Edit tour

Windows Analysis Report
aNfqvgu.exe

Overview

General Information

Sample name:	aNfqvgu.exe
Analysis ID:	1585927
MD5:	5bcb135588749ad206277ab96836fc00
SHA1:	01f300d12fbeeb3c0bc5971b3baacb51dd6262dc
SHA256:	a6e44787ce9ccbcf4b60bb74db99a6f1954b0404f42de69b7b3294a3597e2848
Tags:	exemalwaretrojanuser-Joker
Infos:

Detection

RHADAMANTHYS

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

System process connects to network (likely due to code injection or exploit)

Yara detected RHADAMANTHYS Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Checks if the current machine is a virtual machine (disk enumeration)

Machine Learning detection for sample

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Query firmware table information (likely to detect VMs)

Switches to a custom stack to bypass stack traces

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

AV process strings found (often used to terminate AV products)

Contains capabilities to detect virtual machines

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a DirectInput object (often for capturing keystrokes)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

Installs a raw input device (often for capturing keystrokes)

Internet Provider seen in connection with other malware

One or more processes crash

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: Uncommon Svchost Parent Process

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara detected Keylogger Generic

Yara signature match

Classification

Process Tree

System is w10x64

aNfqvgu.exe (PID: 7152 cmdline: "C:\Users\user\Desktop\aNfqvgu.exe" MD5: 5BCB135588749AD206277AB96836FC00)

svchost.exe (PID: 5480 cmdline: "C:\Windows\System32\svchost.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)

fontdrvhost.exe (PID: 5244 cmdline: "C:\Windows\System32\fontdrvhost.exe" MD5: BBCB897697B3442657C7D6E3EDDBD25F)

WerFault.exe (PID: 1220 cmdline: C:\Windows\system32\WerFault.exe -u -p 5244 -s 136 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)

WerFault.exe (PID: 3732 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 504 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Rhadamanthys	According to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.	Sandworm	https://0xmrmagnezi.github.io/malware%20analysis/Rhadamanthys/ https://blog.cyble.com/2023/01/12/rhadamanthys-new-stealer-spreading-through-google-ads/ https://blog.google/threat-analysis-group/ukraine-remains-russias-biggest-cyber-focus-in-2023 https://blog.sekoia.io/clickfix-tactic-the-phantom-meet/ https://blog.talosintelligence.com/highlighting-ta866-asylum-ambuscade/	https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys

Malware Configuration

Threatname: Rhadamanthys

{"C2 url": "https://154.216.20.162:1950/ea67a7c847f6620fc89/5mhwlxfi.wrqga"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.1765588038.0000000002170000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000000.00000003.1739807908.0000000000680000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000001.00000003.1747966251.00000000027F0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000000.00000003.1747202676.00000000006E9000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x1418:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000001.00000003.1752625832.0000000004E80000.00000004.00000001.00020000.00000000.sdmp	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
00000000.00000003.1742374681.0000000002E90000.00000004.00000001.00020000.00000000.sdmp	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
00000000.00000002.1765676595.0000000002300000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000001.00000003.1752787290.00000000050A0000.00000004.00000001.00020000.00000000.sdmp	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
00000000.00000003.1742230483.0000000002C70000.00000004.00000001.00020000.00000000.sdmp	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
00000001.00000002.1846756097.0000000002F60000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
Process Memory Space: aNfqvgu.exe PID: 7152	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
Process Memory Space: svchost.exe PID: 5480	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
Click to see the 7 entries

Unpacked PEs

Source	Rule	Description	Author
1.3.svchost.exe.50a0000.7.raw.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
0.3.aNfqvgu.exe.2e90000.8.raw.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
1.3.svchost.exe.4e80000.6.raw.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
0.3.aNfqvgu.exe.2c70000.7.raw.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security

Sigma Signatures

System Summary

Sigma detected: Uncommon Svchost Parent Process

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\aNfqvgu.exe", ParentImage: C:\Users\user\Desktop\aNfqvgu.exe, ParentProcessId: 7152, ParentProcessName: aNfqvgu.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 5480, ProcessName: svchost.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\aNfqvgu.exe", ParentImage: C:\Users\user\Desktop\aNfqvgu.exe, ParentProcessId: 7152, ParentProcessName: aNfqvgu.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 5480, ProcessName: svchost.exe

Suricata Signatures

ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-08T14:29:14.510406+0100	2854802	1	Domain Observed Used for C2 Detected	154.216.20.162	1950	192.168.2.4	49730	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: aNfqvgu.exe

Avira: detected

Found malware configuration

Source: 00000000.00000003.1728126476.00000000021E0000.00000004.00001000.00020000.00000000.sdmp

Malware Configuration Extractor: Rhadamanthys {"C2 url": "https://154.216.20.162:1950/ea67a7c847f6620fc89/5mhwlxfi.wrqga"}

Multi AV Scanner detection for submitted file

Source: aNfqvgu.exe	ReversingLabs: Detection: 34%
Source: aNfqvgu.exe	Virustotal: Detection: 37%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: aNfqvgu.exe

Joe Sandbox ML: detected

Compliance

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\Desktop\aNfqvgu.exe

Unpacked PE file: 0.2.aNfqvgu.exe.400000.0.unpack

Source: aNfqvgu.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\aNfqvgu.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source:	Binary string: wkernel32.pdb source: aNfqvgu.exe, 00000000.00000003.1741985202.0000000002D90000.00000004.00000001.00020000.00000000.sdmp, aNfqvgu.exe, 00000000.00000003.1741906942.0000000002C70000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1752429094.0000000004E80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1752488546.0000000004FA0000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: wkernelbase.pdb source: aNfqvgu.exe, 00000000.00000003.1742374681.0000000002E90000.00000004.00000001.00020000.00000000.sdmp, aNfqvgu.exe, 00000000.00000003.1742230483.0000000002C70000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1752625832.0000000004E80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1752787290.00000000050A0000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: aNfqvgu.exe, 00000000.00000003.1740842200.0000000002C70000.00000004.00000001.00020000.00000000.sdmp, aNfqvgu.exe, 00000000.00000003.1740981282.0000000002E60000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1751321019.0000000004E80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1751619382.0000000005070000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdbUGP source: aNfqvgu.exe, 00000000.00000003.1741427226.0000000002E10000.00000004.00000001.00020000.00000000.sdmp, aNfqvgu.exe, 00000000.00000003.1741243110.0000000002C70000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1751961082.0000000004E80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1752170569.0000000005020000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdbUGP source: aNfqvgu.exe, 00000000.00000003.1740842200.0000000002C70000.00000004.00000001.00020000.00000000.sdmp, aNfqvgu.exe, 00000000.00000003.1740981282.0000000002E60000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1751321019.0000000004E80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1751619382.0000000005070000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: aNfqvgu.exe, 00000000.00000003.1741427226.0000000002E10000.00000004.00000001.00020000.00000000.sdmp, aNfqvgu.exe, 00000000.00000003.1741243110.0000000002C70000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1751961082.0000000004E80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1752170569.0000000005020000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: wkernel32.pdbUGP source: aNfqvgu.exe, 00000000.00000003.1741985202.0000000002D90000.00000004.00000001.00020000.00000000.sdmp, aNfqvgu.exe, 00000000.00000003.1741906942.0000000002C70000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1752429094.0000000004E80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1752488546.0000000004FA0000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: wkernelbase.pdbUGP source: aNfqvgu.exe, 00000000.00000003.1742374681.0000000002E90000.00000004.00000001.00020000.00000000.sdmp, aNfqvgu.exe, 00000000.00000003.1742230483.0000000002C70000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1752625832.0000000004E80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1752787290.00000000050A0000.00000004.00000001.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_2_00431BBA FindFirstFileExW,FindNextFileW,FindClose,FindClose,		0_2_00431BBA
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_2_021A1E21 FindFirstFileExW,FindNextFileW,FindClose,FindClose,		0_2_021A1E21

Source: C:\Windows\System32\fontdrvhost.exe

Code function: 4x nop then dec esp

6_2_0000016CDEDA0511

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 154.216.20.162:1950 -> 192.168.2.4:49730

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\svchost.exe

Network Connect: 154.216.20.162 1950

Jump to behavior

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: https://154.216.20.162:1950/ea67a7c847f6620fc89/5mhwlxfi.wrqga

Source: global traffic

TCP traffic: 192.168.2.4:49730 -> 154.216.20.162:1950

Source: Joe Sandbox View

ASN Name: SKHT-ASShenzhenKatherineHengTechnologyInformationCo SKHT-ASShenzhenKatherineHengTechnologyInformationCo

Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.162

Source: Amcache.hve.8.dr	String found in binary or memory: http://upx.sf.net
Source: svchost.exe, 00000001.00000002.1846321164.00000000026DC000.00000004.00000010.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1846618066.0000000002D0C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, fontdrvhost.exe, 00000006.00000002.1991591004.0000016CDEDA0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: https://154.216.20.162:1950/ea67a7c847f6620fc89/5mhwlxfi.wrqga
Source: svchost.exe, 00000001.00000002.1846618066.0000000002D0C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000006.00000002.1991591004.0000016CDEDA0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: https://154.216.20.162:1950/ea67a7c847f6620fc89/5mhwlxfi.wrqgakernelbasentdllkernel32GetProcessMitig
Source: svchost.exe, 00000001.00000002.1846321164.00000000026DC000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: https://154.216.20.162:1950/ea67a7c847f6620fc89/5mhwlxfi.wrqgax
Source: svchost.exe, 00000001.00000003.1808446152.0000000002DA1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cloudflare-dns.com/dns-query
Source: svchost.exe, 00000001.00000003.1808446152.0000000002DA1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachi

Source: aNfqvgu.exe, 00000000.00000003.1742374681.0000000002E90000.00000004.00000001.00020000.00000000.sdmp

Binary or memory string: DirectInput8Create

memstr_cba68383-b

Source: aNfqvgu.exe, 00000000.00000003.1742374681.0000000002E90000.00000004.00000001.00020000.00000000.sdmp

Binary or memory string: GetRawInputData

memstr_083bd0e2-3

Source: Yara match	File source: 1.3.svchost.exe.50a0000.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.aNfqvgu.exe.2e90000.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.3.svchost.exe.4e80000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.aNfqvgu.exe.2c70000.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000003.1752625832.0000000004E80000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1742374681.0000000002E90000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.1752787290.00000000050A0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1742230483.0000000002C70000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: aNfqvgu.exe PID: 7152, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: svchost.exe PID: 5480, type: MEMORYSTR

System Summary

Malicious sample detected (through community Yara rule)

Source: 00000000.00000002.1765588038.0000000002170000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000000.00000003.1747202676.00000000006E9000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown

Source: C:\Windows\System32\fontdrvhost.exe	Code function: 6_2_0000016CDEDA0AC8 NtAcceptConnectPort,NtAcceptConnectPort,	6_2_0000016CDEDA0AC8
Source: C:\Windows\System32\fontdrvhost.exe	Code function: 6_2_0000016CDEDA15C0 NtAcceptConnectPort,	6_2_0000016CDEDA15C0
Source: C:\Windows\System32\fontdrvhost.exe	Code function: 6_2_0000016CDEDA1CF4 NtAcceptConnectPort,CloseHandle,	6_2_0000016CDEDA1CF4
Source: C:\Windows\System32\fontdrvhost.exe	Code function: 6_2_0000016CDEDA1AA4 NtAcceptConnectPort,NtAcceptConnectPort,	6_2_0000016CDEDA1AA4

Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_2_004381D2	0_2_004381D2
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_2_0042C231	0_2_0042C231
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_2_0042C400	0_2_0042C400
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_2_0219C667	0_2_0219C667
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_2_021A8439	0_2_021A8439
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_2_0219C498	0_2_0219C498
Source: C:\Windows\System32\fontdrvhost.exe	Code function: 6_2_0000016CDEDA0C70	6_2_0000016CDEDA0C70

Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: String function: 0042CD90 appears 33 times
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: String function: 0219CFF7 appears 32 times

Source: C:\Users\user\Desktop\aNfqvgu.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 504

Source: aNfqvgu.exe	Binary or memory string: OriginalFilename vs aNfqvgu.exe
Source: aNfqvgu.exe, 00000000.00000003.1741427226.0000000002F3D000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs aNfqvgu.exe
Source: aNfqvgu.exe, 00000000.00000002.1765588038.0000000002170000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCFF Explorer.exe: vs aNfqvgu.exe
Source: aNfqvgu.exe, 00000000.00000003.1741243110.0000000002D93000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs aNfqvgu.exe
Source: aNfqvgu.exe, 00000000.00000003.1728126476.00000000021E0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCFF Explorer.exe: vs aNfqvgu.exe
Source: aNfqvgu.exe, 00000000.00000003.1739929212.0000000000449000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameCFF Explorer.exe: vs aNfqvgu.exe
Source: aNfqvgu.exe, 00000000.00000003.1741985202.0000000002D90000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \[FileVersionProductVersionFileDescriptionCompanyNameProductNameOriginalFilenameInternalNameLegalCopyright vs aNfqvgu.exe
Source: aNfqvgu.exe, 00000000.00000003.1741906942.0000000002C70000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \[FileVersionProductVersionFileDescriptionCompanyNameProductNameOriginalFilenameInternalNameLegalCopyright vs aNfqvgu.exe
Source: aNfqvgu.exe, 00000000.00000003.1740842200.0000000002DE8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs aNfqvgu.exe
Source: aNfqvgu.exe, 00000000.00000003.1741906942.0000000002D02000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamekernel32j% vs aNfqvgu.exe
Source: aNfqvgu.exe, 00000000.00000003.1742374681.0000000003071000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameKernelbase.dllj% vs aNfqvgu.exe
Source: aNfqvgu.exe, 00000000.00000003.1742230483.0000000002C70000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameKernelbase.dllj% vs aNfqvgu.exe
Source: aNfqvgu.exe, 00000000.00000003.1740981282.0000000002FE6000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs aNfqvgu.exe
Source: aNfqvgu.exe, 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameCFF Explorer.exe: vs aNfqvgu.exe
Source: aNfqvgu.exe, 00000000.00000003.1741985202.0000000002DE0000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamekernel32j% vs aNfqvgu.exe

Source: aNfqvgu.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 00000000.00000002.1765588038.0000000002170000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000000.00000003.1747202676.00000000006E9000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12

Source: aNfqvgu.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal100.troj.evad.winEXE@7/5@0/1

Source: C:\Users\user\Desktop\aNfqvgu.exe

Code function: 0_3_006EA446 CreateToolhelp32Snapshot,Module32First,

0_3_006EA446

Source: C:\Windows\System32\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5244
Source: C:\Windows\SysWOW64\svchost.exe	Mutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-7082a096-77f7-1e6135-d52f738ed9ed}

Source: C:\Windows\SysWOW64\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\2b6d5265-667d-4522-a470-dc8306e801cb

Jump to behavior

Source: aNfqvgu.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\svchost.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\SysWOW64\svchost.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\aNfqvgu.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: aNfqvgu.exe	ReversingLabs: Detection: 34%
Source: aNfqvgu.exe	Virustotal: Detection: 37%

Source: unknown	Process created: C:\Users\user\Desktop\aNfqvgu.exe "C:\Users\user\Desktop\aNfqvgu.exe"
Source: C:\Users\user\Desktop\aNfqvgu.exe	Process created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"
Source: C:\Users\user\Desktop\aNfqvgu.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 504
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
Source: C:\Windows\System32\fontdrvhost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 5244 -s 136
Source: C:\Users\user\Desktop\aNfqvgu.exe	Process created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"	Jump to behavior

Source: C:\Users\user\Desktop\aNfqvgu.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\aNfqvgu.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\aNfqvgu.exe	Section loaded: msvcr100.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: drprov.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: ntlanman.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: davclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: davhlpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: mswsock.dll	Jump to behavior

Source: C:\Windows\SysWOW64\svchost.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32

Jump to behavior

Source: aNfqvgu.exe

Static file information: File size 1645056 > 1048576

Source: C:\Users\user\Desktop\aNfqvgu.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source:	Binary string: wkernel32.pdb source: aNfqvgu.exe, 00000000.00000003.1741985202.0000000002D90000.00000004.00000001.00020000.00000000.sdmp, aNfqvgu.exe, 00000000.00000003.1741906942.0000000002C70000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1752429094.0000000004E80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1752488546.0000000004FA0000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: wkernelbase.pdb source: aNfqvgu.exe, 00000000.00000003.1742374681.0000000002E90000.00000004.00000001.00020000.00000000.sdmp, aNfqvgu.exe, 00000000.00000003.1742230483.0000000002C70000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1752625832.0000000004E80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1752787290.00000000050A0000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: aNfqvgu.exe, 00000000.00000003.1740842200.0000000002C70000.00000004.00000001.00020000.00000000.sdmp, aNfqvgu.exe, 00000000.00000003.1740981282.0000000002E60000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1751321019.0000000004E80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1751619382.0000000005070000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdbUGP source: aNfqvgu.exe, 00000000.00000003.1741427226.0000000002E10000.00000004.00000001.00020000.00000000.sdmp, aNfqvgu.exe, 00000000.00000003.1741243110.0000000002C70000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1751961082.0000000004E80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1752170569.0000000005020000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdbUGP source: aNfqvgu.exe, 00000000.00000003.1740842200.0000000002C70000.00000004.00000001.00020000.00000000.sdmp, aNfqvgu.exe, 00000000.00000003.1740981282.0000000002E60000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1751321019.0000000004E80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1751619382.0000000005070000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: aNfqvgu.exe, 00000000.00000003.1741427226.0000000002E10000.00000004.00000001.00020000.00000000.sdmp, aNfqvgu.exe, 00000000.00000003.1741243110.0000000002C70000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1751961082.0000000004E80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1752170569.0000000005020000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: wkernel32.pdbUGP source: aNfqvgu.exe, 00000000.00000003.1741985202.0000000002D90000.00000004.00000001.00020000.00000000.sdmp, aNfqvgu.exe, 00000000.00000003.1741906942.0000000002C70000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1752429094.0000000004E80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1752488546.0000000004FA0000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: wkernelbase.pdbUGP source: aNfqvgu.exe, 00000000.00000003.1742374681.0000000002E90000.00000004.00000001.00020000.00000000.sdmp, aNfqvgu.exe, 00000000.00000003.1742230483.0000000002C70000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1752625832.0000000004E80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1752787290.00000000050A0000.00000004.00000001.00020000.00000000.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\aNfqvgu.exe

