring the defender to trace malicious traffic through several proxies to identify its source. A particular variant of this behavior is to use onion routing networks, such as the publicly available TOR network.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a connection proxy to direct network traffic between systems or act as an intermediary for network communications to a command and control server to avoid direct connections to their infrastructure. Many tools exist that enable traffic redirection through proxies or port redirection, including HTRAN , ZXProxy, and ZXPortMap. Adversaries use these types of proxies to manage command and control communications, reduce the number of simultaneous outbound network connections, provide resiliency in the face of connection loss, or to ride over existing trusted communications paths between victims to avoid suspicion. Adversaries may chain together multiple proxies to further disguise the source of malicious traffic.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report jXBjxhHQgR.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Drivers\csrss.exe

C:\Users\user\AppData\Local\Temp\4KPV6A~1\cached-certs (copy)

C:\Users\user\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus (copy)

C:\Users\user\AppData\Local\Temp\4KPV6A~1\state (copy)

C:\Users\user\AppData\Local\Temp\4KPV6A~1\unverified-microdesc-consensus (copy)

C:\Users\user\AppData\Local\Temp\4kPv6aJG8e\cached-certs.tmp

C:\Users\user\AppData\Local\Temp\4kPv6aJG8e\cached-microdesc-consensus.tmp

C:\Users\user\AppData\Local\Temp\4kPv6aJG8e\state.tmp

C:\Users\user\AppData\Local\Temp\4kPv6aJG8e\unverified-microdesc-consensus.tmp

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Windows Analysis Report
jXBjxhHQgR.exe

Function 02450110 Relevance: 22.7, APIs: 15, Instructions: 248
memorynativethreadCOMMON

Function 022917C6 Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Function 00401555 Relevance: 49.2, APIs: 20, Strings: 8, Instructions: 174
librarymemorywindowCOMMON

Function 00401783 Relevance: 26.5, APIs: 8, Strings: 7, Instructions: 209
COMMON

Function 02450420 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 113
registryCOMMON

Function 024505B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35
COMMON

Function 02291485 Relevance: 1.3, APIs: 1, Instructions: 48
memoryCOMMON

Function 0040554B Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 187
COMMON

Function 004081AB Relevance: 10.5, APIs: 7, Instructions: 45
threadCOMMON

Function 0040A4E7 Relevance: 7.6, APIs: 5, Instructions: 67
COMMONLIBRARYCODE