Unpacked PE file: 0.2.aNfqvgu.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.pip:W;.wekasun:W;.rsrc:R; vs .text:ER;.textbss:EW;.rdata:R;.data:W;.rsrc:R;.reloc:R;

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\Desktop\aNfqvgu.exe

Unpacked PE file: 0.2.aNfqvgu.exe.400000.0.unpack

Source: aNfqvgu.exe

Static PE information: real checksum: 0x98732 should be: 0x198732

Source: aNfqvgu.exe	Static PE information: section name: .pip
Source: aNfqvgu.exe	Static PE information: section name: .wekasun

Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_3_0043BC39 push ecx; ret	0_3_0043BC59
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_3_0043B8EC push edi; ret	0_3_0043B8F8
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_3_0043D2FB push edi; ret	0_3_0043D2CC
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_3_0043A0F9 push FFFFFF82h; iretd	0_3_0043A0FB
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_3_0043FE8F push esi; ret	0_3_0043FEA1
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_3_00439F6A push eax; ret	0_3_00439F75
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_3_0043DD01 push esi; ret	0_3_0043DD6A
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_3_0043B1DC push eax; ret	0_3_0043B1DD
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_3_006ED25E push edx; iretd	0_3_006ED25F
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_3_006EC455 push ebx; retf	0_3_006EC458
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_3_006EDAAF push ebx; retf	0_3_006EDAB3
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_3_006EF4A6 push ebx; retf	0_3_006EF438
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_3_006EC0A1 push edx; iretd	0_3_006EC0A2
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_3_006EC4B5 push edi; ret	0_3_006EC4A7
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_3_006EC49C push edi; ret	0_3_006EC4A7
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_3_006EE55A push edx; iretd	0_3_006EE55B
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_3_006EDD2E push ecx; iretd	0_3_006EDD31
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_3_006EE9EF push edx; retf	0_3_006EEA2F
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_3_006EF3D4 push ebx; retf	0_3_006EF438
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_3_006EB7BB push edi; iretd	0_3_006EB7D7
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_2_0043B8EC push edi; ret	0_2_0043B8F8
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_2_0043A0F9 push FFFFFF82h; iretd	0_2_0043A0FB
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_2_00438904 push ecx; ret	0_2_00438917
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_2_0043B1DC push eax; ret	0_2_0043B1DD
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_2_0043D2FB push edi; ret	0_2_0043D2CC
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_2_0043BC39 push ecx; ret	0_2_0043BC59
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_2_0043DD01 push esi; ret	0_2_0043DD6A
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_2_0043FE8F push esi; ret	0_2_0043FEA1
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_2_00439F6A push eax; ret	0_2_00439F75
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_2_021A8B6B push ecx; ret	0_2_021A8B7E
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_3_0270225C push eax; ret	1_3_0270225D

Source: aNfqvgu.exe

Static PE information: section name: .text entropy: 7.632006529508244

Source: C:\Users\user\Desktop\aNfqvgu.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Checks if the current machine is a virtual machine (disk enumeration)

Source: C:\Windows\SysWOW64\svchost.exe

Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI

Jump to behavior

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\svchost.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PnPEntity
Source: C:\Windows\SysWOW64\svchost.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PnPEntity

Query firmware table information (likely to detect VMs)

Source: C:\Windows\SysWOW64\svchost.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	System information queried: FirmwareTableInformation	Jump to behavior

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\Desktop\aNfqvgu.exe	API/Special instruction interceptor: Address: 7FFE2220D044
Source: C:\Windows\SysWOW64\svchost.exe	API/Special instruction interceptor: Address: 7FFE2220D044
Source: C:\Windows\SysWOW64\svchost.exe	API/Special instruction interceptor: Address: 51CB83A

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Windows\SysWOW64\svchost.exe

File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: svchost.exe, 00000001.00000002.1846618066.0000000002D00000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: HOOKEXPLORER.EXE
Source: svchost.exe, 00000001.00000002.1846618066.0000000002D00000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OLLYDBG.EXE
Source: aNfqvgu.exe, 00000000.00000002.1765588038.0000000002170000.00000040.00001000.00020000.00000000.sdmp, aNfqvgu.exe, 00000000.00000003.1728126476.00000000021E0000.00000004.00001000.00020000.00000000.sdmp, aNfqvgu.exe, 00000000.00000003.1739929212.0000000000449000.00000040.00000001.01000000.00000003.sdmp, aNfqvgu.exe, 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: ORIGINALFILENAMECFF EXPLORER.EXE:
Source: svchost.exe, 00000001.00000002.1846618066.0000000002D00000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: EXEAUTORUNS.EXEDUMPCAP.EXEDE4DOT.EXEHOOKEXPLORER.EXEILSPY.EXELORDPE.EXEDNSPY.EXEPETOOLS.EXEAUTORUNSC.EX
Source: svchost.exe, 00000001.00000002.1846618066.0000000002D00000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: X64DBG.EXE
Source: aNfqvgu.exe	Binary or memory string: CFF EXPLORER.EXE
Source: aNfqvgu.exe, 00000000.00000002.1765588038.0000000002170000.00000040.00001000.00020000.00000000.sdmp, aNfqvgu.exe, 00000000.00000003.1728126476.00000000021E0000.00000004.00001000.00020000.00000000.sdmp, aNfqvgu.exe, 00000000.00000003.1739929212.0000000000449000.00000040.00000001.01000000.00000003.sdmp, aNfqvgu.exe, 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: INTERNALNAMECFF EXPLORER.EXE
Source: svchost.exe, 00000001.00000002.1846618066.0000000002D00000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AUTORUNS.EXE
Source: svchost.exe, 00000001.00000002.1846618066.0000000002D00000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: PETOOLS.EXE
Source: svchost.exe, 00000001.00000002.1846618066.0000000002D00000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: WINDUMP.EXE
Source: svchost.exe, 00000001.00000002.1846618066.0000000002D00000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: DUMPCAP.EXE
Source: svchost.exe, 00000001.00000002.1846618066.0000000002D00000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: DDLER.EXEIDA.EXEIDA64.EXEIMMUNITYDEBUGGER.EXEWINDUMP.EXEX64DBG.EXEX32DBG.EXEOLLYDBG.EXEP

Source: C:\Windows\SysWOW64\svchost.exe	File opened / queried: VBoxGuest	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 name: Identifier	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File opened / queried: C:\Windows\SysWOW64\vboxservice.exe	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File opened / queried: C:\Windows\SysWOW64\vboxtray.exe	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File opened / queried: C:\Windows\SysWOW64\drivers\VBoxMouse.sys	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File opened / queried: VBoxTrayIPC	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File opened / queried: C:\Windows\SysWOW64\drivers\VBoxSF.sys	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File opened / queried: C:\Windows\SysWOW64\vboxhook.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosDate	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File opened / queried: \pipe\VBoxTrayIPC	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File opened / queried: C:\Windows\SysWOW64\drivers\VBoxVideo.sys	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File opened / queried: VBoxMiniRdrDN	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File opened / queried: C:\Windows\SysWOW64\drivers\VBoxGuest.sys	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\aNfqvgu.exe

API coverage: 7.3 %

Source: C:\Windows\SysWOW64\svchost.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Windows\SysWOW64\svchost.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard

Source: C:\Windows\SysWOW64\svchost.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Windows\SysWOW64\svchost.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystem

Source: C:\Windows\SysWOW64\svchost.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\SysWOW64\svchost.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_2_00431BBA FindFirstFileExW,FindNextFileW,FindClose,FindClose,		0_2_00431BBA
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_2_021A1E21 FindFirstFileExW,FindNextFileW,FindClose,FindClose,		0_2_021A1E21

Source: Amcache.hve.8.dr	Binary or memory string: VMware
Source: Amcache.hve.8.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.8.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.8.dr	Binary or memory string: VMware, Inc.
Source: svchost.exe, 00000001.00000002.1846591885.0000000002C5C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Microsoft-Windows-CoreSystem-InitMachineConfigApplication Mancalrpc:[epmapper,Security=Impersonation Dynamic False]EnumBthLEEnumBthMiniBTHPORTBTHUSBBugCheckcdromcht4iscsicht4vbdDCOMDfsSvcDhcpDhcpv6diskDisplayDnsapiDnscachee1i65x64ebdrveventlogexFATFltMgrfvevolHidBthhidi2chidspiHpSAMDHttpi8042prtiaStorAVCiaStorVibbusIntel-iaLPSS-GPIOIntel-iaLPSS-I2CIntel-iaLPSS2-GPIO2Intel-iaLPSS2-I2CintelppmIPMGMIPMIDRVIPNATHLPIPRouterManagerIPxlatCfgisapnpiScsiPrtItSas35ikbdclasskbdhidkdnicKerberosLfsvclltdioLmHostsLsaSrvLSI_SASLSI_SAS2iLSI_SAS3iLSI_SSSLSMmegasasmegasas2imegasas35imegasrMicrosoft-Antimalware-ShieldProviderMicrosoft-Windows-Audit-CVEMicrosoft-Windows-BitLocker-APIMicrosoft-Windows-BitLocker-DriverMicrosoft-Windows-Bits-ClientMicrosoft-Windows-Bluetooth-BthLEPrepairingMicrosoft-Windows-CoreSystem-InitMachineConfigMicrosoft-Windows-CoreSystem-NetProvision-JoinProviderOnlineMicrosoft-Windows-CorruptedFileRecovery-ClientMicrosoft-Windows-CorruptedFileRecovery-ServerMicrosoft-Windows-Devices-BackgroundMicrosoft-Windows-DfsSvcMicrosoft-Windows-Dhcp-ClientMicrosoft-Windows-DHCPv6-ClientMicrosoft-Windows-Diagnostics-NetworkingMicrosoft-Windows-Directory-Services-SAMMicrosoft-Windows-DiskDiagnosticMicrosoft-Windows-DistributedCOMMicrosoft-Windows-DNS-ClientMicrosoft-Windows-DriverFrameworks-UserModeMicrosoft-Windows-EnhancedStorage-EhStorTcgDrvMicrosoft-Windows-EventCollectorMicrosoft-Windows-EventlogMicrosoft-Windows-exFAT-SQMMicrosoft-Windows-FailoverClustering-ClientMicrosoft-Windows-Fat-SQMMicrosoft-Windows-Fault-Tolerant-HeapMicrosoft-Windows-FilterManagerMicrosoft-Windows-FirewallMicrosoft-Windows-FMSMicrosoft-Windows-FunctionDiscoveryHostMicrosoft-Windows-GPIO-ClassExtensionMicrosoft-Windows-GroupPolicyMicrosoft-Windows-HALMicrosoft-Windows-HttpEventMicrosoft-Windows-HttpServiceMicrosoft-Windows-Hyper-V-HypervisorMicrosoft-Windows-IphlpsvcMicrosoft-Windows-IsolatedUserModeMicrosoft-Windows-Kernel-BootMicrosoft-Windows-Kernel-GeneralMicrosoft-Windows-Kernel-Interrupt-SteeringMicrosoft-Windows-Kernel-IOMicrosoft-Windows-Kernel-PnPMicrosoft-Windows-Kernel-PowerMicrosoft-Windows-Kernel-Processor-PowerMicrosoft-Windows-Kerne
Source: Amcache.hve.8.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.8.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.8.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.8.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: svchost.exe, 00000001.00000002.1846591885.0000000002C5C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1846511935.0000000002C00000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Amcache.hve.8.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: svchost.exe, 00000001.00000002.1846532119.0000000002C12000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW(
Source: svchost.exe, 00000001.00000003.1793652220.0000000002C54000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: System3wareACPIADP80XXAFDAmdK8AmdPPMamdsataamdsbsamdxataApplication Management Group PolicyApplication PopupAppReadinessarcsasAsyncMacatapib06bdrvBasicRenderbeepBthEnumBthLEEnumBthMiniBTHPORTBTHUSBBugCheckcdromcht4iscsicht4vbdDCOMDfsSvcDhcpDhcpv6diskDisplayDnsapiDnscachee1i65x64ebdrveventlogexFATFltMgrfvevolHidBthhidi2chidspiHpSAMDHttpi8042prtiaStorAVCiaStorVibbusIntel-iaLPSS-GPIOIntel-iaLPSS-I2CIntel-iaLPSS2-GPIO2Intel-iaLPSS2-I2CintelppmIPMGMIPMIDRVIPNATHLPIPRouterManagerIPxlatCfgisapnpiScsiPrtItSas35ikbdclasskbdhidkdnicKerberosLfsvclltdioLmHostsLsaSrvLSI_SASLSI_SAS2iLSI_SAS3iLSI_SSSLSMmegasasmegasas2imegasas35imegasrMicrosoft-Antimalware-ShieldProviderMicrosoft-Windows-Audit-CVEMicrosoft-Windows-BitLocker-APIMicrosoft-Windows-BitLocker-DriverMicrosoft-Windows-Bits-ClientMicrosoft-Windows-Bluetooth-BthLEPrepairingMicrosoft-Windows-CoreSystem-InitMachineConfigMicrosoft-Windows-CoreSystem-NetProvision-JoinProviderOnlineMicrosoft-Windows-CorruptedFileRecovery-ClientMicrosoft-Windows-CorruptedFileRecovery-ServerMicrosoft-Windows-Devices-BackgroundMicrosoft-Windows-DfsSvcMicrosoft-Windows-Dhcp-ClientMicrosoft-Windows-DHCPv6-ClientMicrosoft-Windows-Diagnostics-NetworkingMicrosoft-Windows-Directory-Services-SAMMicrosoft-Windows-DiskDiagnosticMicrosoft-Windows-DistributedCOMMicrosoft-Windows-DNS-ClientMicrosoft-Windows-DriverFrameworks-UserModeMicrosoft-Windows-EnhancedStorage-EhStorTcgDrvMicrosoft-Windows-EventCollectorMicrosoft-Windows-EventlogMicrosoft-Windows-exFAT-SQMMicrosoft-Windows-FailoverClustering-ClientMicrosoft-Windows-Fat-SQMMicrosoft-Windows-Fault-Tolerant-HeapMicrosoft-Windows-FilterManagerMicrosoft-Windows-FirewallMicrosoft-Windows-FMSMicrosoft-Windows-FunctionDiscoveryHostMicrosoft-Windows-GPIO-ClassExtensionMicrosoft-Windows-GroupPolicyMicrosoft-Windows-HALMicrosoft-Windows-HttpEventMicrosoft-Windows-HttpServiceMicrosoft-Windows-Hyper-V-HypervisorMicrosoft-Windows-IphlpsvcMicrosoft-Windows-IsolatedUserModeMicrosoft-Windows-Kernel-BootMicrosoft-Windows-Kernel-GeneralMicrosoft-Windows-Kernel-Interrupt-SteeringMicrosoft-Windows-Kernel-IOMicrosoft-Windows-Kernel-PnPMicrosoft-Windows-Kernel-PowerMicrosoft-Windows-Kernel-Processor-PowerMicrosoft-Windows-Kernel-TmMicrosoft-Windows-Kernel-WHEAMicrosoft-Windows-Kernel-XDVMicrosoft-Windows-LanguagePackSetupMicrosor
Source: Amcache.hve.8.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: svchost.exe, 00000001.00000002.1846591885.0000000002C5C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: HMicrosoft-Windows-Hyper-V-HypervisorHMicrosoft-Antimalware-ShieldProviderC:\Windows\system32\wbem\fastprox.dlll>Microsoft-Windows-BitLocker-APIdlllHMicrosoft-Windows-Devices-Background@Microsoft-Windows-DiskDiagnostic.dll@Microsoft-Windows-DistributedCOM.dll@Microsoft-Windows-EventCollector.dll>Microsoft-Windows-FilterManagerdlllDMicrosoft-Windows-BitLocker-Driverl
Source: Amcache.hve.8.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.8.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: svchost.exe, 00000001.00000002.1846591885.0000000002C5C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: HMicrosoft-Windows-Hyper-V-Hypervisor-WDMicrosoft-Windows-IsolatedUserModeTMicHMicrosoft-Antimalware-ShieldProviderseHMicrosoft-Windows-Devices-Backgroundic@Microsoft-Windows-DistributedCOMows-WindowFApplication Management Group Policyws-WJMicrosoft-Windows-Fault-Tolerant-Heap@Microsoft-Windows-WMPNSS-ServiceMSDTC GatDMicrosoft-Windows-BitLocker-DriversImPlaBMicrosoft-Windows-WLAN-AutoConfigtBTNet>Microsoft-Windows-BitLocker-APImciapercsa@Microsoft-Windows-DiskDiagnosticntFilterPi>Microsoft-Windows-DHCPv6-ClienteAccessRet@Microsoft-Windows-EventCollectorcmbusser>Microsoft-Windows-FilterManagerid2SiSRaidJMicrosoft-Windows-GPIO-ClassExtension<Microsoft-Windows-OfflineFilesonTermServic>Microsoft-Windows-SetupPlatform2usbehci@Microsoft-Windows-Spell-CheckingDisk Provi<Microsoft-Windows-Kernel-PowerSTXRAIDW32Ti@Microsoft-Windows-Kernel-Generalows Disk D<Microsoft-Windows-SpellCheckerWMIxWDMWMP>Microsoft-Windows-StartupRepairvt\Logs\Syst>Microsoft-Windows-TaskSchedulernevt\Logs\Sy<Microsoft-Windows-Time-ServiceSystemevtx >Microsoft-Windows-OverlayFilter250108132856JMicrosoft-Windows-Power-Meter-Polling>Microsoft-Windows-NetworkBridgeFMicrosoft-Windows-LanguagePackSetup>Microsoft-Windows-USB-MAUSBHOSTJMicrosoft-Windows-ResourcePublicationHMicrosoft-Windows-SPB-ClassExtensionJMicrosoft-Windows-WindowsUpdateClientBMicrosoft-Windows-WLAN-AutoConfig
Source: Amcache.hve.8.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.8.dr	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.8.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.8.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: svchost.exe, 00000001.00000002.1846591885.0000000002C5C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1793652220.0000000002C54000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft-Windows-Hyper-V-Hypervisor
Source: Amcache.hve.8.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: svchost.exe, 00000001.00000003.1752787290.00000000050A0000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: DisableGuestVmNetworkConnectivity
Source: svchost.exe, 00000001.00000003.1793652220.0000000002C54000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: y-Diagnostic-Task-HandlerMicrosoft-Windows-MemoryDiagnostics-ResultsMicrosoft-Windows-MemoryDiagnostics-ScheduleMicrosoft-Windows-MountMgrMicrosoft-Windows-NDISMicrosoft-Windows-NdisImPlatformSysEvtProviderMicrosoft-Windows-NetworkBridgeMicrosoft-Windows-NtfsMicrosoft-Windows-Ntfs-UBPMMicrosoft-Windows-OfflineFilesMicrosoft-Windows-OverlayFilterMicrosoft-Windows-PersistentMemory-NvdimmMicrosoft-Windows-PersistentMemory-PmemDiskMicrosoft-Windows-Power-Meter-PollingMicrosoft-Windows-Power-TroubleshooterMicrosoft-Windows-ReFSMicrosoft-Windows-ReFS-v1Microsoft-Windows-ResetEngMicrosoft-Windows-Resource-Exhaustion-DetectorMicrosoft-Windows-ResourcePublicationMicrosoft-Windows-SCPNPMicrosoft-Windows-Serial-ClassExtensionMicrosoft-Windows-Serial-ClassExtension-V2Microsoft-Windows-ServicingMicrosoft-Windows-SetupMicrosoft-Windows-SetupPlatformMicrosoft-Windows-SPB-ClassExtensionMicrosoft-Windows-SPB-HIDI2CMicrosoft-Windows-Spell-CheckingMicrosoft-Windows-SpellCheckerMicrosoft-Windows-StartupRepairMicrosoft-Windows-Subsys-SMSSMicrosoft-Windows-TaskSchedulerMicrosoft-Windows-TerminalServices-LocalSessionManagerMicrosoft-Windows-TerminalServices-RemoteConnectionManagerMicrosoft-Windows-Time-ServiceMicrosoft-Windows-TPM-WMIMicrosoft-Windows-USB-CCIDMicrosoft-Windows-USB-MAUSBHOSTMicrosoft-Windows-USB-USBHUB3Microsoft-Windows-USB-USBXHCIMicrosoft-Windows-UserModePowerServiceMicrosoft-Windows-UserPnpMicrosoft-Windows-WHEA-LoggerMicrosoft-Windows-Windows Firewall With Advanced SecurityMicrosoft-Windows-WindowsToGo-StartupOptionsMicrosoft-Windows-WindowsUpdateClientMicrosoft-Windows-WininitMicrosoft-Windows-WinlogonMicrosoft-Windows-WLAN-AutoConfigMicrosoft-Windows-WMPNSS-Servicemlx4_busmouclassmouhidmrxsmbMsBridgeMSDTC GatewayMSDTC WS-AT ProtocolmshidumdfMSiSCSIMTConfigMupmvumisNdisImPlatformNdisImPlatformSysEvtProviderNdisWanndiswanlegacyNetBIOSNetBTNetJoinNetlogonNtfsnvdimmnvstorP2PIMSvcParportpartmgrpcmciapercsas2ipercsas3ipmemPNPMEMPNRPSvcPowerPptpMiniportPrintPrintFilterPipelineSvcProcessorRasAutoRasCfgRasmanRasSstprdbssRemoteAccessRetailDemoRFCOMMrhproxyrspndrSAMsbp2portSCardSvrSchannelscmbussercxsercx2SerialsermouseServerService Control ManagerSiSRaid2SiSRaid4SmartSAMDSMSvcHost 3.0.0.0SMSvcHost 4.0.0.0SNMPTRAPspaceportspbcxSrvstexstorStillImagestorahcistornvmeTcpipTcpip6TCPMonTermServiceTPMtsusbflttsusbhubtunnelUASPStorUmRdpServiceusbaudio2usbehciusbserUser32VDS Basic ProviderVDS Dynamic ProviderVDS Virtual Disk ProviderVirtual Disk ServicevmcivolmgrVolsnapvpcivsmraidVSTXRAIDW32TimeWacomPenWalletServicewdf01000wecsvcWin32kWinDefendWindows Disk DiagnosticWindows Script HostWinHttpAutoProxySvcWinNatWinRMWMIxWDMWMPNetworkSvcWorkstationWPDClassInstallerC:\Windows\System32\Winevt\Logs\System.evtx20231003085556.787652+060user-PCC:\Windows\System32\Winevt\Logs\System.evtxc:c:\windows\system32\winevt\logs\system~1.evtevtxSystemevtx FileNTFS20231003085556.787652+06020250108132856.407439+00020250108132856.407439+000\windows\system32\
Source: Amcache.hve.8.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.8.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.8.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.8.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.8.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.8.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.8.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.8.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.8.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.8.dr	Binary or memory string: VMware Virtual RAM
Source: svchost.exe, 00000001.00000003.1752787290.00000000050A0000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: EnableGuestVmNetworkConnectivity
Source: Amcache.hve.8.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.8.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Users\user\Desktop\aNfqvgu.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\aNfqvgu.exe

Code function: 0_2_0042CB32 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_0042CB32

Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_3_00439277 mov eax, dword ptr fs:[00000030h]	0_3_00439277
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_3_006E9D23 push dword ptr fs:[00000030h]	0_3_006E9D23
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_2_00439277 mov eax, dword ptr fs:[00000030h]	0_2_00439277
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_2_0217092B mov eax, dword ptr fs:[00000030h]	0_2_0217092B
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_2_02170D90 mov eax, dword ptr fs:[00000030h]	0_2_02170D90
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_3_02700283 mov eax, dword ptr fs:[00000030h]	1_3_02700283

Source: C:\Users\user\Desktop\aNfqvgu.exe

Code function: 0_2_0042BEFA GetProcessHeap,HeapAlloc,HeapFree,HeapFree,VirtualFree,KiUserExceptionDispatcher,

0_2_0042BEFA

Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_2_0042CB32 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_0042CB32
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_2_0042CCC5 SetUnhandledExceptionFilter,	0_2_0042CCC5
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_2_00431508 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00431508
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_2_0042CFC3 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_0042CFC3
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_2_0219D22A SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_0219D22A
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_2_0219CF2C SetUnhandledExceptionFilter,	0_2_0219CF2C
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_2_021A176F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_021A176F
Source: C:\Users\user\Desktop\aNfqvgu.exe	Code function: 0_2_0219CD99 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_0219CD99

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\svchost.exe

Network Connect: 154.216.20.162 1950

Jump to behavior

Source: C:\Users\user\Desktop\aNfqvgu.exe	Process created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"			Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"			Jump to behavior

Source: C:\Users\user\Desktop\aNfqvgu.exe

Code function: 0_2_0042CDD5 cpuid

0_2_0042CDD5

Source: C:\Windows\SysWOW64\svchost.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\aNfqvgu.exe

Code function: 0_2_0042CA19 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_0042CA19

Source: C:\Windows\SysWOW64\svchost.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: svchost.exe, 00000001.00000002.1846618066.0000000002D00000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OllyDbg.exe
Source: Amcache.hve.8.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.8.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.8.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: svchost.exe, 00000001.00000002.1846618066.0000000002D00000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: lordpe.exe
Source: svchost.exe, 00000001.00000002.1846618066.0000000002D00000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: autoruns.exe
Source: Amcache.hve.8.dr	Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information

Yara detected RHADAMANTHYS Stealer

Source: Yara match	File source: 00000000.00000003.1739807908.0000000000680000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.1747966251.00000000027F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1765676595.0000000002300000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.1846756097.0000000002F60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality

Yara detected RHADAMANTHYS Stealer

Source: Yara match	File source: 00000000.00000003.1739807908.0000000000680000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.1747966251.00000000027F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1765676595.0000000002300000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.1846756097.0000000002F60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	31 Windows Management Instrumentation	1 DLL Side-Loading	111 Process Injection	23 Virtualization/Sandbox Evasion	21 Input Capture	1 System Time Discovery	Remote Services	21 Input Capture	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	111 Process Injection	LSASS Memory	661 Security Software Discovery	Remote Desktop Protocol	1 Archive Collected Data	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	23 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	4 Obfuscated Files or Information	NTDS	2 Process Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	22 Software Packing	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	244 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
aNfqvgu.exe	34%	ReversingLabs
aNfqvgu.exe	38%	Virustotal		Browse
aNfqvgu.exe	100%	Avira	HEUR/AGEN.1312582
aNfqvgu.exe	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://154.216.20.162:1950/ea67a7c847f6620fc89/5mhwlxfi.wrqgakernelbasentdllkernel32GetProcessMitig	0%	Avira URL Cloud	safe
https://154.216.20.162:1950/ea67a7c847f6620fc89/5mhwlxfi.wrqga	0%	Avira URL Cloud	safe
https://154.216.20.162:1950/ea67a7c847f6620fc89/5mhwlxfi.wrqgax	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

⊘No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://154.216.20.162:1950/ea67a7c847f6620fc89/5mhwlxfi.wrqga	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://154.216.20.162:1950/ea67a7c847f6620fc89/5mhwlxfi.wrqgakernelbasentdllkernel32GetProcessMitig	svchost.exe, 00000001.00000002.1846618066.0000000002D0C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000006.00000002.1991591004.0000016CDEDA0000.00000040.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cloudflare-dns.com/dns-query	svchost.exe, 00000001.00000003.1808446152.0000000002DA1000.00000004.00000020.00020000.00000000.sdmp	false		high
http://upx.sf.net	Amcache.hve.8.dr	false		high
https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachi	svchost.exe, 00000001.00000003.1808446152.0000000002DA1000.00000004.00000020.00020000.00000000.sdmp	false		high
https://154.216.20.162:1950/ea67a7c847f6620fc89/5mhwlxfi.wrqgax	svchost.exe, 00000001.00000002.1846321164.00000000026DC000.00000004.00000010.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
154.216.20.162	unknown	Seychelles		135357	SKHT-ASShenzhenKatherineHengTechnologyInformationCo	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1585927
Start date and time:	2025-01-08 14:28:08 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 58s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	aNfqvgu.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@7/5@0/1
EGA Information:	Successful, ratio: 66.7%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.42.65.92, 20.109.210.53, 40.126.32.138, 13.107.253.45
Excluded domains from analysis (whitelisted): onedsblobprdeus17.eastus.cloudapp.azure.com, ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target svchost.exe, PID 5480 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
08:29:31	API Interceptor	1x Sleep call for process: WerFault.exe modified

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
SKHT-ASShenzhenKatherineHengTechnologyInformationCo	miori.x86.elf	Get hash	malicious	Unknown	Browse	45.207.240.67
	Jeffparish.docx	Get hash	malicious	Unknown	Browse	154.216.17.193
	wind.m68k.elf	Get hash	malicious	Mirai	Browse	154.216.17.34
	wind.sh4.elf	Get hash	malicious	Mirai	Browse	154.216.17.34
	wind.spc.elf	Get hash	malicious	Mirai	Browse	154.216.17.34
	wind.arm.elf	Get hash	malicious	Mirai	Browse	154.216.17.34
	wind.mips.elf	Get hash	malicious	Mirai	Browse	154.216.17.34
	wind.ppc.elf	Get hash	malicious	Mirai	Browse	154.216.17.34
	wind.mpsl.elf	Get hash	malicious	Mirai	Browse	154.216.17.34
	wind.x86.elf	Get hash	malicious	Mirai	Browse	154.216.17.34

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fontdrvhost.exe_d32c824e8915b30da4efd4eabd13e74e4ef8c1_ad0be647_33fda9ca-1757-4022-b4c3-b6bea78c4a41\Report.wer

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.6601065110013
Encrypted:	false
SSDEEP:	96:yWGvuFS03eHvqigKJns3Wrk41yHpHS2QXIDcQkc6tcEycw3ZUtzJzQ+HbHgrZ2Zg:NkkYHnnxR0apYKjqzuiFc7Z24lO8JO
MD5:	DC645274DC4CD97DBF6B8C7EEBA2DA72
SHA1:	EA9EBDF08067BBC5AA962DD622A71E2A2210EC73
SHA-256:	48FA80ECE054B16164D20E2E235994C50D58EDC9C922BC64E92B1E1E48DADA3A
SHA-512:	4D4FC68BC00BD0474E81DF90CF14AE4308A2D5CD57A318203823ED109B60169A5B002B757FBBA8595A6169E2BF349BC2AB85B8340FF95C93A1BEB8773B6C13DF
Malicious:	false
Reputation:	low
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.6.4.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.8.1.6.5.6.0.1.3.5.1.4.5.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.8.1.6.5.6.0.4.3.2.0.1.7.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.3.f.d.a.9.c.a.-.1.7.5.7.-.4.0.2.2.-.b.4.c.3.-.b.6.b.e.a.7.8.c.4.a.4.1.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.f.a.9.8.4.e.5.-.2.9.d.4.-.4.9.3.7.-.8.5.2.9.-.d.2.4.b.2.2.c.7.b.6.a.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.f.o.n.t.d.r.v.h.o.s.t...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.f.o.n.t.d.r.v.h.o.s.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.4.7.c.-.0.0.0.1.-.0.0.1.4.-.5.7.6.0.-.b.0.5.0.d.1.6.1.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.5.e.f.b.3.f.9.7.3.4.2.b.a.1.9.5.4.2.4.1.3.4.f.2.8.f.9.7.7.d.a.9.e.0.d.6.a.a.9.1.!.f.o.n.t.d.r.v.h.o.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER36D2.tmp.dmp

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Wed Jan 8 13:29:20 2025, 0x1205a4 type
Category:	dropped
Size (bytes):	48910
Entropy (8bit):	1.243051179652099
Encrypted:	false
SSDEEP:	96:5/8YKr+NRcFjIyJ5lWXu7i71mFTFSjJDVZLL3TIiPmVnWIy3LIgMuBu:qNr1dzOmIFDVZXDIn2hMuBu
MD5:	B8959ADC47BE2AFBEDD328B04E983CAB
SHA1:	B9B3E7A5FD2A5A1713EB58E4D6DE1787F22C622E
SHA-256:	AC62098C31D5114F880E2CD5C10E93FD190BFBD9291BB36DF0A137F1A39A17E0
SHA-512:	B8D0058699454C3B058A47DE9B80D9589A45BF77F023290A30B32CDB8744B34BA1A7C6230993727940F4AA95726EFAC27A8352FFA6465773AC6905E9C1EC256B
Malicious:	false
Reputation:	low
Preview:	MDMP..a..... ........}~g........................................2!..........T.......8...........T...............^.......................................................................................................eJ..............Lw......................T.......\|....}~g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3750.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8620
Entropy (8bit):	3.6895325136571566
Encrypted:	false
SSDEEP:	192:R6l7wVeJVY+I6Y8XBfQgmfr57vjpDM89bFi+f/z3m:R6lXJ6B6YcBfQgmfrFv/FDfS
MD5:	2813B1D266D06CD2E7FE8167B381F492
SHA1:	EB62D7F00B2C69A55A57ADF19D71F5AEA528AFB4
SHA-256:	704A0CFB6FBEEA55F82ABC012DDB46099B4DDC3EBCC9ED8CBEC861E13611D083
SHA-512:	17382C39D815D2BB62CB4C8CC5B687128B820E43FB461EF869221B67E182C04E9246AA3B23E2BE19E98378EDDDD14C043A52565E807D19F4E4F629D127C6E01E
Malicious:	false
Reputation:	low
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.2.4.4.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3780.tmp.xml

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4853
Entropy (8bit):	4.444095630875379
Encrypted:	false
SSDEEP:	48:cvIwWl8zs4Jg771I9kHWpW8VYs5Ym8M4Jk5LvM6Fd8Jyq8vU5LvMC+aMuxFd:uIjf+I7v27V0JcjM/WsjMh1ubd
MD5:	2F930B5BC5B3DDA751E913B0B1D5662A
SHA1:	815386C6723B83772E2655B631C31409ECFA1257
SHA-256:	D12D3EA3A98D5850E5EBD5C8CDEF8618963B66FA4534467F459A5F5C6C6E91D7
SHA-512:	7FFBFEABDF942638AA5692CE172A2616603587E4112317EC1C3DB40CD262F832119AD9D09DE6348F2BF8A4116D5BDBCE0E94FFB5615CE950030E921832C025CA
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="666992" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.4664076230500225
Encrypted:	false
SSDEEP:	6144:3IXfpi67eLPU9skLmb0b4zWSPKaJG8nAgejZMMhA2gX4WABl0uNCdwBCswSbt:4XD94zWlLZMM6YFHY+t
MD5:	82C1F4DDA4145796E82EF94030972073
SHA1:	2FF1BB92997DCBF3C1386F935931F9BD279501C0
SHA-256:	A9491A6AA3D10044CBFDCC31001D8B7C9E071A782123AF8CBA868FD6B60BDCDE
SHA-512:	FDD97C1650574B037DF93010DDE13389298061C9A67433E4899828FC68223CDFBE72C8373DC28D561F97123F6CEAB1A4F9424BC1EFF578AB96DD837B29737F74
Malicious:	false
Reputation:	low
Preview:	regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..R.a.................................................................................................................................................................................................................................................................................................................................................f........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	3.0722492127948255
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	aNfqvgu.exe
File size:	1'645'056 bytes
MD5:	5bcb135588749ad206277ab96836fc00
SHA1:	01f300d12fbeeb3c0bc5971b3baacb51dd6262dc
SHA256:	a6e44787ce9ccbcf4b60bb74db99a6f1954b0404f42de69b7b3294a3597e2848
SHA512:	9f09c1531a2b12f4f212a6046d52296f7ffe6b16035ef3322e969fce63dff28a2ad63fbe6877c91c4c14c6a4417af2413a37531b47680d040ba7b3bf6a135581
SSDEEP:	6144:dEOWtd3DxRNCa8PZCpYptLalYJNakW3A31I1Mgrgs/tcRg7++X94DQfyUT6/:u3Dv8gCsWNaJgm/ig54h
TLSH:	1F759D42BAFE3C05FF6747328E2DC2E8661EBDF1AE75266CA108765F44B7661C122701
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........A].. 3.. 3.. 3..r... 3..r... 3..r... 3...H.. 3.. 2.. 3..r... 3..r... 3..r... 3.Rich. 3.................PE..L....,.e...........

File Icon


Icon Hash:	73873bb18ba38be4

Static PE Info

General

Entrypoint:	0x40164d
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x65CB2C0C [Tue Feb 13 08:45:00 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	80bead0501dc90ded6772fbb104d783a

Entrypoint Preview

Instruction
call 00007F128CB8C03Ah
jmp 00007F128CB87BDDh
mov edi, edi
push ebp
mov ebp, esp
sub esp, 00000328h
mov dword ptr [004658F8h], eax
mov dword ptr [004658F4h], ecx
mov dword ptr [004658F0h], edx
mov dword ptr [004658ECh], ebx
mov dword ptr [004658E8h], esi
mov dword ptr [004658E4h], edi
mov word ptr [00465910h], ss
mov word ptr [00465904h], cs
mov word ptr [004658E0h], ds
mov word ptr [004658DCh], es
mov word ptr [004658D8h], fs
mov word ptr [004658D4h], gs
pushfd
pop dword ptr [00465908h]
mov eax, dword ptr [ebp+00h]
mov dword ptr [004658FCh], eax
mov eax, dword ptr [ebp+04h]
mov dword ptr [00465900h], eax
lea eax, dword ptr [ebp+08h]
mov dword ptr [0046590Ch], eax
mov eax, dword ptr [ebp-00000320h]
mov dword ptr [00465848h], 00010001h
mov eax, dword ptr [00465900h]
mov dword ptr [004657FCh], eax
mov dword ptr [004657F0h], C0000409h
mov dword ptr [004657F4h], 00000001h
mov eax, dword ptr [00464004h]
mov dword ptr [ebp-00000328h], eax
mov eax, dword ptr [00464008h]
mov dword ptr [ebp-00000324h], eax
call dword ptr [00000098h]

Rich Headers

Programming Language:

[C++] VS2008 build 21022
[ASM] VS2008 build 21022
[ C ] VS2008 build 21022
[IMP] VS2005 build 50727
[RES] VS2008 build 21022
[LNK] VS2008 build 21022

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x62a1c	0x3c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xd3000	0x290c0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x625a0	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x61000	0x184	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x5fd5b	0x5fe00	10b95bfad4444c56036ff03d88fd4da7	False	0.860085458767927	data	7.632006529508244	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x61000	0x22e2	0x2400	1612d0c2c5ac79fb32a490549d212256	False	0.3626302083333333	data	5.457896480559523	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x64000	0x67f7c	0x1800	c7e9a71bec974df330778e686e9cb24b	False	0.3370768229166667	data	3.383685906877158	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pip	0xcc000	0x53e5	0x4800	f9debe3f07be68533bf0295e3d2ba68a	False	0.002224392361111111	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.wekasun	0xd2000	0x15a	0x200	bf619eac0cdf3f68d496ea9344137e8b	False	0.02734375	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xd3000	0x290c0	0x29200	3409c590428a975691169b6107b8a456	False	0.32739480433130697	data	4.389992791226017	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_CURSOR	0xf1018	0x130	Device independent bitmap graphic, 32 x 64 x 1, image size 0	0.7368421052631579
RT_CURSOR	0xf1148	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	0.06130705394190871
RT_CURSOR	0xf3718	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	0.31023454157782515
RT_CURSOR	0xf45d8	0x130	Device independent bitmap graphic, 32 x 64 x 1, image size 0	0.7368421052631579
RT_CURSOR	0xf4708	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	0.06130705394190871
RT_ICON	0xd3d50	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	0.498134328358209
RT_ICON	0xd4bf8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	0.5388086642599278
RT_ICON	0xd54a0	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	0.5639400921658986
RT_ICON	0xd5b68	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	0.588150289017341
RT_ICON	0xd60d0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216	0.3529045643153527
RT_ICON	0xd8678	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096	0.41369606003752346
RT_ICON	0xd9720	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2304	0.4233606557377049
RT_ICON	0xda0a8	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024	0.5106382978723404
RT_ICON	0xda588	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	0.26865671641791045
RT_ICON	0xdb430	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	0.4183212996389892
RT_ICON	0xdbcd8	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	0.5311059907834101
RT_ICON	0xdc3a0	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	0.5773121387283237
RT_ICON	0xdc908	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	0.4228215767634855
RT_ICON	0xdeeb0	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	0.4926229508196721
RT_ICON	0xdf838	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	0.499113475177305
RT_ICON	0xdfd08	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	0.3344882729211087
RT_ICON	0xe0bb0	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	0.39666064981949456
RT_ICON	0xe1458	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	0.3888248847926267
RT_ICON	0xe1b20	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	0.3959537572254335
RT_ICON	0xe2088	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	0.22136929460580912
RT_ICON	0xe4630	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	0.24765478424015008
RT_ICON	0xe56d8	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2400	0.28114754098360656
RT_ICON	0xe6060	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	0.3120567375886525
RT_ICON	0xe6540	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	0.3307569296375267
RT_ICON	0xe73e8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	0.4611913357400722
RT_ICON	0xe7c90	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	0.5282258064516129
RT_ICON	0xe8358	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	0.5469653179190751
RT_ICON	0xe88c0	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	0.3025328330206379
RT_ICON	0xe9968	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	0.3008196721311475
RT_ICON	0xea2f0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	0.3528368794326241
RT_ICON	0xea7c0	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	0.28171641791044777
RT_ICON	0xeb668	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	0.36597472924187724
RT_ICON	0xebf10	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	0.3738479262672811
RT_ICON	0xec5d8	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	0.36921965317919075
RT_ICON	0xecb40	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	0.2598547717842324
RT_ICON	0xef0e8	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	0.27790806754221387
RT_ICON	0xf0190	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	0.28524590163934427
RT_ICON	0xf0b18	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	0.32358156028368795
RT_STRING	0xf6e88	0x4c4	data	0.44344262295081965
RT_STRING	0xf7350	0x15e	data	0.5114285714285715
RT_STRING	0xf74b0	0x7d4	data	0.4241516966067864
RT_STRING	0xf7c88	0x7b0	data	0.42327235772357724
RT_STRING	0xf8438	0x5f8	data	0.4443717277486911
RT_STRING	0xf8a30	0x6ba	data	0.4332171893147503
RT_STRING	0xf90f0	0x66a	data	0.438489646772229
RT_STRING	0xf9760	0x6fa	data	0.4316909294512878
RT_STRING	0xf9e60	0x754	data	0.4253731343283582
RT_STRING	0xfa5b8	0x422	data	0.4735349716446125
RT_STRING	0xfa9e0	0x668	data	0.4329268292682927
RT_STRING	0xfb048	0x80e	data	0.4146459747817653
RT_STRING	0xfb858	0x668	data	0.4274390243902439
RT_STRING	0xfbec0	0x1fe	data	0.49411764705882355
RT_ACCELERATOR	0xf0ff8	0x20	data	1.15625
RT_GROUP_CURSOR	0xf36f0	0x22	data	1.088235294117647
RT_GROUP_CURSOR	0xf45c0	0x14	data	1.25
RT_GROUP_CURSOR	0xf6cb0	0x22	data	1.088235294117647
RT_GROUP_ICON	0xdfca0	0x68	data	0.7019230769230769
RT_GROUP_ICON	0xf0f80	0x76	data	0.6694915254237288
RT_GROUP_ICON	0xe64c8	0x76	data	0.6694915254237288
RT_GROUP_ICON	0xea758	0x68	data	0.7211538461538461
RT_GROUP_ICON	0xda510	0x76	data	0.6610169491525424
RT_VERSION	0xf6cd8	0x1ac	data	0.5747663551401869

Imports

DLL

Import

KERNEL32.dll

GetThreadContext, GetNumaNodeProcessorMask, SetDefaultCommConfigA, CreateProcessW, InterlockedIncrement, GetEnvironmentStringsW, CancelWaitableTimer, InterlockedCompareExchange, GetComputerNameW, GetTimeFormatA, GetModuleHandleW, GetCurrentThread, GetDateFormatA, SetProcessPriorityBoost, GetVolumePathNameW, LoadLibraryW, GetConsoleAliasW, GetStartupInfoW, GetShortPathNameA, GetStartupInfoA, SetLastError, GetProcAddress, SearchPathA, GetAtomNameA, UnhandledExceptionFilter, LocalAlloc, DeleteTimerQueue, AddAtomA, FindAtomA, FoldStringA, OpenFileMappingW, FindFirstVolumeW, GetModuleHandleA, HeapAlloc, GetCommandLineA, TerminateProcess, GetCurrentProcess, SetUnhandledExceptionFilter, IsDebuggerPresent, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, HeapFree, VirtualFree, VirtualAlloc, HeapReAlloc, HeapCreate, Sleep, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, GetLastError, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, FlushFileBuffers, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, SetHandleCount, GetFileType, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, GetCurrentThreadId, InterlockedDecrement, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, SetFilePointer, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, InitializeCriticalSectionAndSpinCount, RtlUnwind, LoadLibraryA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, MultiByteToWideChar, SetStdHandle, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, HeapSize, CreateFileA, CloseHandle, RaiseException

USER32.dll

GetProcessDefaultLayout

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-08T14:29:14.510406+0100	2854802	ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert	1	154.216.20.162	1950	192.168.2.4	49730	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 8, 2025 14:29:13.839797974 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:13.844692945 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:13.844774961 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:13.844944954 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:13.849721909 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:14.504673958 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:14.505595922 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:14.510406017 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:14.727186918 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:14.735608101 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:14.740444899 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:14.993712902 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:14.993729115 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:14.993741035 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:14.993755102 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:14.993766069 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:14.993777990 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:14.993789911 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:14.993788958 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:14.993802071 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:14.993814945 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:14.993820906 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:14.993828058 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:14.993839979 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:14.993839979 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:14.993861914 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:14.993874073 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:14.993915081 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.000140905 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.000150919 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.000197887 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.102364063 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.102415085 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.102425098 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.102533102 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.106240988 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.106308937 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.106317997 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.106340885 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.106395960 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.113851070 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.113861084 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.113910913 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.113950968 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.114010096 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.114234924 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.121583939 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.121619940 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.121629953 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.123754978 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.128969908 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.128979921 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.129031897 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.129051924 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.129064083 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.129165888 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.136394024 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.136452913 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.136462927 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.136579990 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.143966913 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.143979073 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.144081116 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.144092083 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.144100904 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.144129992 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.151407003 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.151458025 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.151468992 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.151540041 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.158817053 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.158857107 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.158896923 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.158927917 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.158946991 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.158972025 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.166536093 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.166555882 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.166634083 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.166667938 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.166678905 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.166722059 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.173775911 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.173795938 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.173841953 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.173863888 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.173892021 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.173918962 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.189218044 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.189253092 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.189263105 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.189327002 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.189327002 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.211910009 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.211929083 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.211941004 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.212285042 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.215526104 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.215553999 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.215564013 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.215643883 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.215643883 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.222994089 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.223061085 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.223071098 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.223710060 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.230437040 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.230484962 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.230494022 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.230515003 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.230740070 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.237987995 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.238051891 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.238061905 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.239860058 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.245443106 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.245501041 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.245511055 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.245599985 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.252896070 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.252917051 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.252974033 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.253000021 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.253042936 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.257637024 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.260389090 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.260410070 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.260421991 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.260490894 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.267836094 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.267899036 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.267908096 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.268225908 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.275290966 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.275316954 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.275360107 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.275382996 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.282906055 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.282918930 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.282929897 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.282983065 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.282983065 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.293189049 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.293200016 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.293252945 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.293328047 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.293350935 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.293361902 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.293417931 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.299839973 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.299881935 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.299941063 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.299971104 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.299992085 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.300017118 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.306114912 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.306127071 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.306216955 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.306226015 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.306246042 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.306387901 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.311685085 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.311749935 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.311759949 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.311778069 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.311811924 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.317307949 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.317327976 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.317392111 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.317421913 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.317435980 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.317492962 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.323190928 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.323201895 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.323215961 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.323255062 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.328645945 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.328658104 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.328668118 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.328728914 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.328728914 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.334136009 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.334170103 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.334180117 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.335906982 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.337383032 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.337397099 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.337407112 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.337460041 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.337460041 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.340365887 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.340378046 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.340392113 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.340552092 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.343472958 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.343487024 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.343497992 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.343525887 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.343559027 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.346437931 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.346556902 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.346566916 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.346579075 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.346600056 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.346775055 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.349586010 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.349603891 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.349616051 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.349747896 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.352660894 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.352673054 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.352684975 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.352842093 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.355622053 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.355675936 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.355685949 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.355741024 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.358743906 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.358753920 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.358866930 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.358897924 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.358908892 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.359342098 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.362052917 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.362065077 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.362117052 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.362155914 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.362166882 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.362210035 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.364784002 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.364808083 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.364823103 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.364835024 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.365354061 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.367959976 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.367971897 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.367983103 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.368009090 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.370843887 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.370897055 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.370906115 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.370920897 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.370953083 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.373857021 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.373868942 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.373878956 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.373959064 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.377032995 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.377044916 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.377055883 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.377129078 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.377129078 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.380619049 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.380641937 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.380651951 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.380736113 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.384778976 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.384851933 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.384864092 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.384879112 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.384896994 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.384922028 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.387595892 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.387643099 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.387681007 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.387692928 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.387768984 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.390666008 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.390676975 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.390729904 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.390779018 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.390793085 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.390851021 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.393671989 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.393722057 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.393731117 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.393809080 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.396744967 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.396785021 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.396795988 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.396812916 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.396868944 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.399931908 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.399950981 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.399961948 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.400043964 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.402813911 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.402878046 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.402888060 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.402909040 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.402968884 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.405854940 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.405905962 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.405915976 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.405985117 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.408879042 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.408998966 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.409003019 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.409013987 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.409084082 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.412266016 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.412278891 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.412288904 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.412313938 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.415014982 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.415074110 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.415082932 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.415103912 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.415235043 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.418004036 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.418029070 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.418039083 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.418220043 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.421120882 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.421133041 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.421144009 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.421202898 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.421202898 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.424065113 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.424105883 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.424115896 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.424220085 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.427022934 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.427079916 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.427093983 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.427100897 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.427171946 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.430057049 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.430083990 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.430094004 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.430179119 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.432949066 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.432971954 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.432981968 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.433073044 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.435823917 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.435836077 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.435931921 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.435941935 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.435962915 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.436081886 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.438744068 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.438754082 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.438818932 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.438839912 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.438846111 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.438926935 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.441628933 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.441734076 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.441744089 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.441816092 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.444399118 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.444411039 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.444499969 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.444564104 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.444575071 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.444760084 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.447257996 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.447273970 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.447285891 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.447309971 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.447376966 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.449934959 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.449981928 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.449990988 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.450676918 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.453430891 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.453440905 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.453515053 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.453546047 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.453573942 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.453584909 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.453602076 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.453639030 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.455737114 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.455801964 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.455816031 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.455862999 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.458324909 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.458337069 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.458348036 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.458451986 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.460935116 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.460947037 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.460995913 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.461024046 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.461045027 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.461179018 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.462348938 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.462361097 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.462446928 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.462461948 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.462471962 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.462596893 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.464641094 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.464652061 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.464718103 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.464751005 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.464761019 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.464905024 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.466397047 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.466418982 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.466428995 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.466490030 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.468468904 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.468492031 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.468502045 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.468534946 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.468585014 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.470432997 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.470477104 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.470487118 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.470577955 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.472311974 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.472367048 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.472378016 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.472393990 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.472449064 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.474137068 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.474157095 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.474167109 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.474261045 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.476114035 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.476136923 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.476147890 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.476166964 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.476212025 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.477844000 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.477865934 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.477960110 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.477961063 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.478019953 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.478162050 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.479566097 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.479585886 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.479654074 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.479715109 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.479724884 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.479768038 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.481373072 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.481395006 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.481405973 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.481467962 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.483253956 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.483275890 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.483284950 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.483341932 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.483341932 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.484920025 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.484963894 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.484973907 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.485094070 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.486619949 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.486673117 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.486684084 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.486712933 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.486742020 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.488209009 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.488229990 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.488276958 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.488398075 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.488409042 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.488460064 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.489864111 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.489908934 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.489918947 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.490004063 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.491473913 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.491523981 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.491533995 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.491550922 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.491609097 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.493012905 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.493021965 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.493113041 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.493133068 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.493146896 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.493268967 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.494678020 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.494716883 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.494726896 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.495011091 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.497000933 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.497023106 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.497034073 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.497095108 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.497095108 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.497186899 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.498631954 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.498677015 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.498687029 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.498800039 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.500349998 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.500401974 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.500412941 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.500505924 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.502013922 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.502027035 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.502038002 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.502108097 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.502108097 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.503325939 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.503339052 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.503416061 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.503418922 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.503427982 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.503489017 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.504755974 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.504880905 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.504890919 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.504957914 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.506185055 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.506207943 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.506241083 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.506258965 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.506560087 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.507639885 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.507699966 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.507709980 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.507838964 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.509052038 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.509100914 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.509110928 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.509152889 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.510550976 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.510562897 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.510574102 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.510612965 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.511883020 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.511946917 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.511956930 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.511972904 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.512007952 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.513287067 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.513329983 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.513340950 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.513384104 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.514760017 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.514808893 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.514818907 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.514837980 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.514925003 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.516030073 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.516043901 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.516084909 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.516109943 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.517364979 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.517400980 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.517453909 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.517482042 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.517497063 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.517529011 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.518771887 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.518856049 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.518866062 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.518881083 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.518918991 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.520036936 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.520056009 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.520143032 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.520153046 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.520167112 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.520345926 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.521418095 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.521428108 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.521517038 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.521522999 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.521536112 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.521585941 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.522723913 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.522766113 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.522774935 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.523145914 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.523936987 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.523972034 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.523982048 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.524034977 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.525504112 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.525521040 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.525604963 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.525615931 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.525629997 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.525655985 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.528506041 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.528585911 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.528597116 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.528646946 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.528722048 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.528732061 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.528784037 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.528784037 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.528827906 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.534013987 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.534061909 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.534073114 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.534133911 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.534205914 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.534218073 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.534229994 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.534255981 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.534291029 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.542948008 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.542970896 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.543024063 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.543051958 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.543087006 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.543100119 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.543227911 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.543240070 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.543289900 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.547730923 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.547751904 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.547765017 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.547791004 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.547868967 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.547883034 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.547929049 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.547941923 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.548084974 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.548111916 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.548433065 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.553246975 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.553318977 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.553332090 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.553391933 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.553395987 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.553466082 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.553550959 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.553550959 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.553565979 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.553632975 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.553654909 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.553716898 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.559170008 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.559226990 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.559238911 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.559364080 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.559406996 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.559420109 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.559472084 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.559514999 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.559583902 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.565011978 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.565077066 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.565093994 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.565104961 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.565165997 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.565218925 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.565229893 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.565242052 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.565258026 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.565270901 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.565306902 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.570250988 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.570297003 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.570310116 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.570350885 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.570447922 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.570460081 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.570529938 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.570631027 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.570645094 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.570867062 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.575088024 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.575109005 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.575124025 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.575184107 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.575220108 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.575232029 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.575243950 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.575248003 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.575268984 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.575361013 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.575387955 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.575526953 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.579914093 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.580007076 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.580025911 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.580041885 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.580069065 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.580112934 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.580123901 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.580126047 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.580151081 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.580202103 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.580215931 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.580286026 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.585438013 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.585494995 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.585505962 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.585524082 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.585608006 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.585639000 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.585656881 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.585669041 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.585808039 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.585875988 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.585937977 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.585963964 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.588830948 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.588850021 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.588896990 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.588922977 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.588977098 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.589019060 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.589035988 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.589184999 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.589210033 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.589273930 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.589286089 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.589464903 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.589493990 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.590835094 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.593137026 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.593190908 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.593203068 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.593281031 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.593312979 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.593324900 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.593336105 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.593391895 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.593391895 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.593508959 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.597342014 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.597385883 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.597439051 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.597451925 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.597469091 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.597569942 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.597583055 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.597595930 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.597598076 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.597642899 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.597642899 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.601706028 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.601821899 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.601833105 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.601877928 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.601890087 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.601902008 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.601906061 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.601929903 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.602037907 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.602049112 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.602066040 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.603394032 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.605596066 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.605644941 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.605701923 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.605714083 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.605717897 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.605793953 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.605802059 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.605840921 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.605853081 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.605910063 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.605920076 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.605967045 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.609684944 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.609695911 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.609709978 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.609738111 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.609743118 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.609832048 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.609847069 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.609859943 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.609872103 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.609915972 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.610004902 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.610104084 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.615333080 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.615343094 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.615384102 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.615442038 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.615477085 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.615489006 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.615520954 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.615686893 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.615750074 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.615766048 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.615778923 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.615813971 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.615837097 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.620826960 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.620883942 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.620897055 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.621026993 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.621041059 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.621052027 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.621115923 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.621187925 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.621201992 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.621279001 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.640162945 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.640209913 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.640222073 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.640292883 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.640384912 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.640384912 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.640410900 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.640423059 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.640456915 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.640460014 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.640471935 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.640531063 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.640584946 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.646120071 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.646145105 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.646157980 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.646218061 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.646255016 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.646291971 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.646302938 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.646368027 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.646380901 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.646397114 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.646436930 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.646522045 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.646564960 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.646629095 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.646652937 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.646687031 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.646698952 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.646711111 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.646722078 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.646790028 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.646809101 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.652087927 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.652100086 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.652112007 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.652123928 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.652136087 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.652138948 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.652152061 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.652159929 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.652164936 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.652183056 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.652193069 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.652344942 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.657072067 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.657083035 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.657095909 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.657154083 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.657154083 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.657159090 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.657172918 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.657186031 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.657198906 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.657212019 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.657254934 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.662302017 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.662316084 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.662327051 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.662446976 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.662448883 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.662625074 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.662637949 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.662686110 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.662686110 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.662775993 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.662789106 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.662853003 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.666709900 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.666853905 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.666918993 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.667000055 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.667011976 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.667023897 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.667149067 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.667154074 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.667164087 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.667176962 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.667191029 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.667226076 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.672369957 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.672432899 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.672446012 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.672528028 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.672606945 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.672629118 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.672657013 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.672760010 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.672771931 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.672854900 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.676055908 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.676069021 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.676080942 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.676107883 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.676137924 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.676151037 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.676162958 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.676163912 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.676177979 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.676188946 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.676359892 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.684302092 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.684319019 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.684333086 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.684406042 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.684411049 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.684426069 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.684501886 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.684554100 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.684586048 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.684602976 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.684669971 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.684669971 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.684734106 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.684747934 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.684922934 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.685020924 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.685100079 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.685113907 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.685199976 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.685246944 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.685262918 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.685493946 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.688632965 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.688688040 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.688698053 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.688791037 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.688829899 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.688843012 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.688853025 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.688911915 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.689004898 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.689021111 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.689232111 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.692785025 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.692795038 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.692805052 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.692816973 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.692827940 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.692842007 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.692924976 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.692941904 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.693262100 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.693279028 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.693357944 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.696485996 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.696553946 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.696629047 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.696789026 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.696803093 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.696814060 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.696845055 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.696914911 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.697101116 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.697113037 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.697124004 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.697257042 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.697283030 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.697479010 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.702210903 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.702234030 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.702246904 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.702311993 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.702362061 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.702516079 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.702528000 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.702586889 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.702586889 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.702666044 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.702678919 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.703608036 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.707736969 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.707747936 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.707794905 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.707823038 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.707864046 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.707878113 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.707988977 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.707989931 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.708050966 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.708270073 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.708292961 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.708344936 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.728517056 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.728643894 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.728655100 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.728666067 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.728766918 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.728792906 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.728957891 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.728970051 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.729089975 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.729100943 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.729125023 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.729185104 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.733949900 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.733961105 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.734018087 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.734112978 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.734205961 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.734217882 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.734230995 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.734249115 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.734321117 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.734347105 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.734431982 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.734496117 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.734786987 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.734797955 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.734807968 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.735095024 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.735106945 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.735117912 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.735121965 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.735230923 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.735236883 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.735244989 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.735292912 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.739454985 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.739533901 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.739624023 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.739635944 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.739717960 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.739800930 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.739811897 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.739825010 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.739852905 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.740024090 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.740036011 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.740109921 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.744990110 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.745001078 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.745011091 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.745023012 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.745038986 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.745127916 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.745140076 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.745197058 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.745270014 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.745276928 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.750013113 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.750022888 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.750036001 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.750111103 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.750169992 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.750355959 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.750365973 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.750376940 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.750401974 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.750447035 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.750716925 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.750730038 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.750798941 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.759479046 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.759529114 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.759541035 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.759609938 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.759630919 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.759644032 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.759655952 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.759704113 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.759757996 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.759785891 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.759802103 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.759860039 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.759928942 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.759958029 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.759963036 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.760047913 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.760060072 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.760075092 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.760111094 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.760139942 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.760493994 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.762690067 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.762711048 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.762725115 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.762821913 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.762836933 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.762854099 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.762921095 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.762939930 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.762998104 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.762998104 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.771179914 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.771200895 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.771224976 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.771265030 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.771296978 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.771338940 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.771444082 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.771456957 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.771496058 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.771507025 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.771614075 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.771882057 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.771934032 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.771945953 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.772033930 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.772062063 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.772077084 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.772129059 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.772173882 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.772192001 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.772283077 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.775475025 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.775496006 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.775506973 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.775599003 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.775604963 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.775660992 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.775717020 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.775829077 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.775840998 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.775851965 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.775902987 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.775902987 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.775918007 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.779428959 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.779450893 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.779511929 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.779536009 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.779550076 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.779609919 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.779652119 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.779717922 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.779728889 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.779745102 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.779768944 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.779783010 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.783341885 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.783396006 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.783412933 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.783426046 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.783499956 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.783500910 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.783519983 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.783531904 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.783588886 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.783756971 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.783776045 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.783802032 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.789422989 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.789508104 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.789541006 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.789566994 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.789582968 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.789612055 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.789643049 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.789654970 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.789772987 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.789774895 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.789787054 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.789897919 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.796633959 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.796647072 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.796659946 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.796677113 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.796689034 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.796689987 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.796703100 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.796715021 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.796715975 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.796742916 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.796811104 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.815502882 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.815701962 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.815712929 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.815726995 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.815740108 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.815766096 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.815812111 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.815839052 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.815850973 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.815901041 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.816019058 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.816211939 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.820379972 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.820394039 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.820405006 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.820417881 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.820429087 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.820442915 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.820455074 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.820466995 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.820466995 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.820480108 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.820492029 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.820503950 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.820506096 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.820525885 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.820529938 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.820559025 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.820588112 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.820600986 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.820611954 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.820656061 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.820656061 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.825468063 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.825524092 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.825536013 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.825654030 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.825683117 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.825707912 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.825762987 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.825794935 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.825822115 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.825850010 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.830676079 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.830785036 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.830801010 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.830816984 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.830874920 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.830885887 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.830900908 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.831096888 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.831125975 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.831150055 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.831156969 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.835741043 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.835762024 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.835836887 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.835877895 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.835957050 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.835968971 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.836035013 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.836035013 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.836102009 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.836136103 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.836147070 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.836225986 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.836239100 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.840002060 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.846183062 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.846247911 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.846265078 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.846359015 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.846421957 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.846452951 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.846466064 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.846551895 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.846609116 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.846621037 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.846771955 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.846786022 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.846796036 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.846801996 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.846810102 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.846836090 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.846919060 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.846982956 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.847481012 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.847656012 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.849569082 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.849638939 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.849653006 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.849747896 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.849759102 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.849802017 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.849817038 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.849842072 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.849853992 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.850007057 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.850022078 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.850151062 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.858103991 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.858151913 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.858165026 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.858232021 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.858293056 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.858304977 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.858315945 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.858340979 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.858376026 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.858464956 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.858530045 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.858584881 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.858592033 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.858603954 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.858647108 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.858742952 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.858755112 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.858768940 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.858782053 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.858825922 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.858825922 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.862371922 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.862440109 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.862452984 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.862596035 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.862608910 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.862620115 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.862632990 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.862644911 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.862709045 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.866306067 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.866360903 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.866383076 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.866394043 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.866444111 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.866472960 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.866504908 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.866514921 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.866609097 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.866754055 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.866765022 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.866842985 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.870327950 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.870378971 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.870403051 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.870414972 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.870470047 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.870482922 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.870537043 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.870623112 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.870657921 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.870660067 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.870726109 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.876379967 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.876389980 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.876400948 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.876439095 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.876456022 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.876641989 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.876851082 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.876868963 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.876883030 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.876893044 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.876915932 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.877002001 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.901426077 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.901458979 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.901473045 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.901492119 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.901540041 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.901557922 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.901612043 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.901702881 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.901715994 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.901779890 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.901779890 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.901781082 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.901962996 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.902014971 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.902060032 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.902159929 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.902184963 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.902257919 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.902271032 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.902282953 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.902282953 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.902323961 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.902323961 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.906825066 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.906874895 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.906886101 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.906927109 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.907011986 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.907025099 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.907049894 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.907107115 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.907119036 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.907131910 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.907418966 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.907445908 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.907470942 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.907485008 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.907623053 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.907634974 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.907699108 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.907987118 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.908044100 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.908055067 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.912434101 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.912494898 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.912497044 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.912508965 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.912580013 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.912612915 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.912623882 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.912635088 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.912647963 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.912695885 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.912695885 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.917664051 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.917716026 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.917726994 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.917767048 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.917855978 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.917869091 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.917880058 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.917902946 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.918021917 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.918047905 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.922768116 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.922832966 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.922843933 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.922861099 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.922913074 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.922970057 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.922986984 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.922998905 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.923096895 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.923110008 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.923131943 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.923223019 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.933273077 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.933305025 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.933317900 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.933367014 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.933412075 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.933423042 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.933434963 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.933440924 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.933458090 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.933610916 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.933636904 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.933794022 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.933809996 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.933823109 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.933865070 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.933933973 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.933948040 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.934130907 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.934174061 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.934246063 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.936805010 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.936893940 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.936922073 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.936934948 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.937027931 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.937041044 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.937052011 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.937055111 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.937076092 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.937211990 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.937345982 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.945338011 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.945360899 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.945373058 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.945465088 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.945506096 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.945521116 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.945533037 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.945545912 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.945570946 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.945605993 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.945748091 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.945786953 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.945857048 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.945887089 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.945899963 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.946031094 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.946048021 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.946059942 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.946070910 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.946248055 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.949991941 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.950054884 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.950067043 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.950213909 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.950226068 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.950237989 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.950252056 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.950268030 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.950334072 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.953478098 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.953530073 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.953542948 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.953567028 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.953632116 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.953721046 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.953732967 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.953744888 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.953752041 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.955461025 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.957231998 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.957276106 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.957288027 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.957431078 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.957443953 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.957454920 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.957468033 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.957494020 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.957519054 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.963561058 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.963610888 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.963624954 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.963650942 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.963704109 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.963819027 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.963831902 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.963843107 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.963857889 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.963871002 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.963975906 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.988734007 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.988754988 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.988766909 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.988920927 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.988953114 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.988959074 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.988972902 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.988984108 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.989011049 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.989183903 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.989197016 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.989311934 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.989324093 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.989339113 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.989434004 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.989445925 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.989459038 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.989463091 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.989485979 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.990879059 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.994518995 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.994585037 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.994596958 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.994745970 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.994757891 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.994771004 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.994775057 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.994784117 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.994832039 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.994971037 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.995037079 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.995066881 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.995160103 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.995173931 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.995228052 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.995239973 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.995251894 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:15.995256901 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.995304108 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:15.995304108 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.002005100 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.002017975 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.002029896 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.002140999 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.002171040 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.002213001 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.002226114 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.002321005 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.002351046 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.009762049 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.009830952 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.009845018 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.009910107 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.009941101 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.009980917 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.009994030 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.010005951 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.010035992 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.010221004 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.010235071 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.010246992 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.010273933 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.010303020 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.010350943 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.010420084 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.010432959 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.010445118 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.010474920 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.010507107 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.010617018 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.020107985 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.020148993 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.020159960 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.020243883 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.020250082 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.020284891 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.020297050 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.020365953 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.020391941 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.020404100 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.020467043 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.020828962 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.020840883 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.020853043 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.020883083 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.020900965 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.020931959 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.020944118 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.020956039 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.020968914 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.020989895 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.021020889 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.023725033 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.023736954 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.023749113 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.023804903 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.023839951 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.023852110 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.023864031 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.023875952 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.023883104 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.023914099 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.032291889 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.032318115 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.032330036 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.032391071 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.032459974 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.032474041 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.032526016 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.032572031 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.032726049 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.032737970 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.032757998 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.032788038 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.032813072 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.032892942 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.032905102 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.032917023 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.032948971 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.033730030 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.033742905 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.033787966 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.037436962 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.037451982 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.037465096 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.037476063 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.037489891 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.037501097 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.037508011 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.037514925 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.037533998 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.037554979 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.037575006 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.040332079 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.040380001 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.040391922 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.040438890 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.040730953 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.040743113 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.040755033 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.040791035 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.040909052 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.040950060 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.041064024 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.044200897 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.044260025 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.044272900 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.044332027 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.044404984 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.044419050 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.044430971 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.044445992 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.044471025 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.044496059 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.050851107 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.050865889 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.050879002 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.050921917 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.051000118 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.051012993 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.051047087 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.051151037 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.051165104 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.051193953 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.077054024 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.077068090 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.077079058 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.077090025 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.077104092 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.077116966 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.077125072 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.077130079 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.077186108 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.077280045 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.077301025 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.077313900 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.077344894 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.077450037 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.077462912 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.077474117 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.077493906 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.077519894 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.077589035 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.081355095 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.081373930 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.081387043 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.081413984 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.081445932 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.081532001 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.081543922 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.081581116 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.081645012 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.081711054 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.081723928 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.081754923 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.081836939 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.081849098 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.081883907 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.082145929 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.082190037 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.082206964 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.082218885 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.082262039 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.082295895 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.082307100 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.082340956 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.089056969 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.089067936 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.089081049 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.089092016 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.089104891 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.089114904 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.089128017 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.089159012 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.089349031 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.096632004 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.096642017 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.096648932 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.096726894 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.096730947 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.096738100 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.096786976 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.096946955 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.096965075 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.096975088 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.097018003 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.097058058 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.097105026 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.097280979 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.097345114 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.097356081 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.097398996 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.097460985 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.097472906 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.097517014 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.097565889 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.097575903 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.097608089 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.107580900 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.107600927 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.107611895 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.107670069 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.107713938 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.107775927 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.107810020 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.107866049 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.107902050 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.107913017 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.107954025 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.108154058 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.108200073 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.108216047 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.108227968 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.108266115 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.108434916 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.108488083 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.108500957 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.108536005 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.108616114 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.108628988 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.108665943 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.110629082 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.110637903 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.110680103 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.110682964 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.110723019 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.110754013 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.110765934 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.110809088 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.110877991 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.110889912 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.111226082 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.111275911 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.119218111 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.119261980 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.119271994 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.119334936 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.119365931 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.119441032 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.119451046 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.119484901 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.119580984 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.119591951 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.119601965 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.119626999 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.119653940 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.119997025 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.120060921 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.120073080 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.120105028 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.120204926 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.120215893 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.120225906 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.120253086 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.120275021 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.123846054 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.123872995 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.123883963 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.123923063 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.124039888 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.124052048 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.124063015 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.124074936 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.124085903 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.124115944 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.125771999 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.125865936 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.127296925 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.127358913 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.127372026 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.127413034 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.127425909 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.127433062 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.127465010 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.127477884 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.127526999 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.127610922 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.127652884 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.131165981 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.131201029 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.131213903 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.131256104 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.131351948 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.131365061 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.131376982 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.131402969 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.131423950 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.131598949 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.131612062 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.131654024 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.137337923 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.137414932 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.137448072 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.137491941 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.137501955 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.137536049 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.137543917 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.137634993 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.137649059 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.137693882 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.137732983 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.137778997 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.163697004 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.163754940 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.163765907 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.163825035 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.163851976 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.163865089 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.163903952 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.163990021 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.164001942 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.164012909 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.164036036 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.164050102 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.164452076 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.164467096 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.164519072 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.164612055 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.164623976 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.164633989 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.164680004 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.164844990 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.164891005 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.164894104 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.164907932 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.165008068 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.165055990 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.168221951 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.168245077 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.168256044 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.168289900 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.168323040 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.168386936 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.168411016 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.168457031 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.168507099 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.168581009 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.169625998 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.175688982 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.175729990 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.175741911 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.175784111 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.175945044 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.175959110 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.175971985 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.175986052 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.176006079 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.176086903 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.176100969 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.176145077 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.176207066 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.176220894 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.176265001 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.176348925 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.176362038 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.176397085 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.176769972 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.176878929 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.177359104 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.183664083 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.183702946 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.183715105 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.183753014 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.183846951 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.183866978 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.183887005 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.183989048 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.184010983 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.184022903 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.184051991 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.184071064 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.184190035 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.184276104 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.184297085 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.184309006 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.184318066 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.184343100 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.184483051 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.184494972 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.184533119 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.194369078 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.194389105 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.194427967 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.194431067 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.194544077 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.194555998 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.194603920 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.194614887 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.194653988 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.194690943 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.194993019 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.195090055 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.195131063 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.195133924 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.195143938 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.195172071 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.195360899 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.195404053 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.195415974 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.195429087 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.195467949 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.195568085 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.195579052 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.195616007 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.206119061 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.206150055 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.206162930 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.206201077 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.206228971 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.206274033 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.206312895 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.206326008 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.206338882 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.206382036 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.206443071 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.206480026 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.206556082 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.206568956 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.206608057 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.206687927 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.206701040 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.206742048 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.207036972 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.207066059 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.207077980 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.207122087 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.207293034 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.207304955 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.207323074 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.207335949 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.207359076 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.207372904 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.207472086 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.207505941 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.207987070 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.210659981 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.210702896 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.210714102 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.210752010 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.210779905 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.210836887 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.210948944 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.210961103 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.210973978 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.210990906 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.211007118 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.211019993 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.214103937 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.214126110 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.214138031 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.214173079 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.214204073 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.214287043 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.214298964 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.214334965 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.214423895 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.214458942 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.217624903 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.218089104 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.218120098 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.218132019 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.218163967 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.218202114 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.218244076 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.218266010 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.218311071 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.218367100 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.218409061 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.218513966 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.218554020 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.224229097 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.224240065 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.224251986 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.224298954 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.224332094 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.224358082 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.224374056 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.224528074 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.224579096 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.224591017 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.224621058 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.224647045 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.224685907 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.250567913 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.250580072 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.250617027 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.250637054 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.250653028 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.250684023 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.250695944 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.250725031 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.250909090 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.250952959 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.250963926 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.251014948 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.251075983 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.251121044 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.255295992 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.255347967 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.255358934 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.255398989 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.255424023 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.255459070 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.255466938 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.255542994 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.255554914 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.255593061 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.256831884 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.256844997 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.256859064 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.256870985 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.256874084 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.256885052 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.256896973 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.256906033 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.256911039 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.256923914 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.256936073 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.256959915 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.257606983 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.263394117 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.263521910 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.263576031 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.263844967 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.263978958 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.263991117 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.264024973 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.264131069 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.264143944 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.264156103 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.264168024 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.264174938 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.264214993 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.264445066 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.264456034 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.264493942 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.264992952 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.265005112 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.265017033 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.265043020 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.265054941 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.265286922 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.271612883 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.271667004 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.271785021 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.271796942 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.271836042 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.271857023 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.271868944 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.272036076 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.272048950 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.272062063 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.272083044 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.272114038 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.272347927 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.272361994 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.272372961 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.272387981 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.272416115 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.272488117 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.272643089 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.272655010 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.272694111 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.272777081 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.272820950 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.282718897 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.282732010 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.282743931 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.282779932 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.282888889 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.282902956 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.282953978 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.283140898 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.283153057 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.283164978 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.283179998 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.283214092 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.283273935 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.283286095 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.283324003 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.283473015 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.283484936 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.283498049 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.283529043 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.283612013 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.283624887 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.283653021 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.294276953 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.294290066 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.294301033 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.294348955 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.294384956 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.294442892 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.294454098 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.294466972 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.294477940 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.294490099 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.294500113 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.294507027 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.294524908 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.294540882 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.294598103 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.294610023 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.294621944 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.294650078 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.295391083 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.295402050 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.295414925 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.295433044 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.295461893 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.295562983 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.295573950 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.295591116 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.295602083 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.295612097 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.295644045 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.295881987 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.295893908 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.295939922 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.298830986 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.298974991 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.298986912 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.299040079 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.299139023 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.299206018 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.299215078 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.299752951 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.299765110 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.299809933 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.514360905 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.538005114 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.542905092 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.542918921 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.542933941 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.542973995 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.543024063 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.543056965 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.543071032 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.543083906 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.543097019 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.543117046 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.543135881 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.543303967 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.543323040 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.543334007 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.543346882 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.543364048 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.543384075 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.543545961 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.543559074 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.543678999 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.543697119 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.543709993 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.543734074 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.543761969 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.543927908 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.543940067 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.543951988 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.543963909 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.543977022 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.543987036 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.543989897 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.544008017 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.544018030 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.544226885 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.544374943 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.544388056 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.544420958 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.544456005 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.544481039 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.544497013 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.544509888 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.544523001 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.544538021 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.544569016 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.544751883 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.544764042 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.544781923 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.544795990 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.544823885 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.544848919 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.545146942 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.545159101 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.545169115 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.545197964 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.545322895 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.545337915 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.545351028 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.545365095 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.545367002 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.545397043 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.545562029 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.545573950 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.545588017 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.545599937 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.545614004 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.545640945 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.545975924 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.546031952 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.546044111 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.546073914 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.546091080 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.546159983 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.546180964 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.546192884 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.546205044 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.546222925 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.546247005 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.546389103 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.546639919 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.546652079 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.546664953 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.546689987 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.546722889 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.546773911 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.546787024 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.546798944 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.546811104 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.546824932 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.546854019 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.547168016 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.547180891 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.547193050 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.547234058 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.547250032 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.547470093 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.547507048 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.547513008 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.547548056 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.547604084 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.547617912 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.547756910 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.547769070 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.547780037 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.547791958 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.547806978 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.547821045 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.547844887 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.548048019 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.548064947 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.548078060 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.548120022 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.548357964 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.548398018 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.548437119 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.548449993 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.548490047 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.548607111 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.548671961 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.548682928 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.548728943 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.548825979 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.548837900 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.548886061 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.548932076 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.548949957 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.548964024 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.548975945 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.548978090 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.548991919 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.549005032 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.549031019 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.549129963 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.549555063 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.549596071 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.549598932 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.549608946 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.549654007 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.549770117 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.549781084 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.549792051 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.549809933 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.549906969 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.549921036 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.549932957 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.549945116 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.549957991 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.549964905 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.549978971 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.550010920 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.550446033 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.550508976 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.550520897 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.550561905 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.550606966 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.550621986 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.550647974 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.550848007 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.550869942 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.550882101 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.550890923 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.550925016 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.551023006 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.551033974 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.551045895 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.551074028 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.551161051 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.551199913 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.551268101 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.551280022 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.551292896 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.551305056 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.551335096 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.551353931 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.551763058 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.551800966 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.551815987 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.551856041 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.551955938 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.551980019 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.551990986 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.551995993 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.552005053 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.552023888 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.552187920 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.552201033 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.552212954 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.552232981 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.552232981 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.552247047 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.552259922 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.552263975 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.552288055 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.553098917 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.553148985 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.553155899 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.553169012 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.553208113 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.553256035 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.553268909 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.553307056 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.553406000 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.553417921 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.553431034 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.553443909 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.553459883 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.553471088 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.553472042 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.553484917 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.553487062 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.553508043 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.553720951 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.553797960 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.553809881 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.553833008 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.553855896 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.553858042 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.553925037 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.553939104 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.553951025 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.553963900 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.553987980 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.554183960 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.554195881 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.554208994 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.554220915 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.554233074 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.554235935 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.554245949 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.554260969 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.554263115 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.554287910 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.554644108 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.554665089 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.554687023 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.554781914 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.554821968 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.554827929 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.554840088 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.554872990 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.554955006 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.554968119 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.554980993 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.555018902 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.555114031 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.555125952 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.555136919 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.555151939 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.555160046 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.555176020 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.555372000 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.555385113 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.555396080 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.555408001 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.555421114 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.555422068 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.555443048 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.555459976 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.555728912 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.555772066 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.555783987 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.555866957 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.555922031 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.556001902 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.556015015 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.556025982 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.556041002 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.556065083 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.556139946 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.556152105 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.556209087 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.556303978 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.556317091 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.556329012 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.556340933 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.556346893 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.556354046 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.556368113 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.556380987 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.556382895 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.556405067 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.556663036 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.556715965 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.556730032 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.556756020 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.556773901 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.556849957 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.556864023 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.556874990 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.556886911 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.556899071 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.556924105 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.557039022 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.557051897 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.557094097 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.557156086 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.557168007 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.557179928 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.557199001 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.557420015 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.557431936 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.557442904 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.557454109 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.557461977 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.557466030 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.557476997 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.557478905 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.557492018 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.557503939 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.557504892 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.557534933 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.558182955 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.558253050 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.558264017 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.558295965 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.558307886 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.558382988 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.558396101 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.558408022 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.558437109 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.604588985 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.637940884 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.638012886 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.642800093 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.642879009 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.642896891 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.642920017 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.642944098 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.642956972 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.642982960 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.643045902 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.643085957 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.643197060 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.643208981 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.643222094 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.643234968 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.643276930 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.643367052 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.643378019 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.643429041 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.643445015 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.643457890 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.643472910 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.643485069 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.643496037 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.643500090 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.643507004 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.643518925 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.643542051 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.643570900 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.644067049 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.644079924 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.644093990 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.644104958 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.644118071 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.644126892 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.644131899 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.644139051 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.644150972 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.644165039 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.644176006 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.644182920 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.644196987 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.644205093 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.644208908 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.644216061 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.644228935 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.644242048 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.644253969 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.644256115 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.644280910 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.644907951 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.644921064 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.644932985 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.644944906 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.644949913 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.644958019 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.644964933 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.644972086 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.644985914 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.644994974 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.644999027 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.645013094 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.645042896 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.645070076 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.645368099 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.645380974 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.645392895 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.645405054 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.645416975 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.645423889 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.645431042 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.645442963 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.645478010 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.645507097 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.645519972 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.645531893 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.645545959 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.645558119 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.645565987 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.645570040 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.645581007 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.645585060 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.645601034 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.645612955 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.645617008 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.645626068 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.645637989 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.645648956 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.645679951 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.646451950 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.646465063 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.646476984 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.646505117 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.646507025 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.646523952 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.646528006 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.646538019 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.646550894 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.646562099 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.646563053 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.646578074 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.646581888 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.646591902 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.646605015 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.646615982 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.646620035 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.646630049 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.646641970 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.646644115 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.646656036 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.646668911 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.646677971 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.646697044 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.647423983 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.647437096 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.647448063 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.647464991 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.647476912 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.647480965 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.647490025 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.647502899 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.647507906 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.647516012 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.647528887 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.647540092 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.647548914 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.647553921 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.647566080 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.647572041 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.647578955 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.647594929 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.647608042 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.647614002 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.647624969 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.647636890 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.647650003 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.647685051 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.648411989 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.648430109 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.648441076 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.648452997 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.648464918 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.648473024 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.648479939 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.648488998 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.648492098 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.648504972 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.648518085 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.648518085 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.648530960 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.648542881 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.648545980 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.648555994 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.648570061 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.648582935 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.648583889 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.648596048 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.648610115 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.648617029 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.648622036 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.648642063 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.648663998 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.649332047 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.649346113 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.649358034 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.649372101 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.649384022 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.649389982 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.649396896 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.649409056 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.649410963 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.649422884 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.649427891 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.649436951 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.649450064 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.649461985 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.649463892 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.649476051 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.649488926 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.649492979 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.649502039 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.649508953 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.649516106 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.649529934 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.649532080 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.649563074 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.650316954 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.650331020 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.650341988 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.650356054 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.650367975 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.650377989 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.650381088 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.650393009 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.650404930 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.650412083 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.650417089 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.650425911 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.650429964 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.650444031 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.650456905 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.650469065 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.650480986 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.650480986 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.650497913 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.650511026 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.650511980 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.650526047 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.650553942 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.650583982 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.651040077 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.651052952 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.651065111 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.651077986 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.651088953 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.651097059 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.651109934 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.651124001 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.651129961 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.651141882 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.651158094 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.651170015 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.651173115 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.651184082 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.651196957 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.651201963 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.651213884 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.651215076 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.651228905 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.651241064 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.651249886 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.651254892 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.651271105 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.651281118 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.651300907 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.651674032 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.651689053 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.651701927 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.651714087 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.651716948 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.651746988 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.672256947 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.672302961 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.672314882 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.672317028 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.672359943 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.672373056 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.672373056 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.672442913 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.672456980 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.672557116 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.672569990 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.672585011 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.672591925 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.672617912 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.672733068 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.672744036 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.672755003 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.672766924 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.672771931 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.672777891 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.672791958 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.672806978 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.672821999 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.672926903 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.673001051 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.673141003 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.673151970 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.673162937 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.673175097 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.673177958 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.673190117 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.673202038 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.673209906 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.673214912 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.673224926 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.673238039 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.673252106 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.673257113 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.673266888 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.673281908 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.673301935 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.673572063 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.673583984 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.673594952 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.673613071 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.673641920 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.673688889 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.673703909 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.673715115 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.673727036 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.673741102 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.673751116 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.673757076 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.673768997 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.673782110 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.673784018 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.673793077 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.673803091 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.673806906 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.673820019 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.673831940 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.673854113 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.674420118 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.674432993 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.674444914 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.674457073 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.674472094 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.674479961 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.674487114 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.674499035 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.674513102 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.674511909 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.674546003 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.677067995 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.677113056 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.677125931 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.677139044 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.677175045 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.677184105 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.677212954 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.677258968 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.703798056 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.703885078 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.708584070 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.708641052 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.708655119 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.708694935 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.708775043 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.708816051 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.708832979 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.708844900 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.708889008 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.708993912 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.709007025 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.709019899 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.709043026 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.709114075 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.709127903 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.709140062 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.709151983 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.709152937 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.709167004 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.709317923 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.709331036 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.709342003 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.709353924 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.709359884 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.709367990 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.709379911 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.709381104 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.709395885 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.709408998 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.709410906 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.709428072 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.709578991 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.709726095 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.709728956 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.709742069 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.709753990 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.709774017 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.709781885 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.709786892 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.709799051 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.709810972 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.709816933 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.709830999 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.709836006 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.709845066 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.709856987 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.709870100 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.709882021 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.709882975 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.709896088 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.709908962 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.709909916 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.709922075 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.709923983 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.709945917 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.709947109 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.709994078 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.710388899 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.710402012 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.710416079 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.710428953 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.710441113 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.710442066 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.710455894 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.710469007 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.710495949 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.710663080 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.710675001 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.710688114 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.710699081 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.710712910 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.710714102 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.710726023 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.710738897 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.710740089 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.710773945 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.710973978 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.710984945 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.710997105 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.711008072 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.711014986 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.711021900 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.711035013 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.711044073 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.711050987 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.711061954 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.711071968 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.711095095 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.759335041 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.759361029 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.759375095 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.759385109 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.759401083 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.759413958 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.759414911 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.759454012 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.759507895 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.759574890 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.759588003 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.759609938 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.759704113 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.759771109 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.759783030 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.759809971 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.759835005 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.759871006 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.759884119 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.759919882 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.760093927 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.760106087 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.760118961 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.760143042 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.760241985 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.760252953 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.760265112 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.760279894 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.760286093 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.760308981 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.760472059 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.760531902 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.760534048 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.760545015 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.760605097 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.760690928 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.760704994 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.760715961 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.760727882 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.760742903 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.760768890 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.760941982 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.760952950 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.760963917 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.760977983 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.760986090 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.761028051 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.761073112 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.761085033 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.761115074 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.761240959 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.761512041 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.761523008 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.761534929 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.761555910 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.761581898 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.761667013 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.761678934 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.761692047 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.761708975 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.761723995 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.761754036 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.761801958 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.761873007 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.761885881 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.761897087 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.761910915 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.761914015 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.761924028 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.761940956 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.761964083 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.762288094 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.762367964 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.762381077 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.762423992 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.762449980 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.762460947 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.762485981 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.762646914 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.762664080 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.762676954 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.762689114 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.762698889 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.762702942 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.762723923 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.762736082 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.762936115 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.762947083 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.762965918 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.762983084 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.763004065 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.763027906 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.763334036 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.763346910 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.763361931 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.763401985 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.763453960 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.763467073 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.763478041 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.763494968 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.763501883 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.763529062 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.763659000 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.763953924 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.775110960 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.775145054 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.775154114 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.775202990 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.775245905 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.775258064 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.775269985 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.775289059 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.775317907 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.775367975 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.775381088 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.775423050 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.777087927 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.777107000 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.777120113 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.777163029 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.777211905 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.777225018 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.777250051 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.777333975 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.777369976 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.777374983 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.785543919 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.785593987 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.785604954 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.785619020 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.785650015 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.785653114 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.785661936 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.785702944 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.785728931 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.785773039 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.785808086 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.792032957 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.792084932 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.792098045 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.792123079 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.792164087 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.792176008 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.792190075 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.792216063 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.792236090 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.792342901 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.792409897 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.792422056 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.792460918 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.792521954 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.792558908 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.792593956 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.792664051 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.792676926 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.792687893 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.792725086 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.792752028 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.792766094 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.792804956 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.792875051 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.792886972 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.793028116 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.793112040 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.793124914 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.793138981 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.793160915 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.793227911 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.793241024 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.793271065 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.814033985 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.814133883 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.846333027 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.846358061 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.846370935 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.846417904 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.846431017 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.846445084 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.846474886 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.846563101 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.846576929 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.846590042 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.846631050 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.846643925 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.846697092 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.846765995 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.846777916 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.846827030 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.846841097 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.846880913 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.846896887 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.846910954 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.847009897 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.847018957 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.847031116 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.847065926 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.847130060 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.847203016 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.847214937 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.847249031 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.847333908 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.847345114 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.847356081 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.847368002 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.847376108 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.847400904 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.847587109 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.847600937 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.847611904 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.847625971 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.847632885 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.847645044 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.847670078 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.847685099 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.847969055 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.847980976 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.847999096 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.848027945 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.848109961 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.848155022 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.848165989 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.848180056 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.848192930 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.848217010 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.848417997 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.848433971 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.848447084 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.848458052 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.848459959 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.848484993 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.848578930 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.848597050 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.848609924 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.848618031 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.848651886 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.848972082 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.848984003 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.848998070 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.849051952 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.849088907 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.849101067 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.849112034 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.849124908 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.849137068 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.849149942 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.849356890 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.849368095 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.849381924 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.849392891 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.849402905 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.849406004 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.849420071 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.849420071 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.849433899 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.849447966 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.849467993 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.849839926 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.849883080 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.849896908 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.849931002 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.850024939 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.850038052 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.850049019 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.850064993 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.850095987 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.850287914 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.850300074 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.850311995 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.850322962 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.850336075 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.850343943 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.850348949 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.850375891 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.850399971 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.850517988 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.850531101 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.850570917 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.862052917 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.862078905 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.862090111 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.862116098 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.862225056 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.862236977 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.862250090 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.862273932 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.862307072 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.862370968 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.863944054 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.863990068 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.863996029 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.864008904 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.864043951 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.864079952 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.864114046 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.864126921 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.864157915 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.864231110 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.864243031 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.864279032 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.872428894 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.872458935 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.872473001 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.872483969 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.872514963 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.872581959 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.872596025 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.872684002 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.872687101 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.872697115 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.872750044 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.879137993 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.879167080 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.879179955 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.879209042 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.879306078 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.879323959 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.879337072 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.879354954 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.879355907 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.879376888 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.879528999 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.879540920 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.879568100 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.879664898 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.879678965 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.879700899 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.879728079 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.879740953 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.879753113 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.879765034 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.879767895 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.879797935 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.879877090 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.879961014 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.879975080 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.879977942 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.880053997 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.880088091 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.880108118 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.880120039 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.880142927 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.932709932 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.933265924 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.933332920 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.933346033 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.933379889 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.933461905 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.933475018 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.933487892 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.933499098 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.933501959 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.933527946 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.933608055 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.933676004 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.933682919 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.933690071 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.933753014 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.933820009 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.933835983 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.933849096 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.933862925 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.933886051 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.933908939 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.934139967 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.934151888 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.934165001 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.934179068 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.934187889 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.934192896 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.934206009 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.934214115 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.934220076 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.934236050 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.934253931 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.934333086 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.934425116 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.934480906 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.934494019 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.934530020 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.934611082 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.934623003 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.934643030 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.934654951 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.934657097 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.934689999 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.934835911 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.934848070 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.934860945 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.934873104 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.934874058 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.934901953 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.935055017 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.935067892 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.935080051 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.935092926 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.935101986 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.935112953 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.935132027 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.935158968 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.935290098 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.935369015 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.935381889 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.935416937 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.935482025 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.935493946 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.935506105 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.935518980 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.935528040 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.935559034 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.935794115 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.935806036 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.935821056 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.935834885 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.935842037 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.935849905 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.935861111 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.935864925 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.935878992 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.935889959 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.935890913 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.935909033 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.935916901 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.935945988 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.936168909 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.936248064 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.936259031 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.936286926 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.936372995 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.936386108 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.936398029 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.936408997 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.936413050 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.936439991 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.936628103 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.936646938 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.936661005 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.936669111 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.936674118 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.936686993 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.936700106 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.936709881 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.936712027 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.936737061 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.936750889 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.948957920 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.948970079 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.948981047 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.949012041 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.949016094 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.949026108 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.949037075 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.949053049 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.949076891 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.949177980 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.949191093 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.949229002 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.950959921 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.950975895 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.950989008 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.951001883 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.951014042 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.951045036 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.951046944 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.951117039 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.951128006 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.951165915 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.951205969 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.951245070 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.951246977 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.959332943 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.959342957 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.959353924 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.959387064 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.959403992 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.959419012 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.959434032 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.959449053 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.959489107 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.959527969 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.959542036 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.959569931 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.959635019 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.959675074 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.966059923 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.966111898 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.966124058 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.966162920 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.966169119 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.966223001 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.966245890 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.966258049 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.966295958 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.966399908 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.966415882 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.966437101 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.966448069 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.966456890 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.966459990 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.966483116 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.966573000 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.966614008 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.966722965 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.966737032 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.966749907 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.966788054 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.966839075 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.966851950 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.966861963 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.966876030 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.966891050 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.966902018 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.967102051 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.967150927 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:16.967173100 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.967185020 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.967215061 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:16.967220068 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.010853052 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.020248890 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.020271063 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.020287037 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.020306110 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.020313978 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.020319939 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.020334005 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.020359993 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.020375967 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.020390987 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.020447016 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.020509005 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.020549059 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.020549059 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.020566940 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.020607948 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.020649910 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.020663977 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.020694017 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.020817041 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.020855904 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.020864010 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.020874977 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.020904064 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.020945072 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.021013975 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.021027088 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.021039963 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.021063089 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.021080971 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.021336079 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.021389008 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.021429062 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.021477938 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.021490097 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.021502972 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.021532059 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.021565914 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.021584034 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.021610975 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.021642923 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.021691084 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.021701097 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.021898031 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.021908998 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.021922112 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.021944046 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.021970034 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.022028923 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.022042036 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.022053957 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.022068024 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.022079945 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.022094011 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.022102118 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.022116899 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.022135019 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.022454977 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.022489071 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.022500992 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.022563934 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.022643089 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.022655964 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.022674084 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.022686958 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.022701025 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.022727966 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.022862911 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.022875071 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.022886992 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.022902966 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.022911072 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.022943974 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.023252010 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.023263931 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.023276091 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.023294926 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.023315907 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.023360014 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.023371935 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.023385048 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.023400068 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.023410082 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.023446083 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.023647070 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.023663998 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.023677111 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.023693085 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.023706913 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.023720026 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.023720980 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.023732901 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.023747921 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.023772001 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.024116039 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.024156094 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.024194002 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.024302006 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.024323940 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.024337053 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.024349928 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.024364948 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.024379015 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.024446011 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.024488926 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.035720110 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.035732031 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.035765886 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.035774946 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.035830021 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.035844088 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.035876036 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.035960913 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.035974026 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.035985947 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.036010981 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.036035061 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.037756920 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.037769079 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.037807941 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.037808895 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.037864923 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.037878990 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.037904978 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.037981033 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.037998915 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.038011074 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.038023949 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.038048983 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.051043987 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.051095009 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.051109076 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.051142931 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.051234007 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.051245928 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.051258087 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.051270962 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.051280975 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.051320076 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.305738926 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.305766106 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.305778980 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.305790901 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.305804968 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.305818081 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.305860996 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.305871964 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.305872917 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.305913925 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.305927038 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.306444883 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.306545019 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.306822062 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.306869030 CET	49730	1950	192.168.2.4	154.216.20.162
Jan 8, 2025 14:29:17.311182022 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.311352015 CET	1950	49730	154.216.20.162	192.168.2.4
Jan 8, 2025 14:29:17.311614037 CET	1950	49730	154.216.20.162	192.168.2.4

Target ID:	0
Start time:	08:29:01
Start date:	08/01/2025
Path:	C:\Users\user\Desktop\aNfqvgu.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\aNfqvgu.exe"
Imagebase:	0x400000
File size:	1'645'056 bytes
MD5 hash:	5BCB135588749AD206277AB96836FC00
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.1765588038.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000000.00000003.1739807908.0000000000680000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000003.1747202676.00000000006E9000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000000.00000003.1742374681.0000000002E90000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000000.00000002.1765676595.0000000002300000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000000.00000003.1742230483.0000000002C70000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	08:29:06
Start date:	08/01/2025
Path:	C:\Windows\SysWOW64\svchost.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\svchost.exe"
Imagebase:	0x630000
File size:	46'504 bytes
MD5 hash:	1ED18311E3DA35942DB37D15FA40CC5B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000001.00000003.1747966251.00000000027F0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000001.00000003.1752625832.0000000004E80000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000001.00000003.1752787290.00000000050A0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000001.00000002.1846756097.0000000002F60000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	08:29:08
Start date:	08/01/2025
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 504
Imagebase:	0x140000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	08:29:16
Start date:	08/01/2025
Path:	C:\Windows\System32\fontdrvhost.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\fontdrvhost.exe"
Imagebase:	0x7ff72c440000
File size:	827'408 bytes
MD5 hash:	BBCB897697B3442657C7D6E3EDDBD25F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	08:29:19
Start date:	08/01/2025
Path:	C:\Windows\System32\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\WerFault.exe -u -p 5244 -s 136
Imagebase:	0xba0000
File size:	570'736 bytes
MD5 hash:	FD27D9F6D02763BDE32511B5DF7FF7A0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	24.3%
Dynamic/Decrypted Code Coverage:	1.6%
Signature Coverage:	3.1%
Total number of Nodes:	914
Total number of Limit Nodes:	8

Executed Functions

Function 0042BEFA Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 86
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32 ref: 0042BF03
HeapAlloc.KERNEL32(00000000,00000008,00040000), ref: 0042BF56

Part of subcall function 0042BFEB: HeapAlloc.KERNEL32(?,00000008,00000010,?,0042BF7F,?,0042BC80,00000000), ref: 0042BFF6

HeapFree.KERNEL32(00000000,00000000,?), ref: 0042BFA2
VirtualFree.KERNELBASE(?,00000000,00008000), ref: 0042BFCE
KiUserExceptionDispatcher.NTDLL(00000000,00000000,006E2F50), ref: 0042BFD4

Strings

GNzcI3uZfeVBx4IpN5HKbbHyA9Xk0jQBupq7VTqGRU7u4TCmeGAKd8MC2t7XxA-|E6ZugqjWIr-5JZA4uxfNjQbqfsRKoFBWUnD9mqEg0SXYa7P98m0fkgnb9l1MqA6BUFi23z8hRpdvdlhnlWRgfgEnavjYDjsbCEfxCcTeEu9ScHBMDvgGi80LQ5C9nremaLQqj82Lb2AC7pwrYxziJq90Xca4ALHZc6S5CDFI6X3ncr2AUKqfoTjEMIO6W2OJ7Zxz, xrefs: 0042BF36
P/n, xrefs: 0042BF12, 0042BF21, 0042BFD6, 0042BFDC

Memory Dump Source

Source File: 00000000.00000002.1765381663.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_aNfqvgu.jbxd

Similarity

API ID: Heap$AllocFree$DispatcherExceptionProcessUserVirtual
String ID: GNzcI3uZfeVBx4IpN5HKbbHyA9Xk0jQBupq7VTqGRU7u4TCmeGAKd8MC2t7XxA-|E6ZugqjWIr-5JZA4uxfNjQbqfsRKoFBWUnD9mqEg0SXYa7P98m0fkgnb9l1MqA6BUFi23z8hRpdvdlhnlWRgfgEnavjYDjsbCEfxCcTeEu9ScHBMDvgGi80LQ5C9nremaLQqj82Lb2AC7pwrYxziJq90Xca4ALHZc6S5CDFI6X3ncr2AUKqfoTjEMIO6W2OJ7Zxz$P/n
API String ID: 3598810914-237956216
Opcode ID: c6efd58d8705114bd6ce61614c52128382e58d8c03c364074242ce3426763076
Instruction ID: 2a5401b6a08ddf3dc2aaa75bc5cda96bcf132d324c7078dfa8bf77b618d7fb6c
Opcode Fuzzy Hash: c6efd58d8705114bd6ce61614c52128382e58d8c03c364074242ce3426763076
Instruction Fuzzy Hash: 17313A71A00219AFCB10CF99ED80BAFBBF4EB09304F50802AE559E7350D735A945CF98

Function 006EA446 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 006EA46E
Module32First.KERNEL32(00000000,00000224), ref: 006EA48E

Memory Dump Source

Source File: 00000000.00000003.1747202676.00000000006E9000.00000040.00000020.00020000.00000000.sdmp, Offset: 006E9000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6e9000_aNfqvgu.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: c5a9cb45881dcb6a2524c04a175e828495816df0825ab13cc8a31c4a15f86f6c
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: 4BF09631101711AFD7203BFAA88DBAEB6F9AF89725F104568F646911C0DBB0FC454A62

Function 0217003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0217024D

Strings

kernel32.dll, xrefs: 0217008F, 02170095
cess, xrefs: 0217018D

Memory Dump Source

Source File: 00000000.00000002.1765588038.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2170000_aNfqvgu.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction ID: 20d72d97d4b91e157398b5588176fb2569ed1a9d1da1e1fd342d4343e33d2590
Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction Fuzzy Hash: C7526975A01229DFDB64CF58C984BACBBB1BF49304F1580E9E94DAB351DB30AA85CF14

Function 0042C033 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 172
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_strlen.LIBCMT ref: 0042C04D
HeapAlloc.KERNEL32(?,00000008,00000001,?,00000000), ref: 0042C069
_strlen.LIBCMT ref: 0042C090
___from_strstr_to_strchr.LIBCMT ref: 0042C118
RtlFreeHeap.NTDLL(?,00000000,00000000,?,00000000), ref: 0042C1E4

Strings

!?#$%&()*+-,/:;<>=@[\]^`{|}~, xrefs: 0042C0D4, 0042C117, 0042C1B3, 0042C1BC

Memory Dump Source

Source File: 00000000.00000002.1765381663.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_aNfqvgu.jbxd

Similarity

API ID: Heap_strlen$AllocFree___from_strstr_to_strchr
String ID: !?#$%&()*+-,/:;<>=@[\]^`{|}~
API String ID: 355428601-2271055266
Opcode ID: 18ba3ee87ac263ca046d0cc64a6699f702523e87a887ffd6cf0ee4ead859b1c6
Instruction ID: a8cb22043a8aa05832ee2590f306a077f251e6838bcd97514f5f7ebd8ee95794
Opcode Fuzzy Hash: 18ba3ee87ac263ca046d0cc64a6699f702523e87a887ffd6cf0ee4ead859b1c6
Instruction Fuzzy Hash: 3651F4756082648BE320CE18E4817BF77E6EF56758FD4045AD9858B303D329AD06CB8A

Function 004392CC Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 00439314

Part of subcall function 00439098: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 004390C1

VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 00439366
VirtualProtect.KERNELBASE(0000002C,?,00000040,0000002C), ref: 004393C0
VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 004393F3

Strings

,, xrefs: 00439344

Memory Dump Source

Source File: 00000000.00000003.1739929212.0000000000439000.00000040.00000001.01000000.00000003.sdmp, Offset: 00439000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_439000_aNfqvgu.jbxd

Similarity

API ID: Virtual$Alloc$FreeProtect
String ID: ,
API String ID: 980677596-3772416878
Opcode ID: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
Instruction ID: c7f9954aaf92802dc8596fc704158f53f7323d53bf85fe34f6f5e7b839a10a37
Opcode Fuzzy Hash: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
Instruction Fuzzy Hash: B3510AB590060AAFDB10DFA9C881A9EBBF4FF08354F10951AF959A7240D3B4E951CBA4

Function 004392CC Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 00439314

Part of subcall function 00439098: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 004390C1

VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 00439366
VirtualProtect.KERNELBASE(0000002C,?,00000040,0000002C), ref: 004393C0
VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 004393F3

Strings

,, xrefs: 00439344

Memory Dump Source

Source File: 00000000.00000002.1765381663.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_aNfqvgu.jbxd

Similarity

API ID: Virtual$Alloc$FreeProtect
String ID: ,
API String ID: 980677596-3772416878
Opcode ID: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
Instruction ID: c7f9954aaf92802dc8596fc704158f53f7323d53bf85fe34f6f5e7b839a10a37
Opcode Fuzzy Hash: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
Instruction Fuzzy Hash: B3510AB590060AAFDB10DFA9C881A9EBBF4FF08354F10951AF959A7240D3B4E951CBA4

Function 0042BC80 Relevance: 4.5, APIs: 3, Instructions: 30
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 0042BC87
WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 0042BC9A
CloseHandle.KERNELBASE(00000000), ref: 0042BCC7

Part of subcall function 0042BFEB: HeapAlloc.KERNEL32(?,00000008,00000010,?,0042BF7F,?,0042BC80,00000000), ref: 0042BFF6

Memory Dump Source

Source File: 00000000.00000002.1765381663.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_aNfqvgu.jbxd

Similarity

API ID: AllocCloseCreateEventHandleHeapObjectSingleWait
String ID:
API String ID: 783827187-0
Opcode ID: 4dc99e0828cb73d3b042eab61e92d94bd9680a422529f13331d7a34ac1021427
Instruction ID: af46de013a0d7d92c1d72c29f23f54d966f7dd85d52430f69652ae25bcc9dccc
Opcode Fuzzy Hash: 4dc99e0828cb73d3b042eab61e92d94bd9680a422529f13331d7a34ac1021427
Instruction Fuzzy Hash: C2E06DB9A016227BD3122B22AE06E7B776CEF92702705442AF804E3250DF28DC01D6F9

Function 00433C75 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FlsGetValue.KERNELBASE ref: 00433CA5

Strings

FlsGetValue, xrefs: 00433C85

Memory Dump Source

Source File: 00000000.00000002.1765381663.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_aNfqvgu.jbxd

Similarity

API ID: Value
String ID: FlsGetValue
API String ID: 3702945584-662576866
Opcode ID: 74a72e2ea0314db87ced77037b28d9a6ce5b8a2388f67483e5d85f0e08c8c5e8
Instruction ID: 5f3e0b4de25dc0737c33fcecb76ee88c50ce7d49f03d1e25d6551cb25966e40a
Opcode Fuzzy Hash: 74a72e2ea0314db87ced77037b28d9a6ce5b8a2388f67483e5d85f0e08c8c5e8
Instruction Fuzzy Hash: 2EE0CD33B802287782312BD5BD05BEB7E44D751BB2F144173FB0C56281D6A94D5185DC

Function 02170E0F Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000400,?,?,02170223,?,?), ref: 02170E19
SetErrorMode.KERNELBASE(00000000,?,?,02170223,?,?), ref: 02170E1E

Memory Dump Source

Source File: 00000000.00000002.1765588038.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2170000_aNfqvgu.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: f6eda14345538900ca3a5bcd661a1e8535e70606a6f2fc7bf9789d366219cde3
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: 9DD0123114522877D7002A94DC09BCD7B1CDF09B66F108011FB0DD9080CB70954046E5

Function 00431289 Relevance: 2.6, APIs: 2, Instructions: 67
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32(?,00000000,00430B94,00434C4B,?,004344E3,?,?,00000000,?,?,00434548,?,004343DB,00000000,?), ref: 0043128D
SetLastError.KERNEL32(00000000,?,00000000,004343DB,?,?,?,00477898,0000002C,0043444C,?,?,?), ref: 0043132F

Part of subcall function 00433C75: FlsGetValue.KERNELBASE ref: 00433CA5

Memory Dump Source

Source File: 00000000.00000002.1765381663.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_aNfqvgu.jbxd

Similarity

API ID: ErrorLast$Value
String ID:
API String ID: 1883355122-0
Opcode ID: 483777f50ac71e4f52105c5ed3062467242286bacb5dff78a89a745269670e84
Instruction ID: 7ae844e43b4e0d2907d5aa361c861ee15f6527edd1f4f3dcae61067e151ce711
Opcode Fuzzy Hash: 483777f50ac71e4f52105c5ed3062467242286bacb5dff78a89a745269670e84
Instruction Fuzzy Hash: 591108712092106EE7103BB69CC6EAF269CCB4D3BAF10223BF914A11B1DB5D4C5B516E

Function 004391B0 Relevance: 1.4, APIs: 1, Instructions: 133COMMON

Download Yara Rule

APIs

VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 0043926D

Memory Dump Source

Source File: 00000000.00000003.1739929212.0000000000439000.00000040.00000001.01000000.00000003.sdmp, Offset: 00439000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_439000_aNfqvgu.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: de148ecc26438995122263fd84e79d06e7e20828183585f1ddfda33d16eac7f6
Instruction ID: 80fbf0fecc1045b27c107abcbf320e773f3ff1e05f448897efdd00af33896b18
Opcode Fuzzy Hash: de148ecc26438995122263fd84e79d06e7e20828183585f1ddfda33d16eac7f6
Instruction Fuzzy Hash: A851CC31A0464ADFDF41CF98C881AEEBBF0EF09310F281496E465F7241C278AE51DB29

Function 004391B0 Relevance: 1.4, APIs: 1, Instructions: 133
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 0043926D

Memory Dump Source

Source File: 00000000.00000002.1765381663.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_aNfqvgu.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: de148ecc26438995122263fd84e79d06e7e20828183585f1ddfda33d16eac7f6
Instruction ID: 80fbf0fecc1045b27c107abcbf320e773f3ff1e05f448897efdd00af33896b18
Opcode Fuzzy Hash: de148ecc26438995122263fd84e79d06e7e20828183585f1ddfda33d16eac7f6
Instruction Fuzzy Hash: A851CC31A0464ADFDF41CF98C881AEEBBF0EF09310F281496E465F7241C278AE51DB29

Function 006EA105 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 006EA156

Memory Dump Source

Source File: 00000000.00000003.1747202676.00000000006E9000.00000040.00000020.00020000.00000000.sdmp, Offset: 006E9000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6e9000_aNfqvgu.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: d836176687f50020a7c29e77ab9a88dbec15fe293560d6311141c476feb18185
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: D1113C79A00208EFDB01DF99C985E98BBF5AF08350F0580A4F9489B362D371EA50DF91

Function 00439098 Relevance: 1.3, APIs: 1, Instructions: 30memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 004390C1

Memory Dump Source

Source File: 00000000.00000003.1739929212.0000000000439000.00000040.00000001.01000000.00000003.sdmp, Offset: 00439000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_439000_aNfqvgu.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 5fa5c9145237fa88e1aa37702aad2718761a025d2b836103e406ca8614d22d44
Instruction ID: e4093ad80bf78e98c72bba1ec1b53d0bb2879be621b88dd1afff0ef72a226250
Opcode Fuzzy Hash: 5fa5c9145237fa88e1aa37702aad2718761a025d2b836103e406ca8614d22d44
Instruction Fuzzy Hash: AD01C471D00249EFEB00DF95C449BAEBBB0AB18326F108059E521AA291C3BC5A86DF85

Function 00439098 Relevance: 1.3, APIs: 1, Instructions: 30
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 004390C1

Memory Dump Source

Source File: 00000000.00000002.1765381663.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_aNfqvgu.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 5fa5c9145237fa88e1aa37702aad2718761a025d2b836103e406ca8614d22d44
Instruction ID: e4093ad80bf78e98c72bba1ec1b53d0bb2879be621b88dd1afff0ef72a226250
Opcode Fuzzy Hash: 5fa5c9145237fa88e1aa37702aad2718761a025d2b836103e406ca8614d22d44
Instruction Fuzzy Hash: AD01C471D00249EFEB00DF95C449BAEBBB0AB18326F108059E521AA291C3BC5A86DF85

Non-executed Functions

Function 00431BBA Relevance: 6.2, APIs: 4, Instructions: 206fileCOMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000), ref: 00431CAA
FindNextFileW.KERNEL32(00000000,?), ref: 00431D9E
FindClose.KERNEL32(00000000), ref: 00431DDD
FindClose.KERNEL32(00000000), ref: 00431E10

Memory Dump Source

Source File: 00000000.00000002.1765381663.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_aNfqvgu.jbxd

Similarity

API ID: Find$CloseFile$FirstNext
String ID:
API String ID: 1164774033-0
Opcode ID: 7dd9bc031336c91102ccb15ddd4bf50045f774fd0fc38338cb05f13f55f7e50c
Instruction ID: 471cc1011e4185f77f53f70926c2ef40dab7a3e46de6db13a16cde3d1662bf68
Opcode Fuzzy Hash: 7dd9bc031336c91102ccb15ddd4bf50045f774fd0fc38338cb05f13f55f7e50c
Instruction Fuzzy Hash: 07710575C441185FDF20AF288C89AAFB7B9AF4D304F1461DBE44897221EB399E819F18

Function 021A1E21 Relevance: 6.2, APIs: 4, Instructions: 206fileCOMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000), ref: 021A1F11
FindNextFileW.KERNEL32(00000000,?), ref: 021A2005
FindClose.KERNEL32(00000000), ref: 021A2044
FindClose.KERNEL32(00000000), ref: 021A2077

Memory Dump Source

Source File: 00000000.00000002.1765588038.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2170000_aNfqvgu.jbxd

Yara matches

Similarity

API ID: Find$CloseFile$FirstNext
String ID:
API String ID: 1164774033-0
Opcode ID: 7dd9bc031336c91102ccb15ddd4bf50045f774fd0fc38338cb05f13f55f7e50c
Instruction ID: f6304f859d06baafd3030f97ff1f6ccf215f3aece14b8cbb0b31def9a324262d
Opcode Fuzzy Hash: 7dd9bc031336c91102ccb15ddd4bf50045f774fd0fc38338cb05f13f55f7e50c
Instruction Fuzzy Hash: BD7104799852A86FDF31EF34CCA9AAABBB9AF45304F1441D9E40D93254DB314E84DF10

Function 0042CB32 Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0042CB3E
IsDebuggerPresent.KERNEL32 ref: 0042CC0A
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0042CC2A
UnhandledExceptionFilter.KERNEL32(?), ref: 0042CC34

Memory Dump Source

Source File: 00000000.00000002.1765381663.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_aNfqvgu.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 0a32ae6df5018c4e9d2e897c4d0c4c3add5bc9dd49ee71876b5e9a2547ad3e9a
Instruction ID: 42faa4f9909b3aef762f1b69cb6fadd3819c4f53252a6b8088f9c2c7ed860dda
Opcode Fuzzy Hash: 0a32ae6df5018c4e9d2e897c4d0c4c3add5bc9dd49ee71876b5e9a2547ad3e9a
Instruction Fuzzy Hash: EC312B75D4522C9BDB20DFA5E9897CDBBB8BF08304F5040EAE40DAB250EB745A84DF09

Function 0219CD99 Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0219CDA5
IsDebuggerPresent.KERNEL32 ref: 0219CE71
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0219CE91
UnhandledExceptionFilter.KERNEL32(?), ref: 0219CE9B

Memory Dump Source

Source File: 00000000.00000002.1765588038.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2170000_aNfqvgu.jbxd

Yara matches

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 0a32ae6df5018c4e9d2e897c4d0c4c3add5bc9dd49ee71876b5e9a2547ad3e9a
Instruction ID: 16d0947a5be7bd29cf1a5b24d3cc2d2873a0b43b527a6eb61b2df956682ef96c
Opcode Fuzzy Hash: 0a32ae6df5018c4e9d2e897c4d0c4c3add5bc9dd49ee71876b5e9a2547ad3e9a
Instruction Fuzzy Hash: 77312979D4521C9BDF20EFA4D989BCDBBB8AF08304F1041AAE44DAB250EB715A84DF45

Function 00431508 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00431600
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 0043160A
UnhandledExceptionFilter.KERNEL32(-00000327,?,?,?,?,?,00000000), ref: 00431617

Memory Dump Source

Source File: 00000000.00000002.1765381663.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_aNfqvgu.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 147832bb287b88a15beb7056b8bcaa81536f4274b3f866e702757040a2f54f19
Instruction ID: ae86be7521b6b59597c4dfc29ab5f864a3d94f5c8c14d9f12b2fd6c106cb2b0a
Opcode Fuzzy Hash: 147832bb287b88a15beb7056b8bcaa81536f4274b3f866e702757040a2f54f19
Instruction Fuzzy Hash: BE31C67490122C9BCB21DF65D9897CDBBB4BF18310F5041EAE41CA6261EB749F858F49

Function 021A176F Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 021A1867
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 021A1871
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 021A187E

Memory Dump Source

Source File: 00000000.00000002.1765588038.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2170000_aNfqvgu.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 147832bb287b88a15beb7056b8bcaa81536f4274b3f866e702757040a2f54f19
Instruction ID: 06a66595c4fa6fb4bff67937f6ca6df0185a76fac568b798de82211194a9691b
Opcode Fuzzy Hash: 147832bb287b88a15beb7056b8bcaa81536f4274b3f866e702757040a2f54f19
Instruction Fuzzy Hash: C131C578941228ABCB21DF64DD88BDDBBB5BF08310F5041EAE41CA7250EB709B858F45

Function 0217092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON

Download Yara Rule

Strings

GetProcAddress., xrefs: 021709DC, 021709DF, 021709E4
., xrefs: 0217095F
l, xrefs: 02170966

Memory Dump Source

Source File: 00000000.00000002.1765588038.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2170000_aNfqvgu.jbxd

Yara matches

Similarity

API ID:
String ID: .$GetProcAddress.$l
API String ID: 0-2784972518
Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction ID: fc65ee4557ce3a06967f569c6f1e3da226a254f70847c988c3dfd9cad9991834
Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction Fuzzy Hash: 783148B6950709DFDB10CF99C880AAEBBF9FF88324F15404AD845A7210D7B1EA45CBA4

Function 004381D2 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,004381CD,?,?,00000008,?,?,00437DCF,00000000), ref: 004383FF

Memory Dump Source

Source File: 00000000.00000002.1765381663.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_aNfqvgu.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: a57a128d1c16c12dcf4902804604208ecf22197fe885c780f8585ef138a26dff
Instruction ID: ad84d1db3417f16a611dee80d1a4d95a75d70bb4da77cef0a64069da59ef5b86
Opcode Fuzzy Hash: a57a128d1c16c12dcf4902804604208ecf22197fe885c780f8585ef138a26dff
Instruction Fuzzy Hash: 21B15A315106099FD715CF28C48AB66BBA0FF48364F25969DF899CF3A1C739D982CB44

Function 021A8439 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,021A8434,?,?,00000008,?,?,021A8036,00000000), ref: 021A8666

Memory Dump Source

Source File: 00000000.00000002.1765588038.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2170000_aNfqvgu.jbxd

Yara matches

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: a57a128d1c16c12dcf4902804604208ecf22197fe885c780f8585ef138a26dff
Instruction ID: 1422dc536f5e3950e4b401451e3ec903fc9556857ae21ea5dfe24f2466eccd8e
Opcode Fuzzy Hash: a57a128d1c16c12dcf4902804604208ecf22197fe885c780f8585ef138a26dff
Instruction Fuzzy Hash: BCB17E75610608DFD719CF28C4AAB657BE1FF05368F2A8658E8D9CF2A1C335D981CB40

Function 0042CDD5 Relevance: 1.6, APIs: 1, Instructions: 147COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0042CDEB

Memory Dump Source

Source File: 00000000.00000002.1765381663.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_aNfqvgu.jbxd

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: 77b3093be1156be3bc706a8abc0d27d42b0644c93a3c5185c8af99966272e9a2
Instruction ID: 4e230acca2c0943960e613f45b8d74b08b3d28c2e242260d3d20a9101a00cee3
Opcode Fuzzy Hash: 77b3093be1156be3bc706a8abc0d27d42b0644c93a3c5185c8af99966272e9a2
Instruction Fuzzy Hash: 4C516BB1A112158FEB24CF59E9957AFB7F0FB88350F65802AD409EB350D3789940CB59

Function 0042CCC5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_0002CCD1,0042C635), ref: 0042CCCA

Memory Dump Source

Source File: 00000000.00000002.1765381663.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_aNfqvgu.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 2ef17a7829592e77de669268fa308c7993c865907c94676bb5a929c7a250335f
Instruction ID: edde5bba0472f2246b45327483f68c3b9c4dae570f80fb26b3fbfc0cc39a0c7e
Opcode Fuzzy Hash: 2ef17a7829592e77de669268fa308c7993c865907c94676bb5a929c7a250335f
Instruction Fuzzy Hash:

Function 0219CF2C Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(0042CCD1,0219C89C), ref: 0219CF31

Memory Dump Source

Source File: 00000000.00000002.1765588038.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2170000_aNfqvgu.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 2ef17a7829592e77de669268fa308c7993c865907c94676bb5a929c7a250335f
Instruction ID: edde5bba0472f2246b45327483f68c3b9c4dae570f80fb26b3fbfc0cc39a0c7e
Opcode Fuzzy Hash: 2ef17a7829592e77de669268fa308c7993c865907c94676bb5a929c7a250335f
Instruction Fuzzy Hash:

Function 0042C231 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1765381663.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_aNfqvgu.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d193c468afbce6fbd9eb4e5394dbbb247effe2f843c3929c2b1e459493df29d4
Instruction ID: c65d13f3938e86a1c1ac9610a8e364237ea661446d7bb90356398c89c9b5cd3b
Opcode Fuzzy Hash: d193c468afbce6fbd9eb4e5394dbbb247effe2f843c3929c2b1e459493df29d4
Instruction Fuzzy Hash: BF51C3206182E64ED31D8A3D58A5139FFE0AB96101F4C87EFE9DADB383C428C945C7B1

Function 0219C498 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1765588038.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2170000_aNfqvgu.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d193c468afbce6fbd9eb4e5394dbbb247effe2f843c3929c2b1e459493df29d4
Instruction ID: 3ac4c5bf795dee64924229528db4410fdfe704f71607b053ce8bc87775045fc6
Opcode Fuzzy Hash: d193c468afbce6fbd9eb4e5394dbbb247effe2f843c3929c2b1e459493df29d4
Instruction Fuzzy Hash: 8B51A3202182E64ED31D8A3D58A5539FFE1AB96101F4C87EEE9DACB383C428C555C7A1

Function 0042C400 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1765381663.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_aNfqvgu.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94a5601144706b6f3443770d4d999911805d9ed5dd19e39bfe06ad26875fec32
Instruction ID: e7de1f71a5d65e498c01162ad52c815fa767125d8db88433021dc05d342508ba
Opcode Fuzzy Hash: 94a5601144706b6f3443770d4d999911805d9ed5dd19e39bfe06ad26875fec32
Instruction Fuzzy Hash: C03172205040A50EEB6D873E4879139FFE1AA8920274983AFE5FBCA1C2D55CC545DBB0

Function 0219C667 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1765588038.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2170000_aNfqvgu.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94a5601144706b6f3443770d4d999911805d9ed5dd19e39bfe06ad26875fec32
Instruction ID: e79df3f4d6be030ee9e4439b957150f4a4fc8f50676177ec56e1fe118cd1498f
Opcode Fuzzy Hash: 94a5601144706b6f3443770d4d999911805d9ed5dd19e39bfe06ad26875fec32
Instruction Fuzzy Hash: 253183605040A50EEB6D873E4879139FFE1AA8920274943AFE5FBCA1C2D55CC545DBB0

Function 006E9D23 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1747202676.00000000006E9000.00000040.00000020.00020000.00000000.sdmp, Offset: 006E9000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6e9000_aNfqvgu.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction ID: 83b2dffefe62255fbe76f8cd2dc8abc450553faae582ec757d368147de4e536d
Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction Fuzzy Hash: E41170723416109FD754DE56DC81EA673EAEF89320B298055ED04CB352D675EC42C760

Function 02170D90 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1765588038.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2170000_aNfqvgu.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction ID: 5edd786cd43c79b7283201332adfa0d70d5c543a0a79b86af67657a73ec68d09
Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction Fuzzy Hash: C7012672A507008FDF21CF60C804BAA33F5FBCA206F1540B9D90AD7381E770A841CB80

Function 00439277 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1739929212.0000000000439000.00000040.00000001.01000000.00000003.sdmp, Offset: 00439000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_439000_aNfqvgu.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
Instruction ID: 7675036b0cbaeec3b79254137bf16d4b44bb9a97824819e20ca5cf47a51b5ef9
Opcode Fuzzy Hash: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
Instruction Fuzzy Hash: 0DF0C279A00A00EF8714DF4AC544C9777F6EB88710F2549D6E4049B320D3F4DD44CB54

Function 00439277 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1765381663.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_aNfqvgu.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
Instruction ID: 7675036b0cbaeec3b79254137bf16d4b44bb9a97824819e20ca5cf47a51b5ef9
Opcode Fuzzy Hash: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
Instruction Fuzzy Hash: 0DF0C279A00A00EF8714DF4AC544C9777F6EB88710F2549D6E4049B320D3F4DD44CB54

Function 004378C3 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMON

Download Yara Rule

APIs

DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,0043722F), ref: 004378DC

Strings

exp, xrefs: 0043795B, 004379C0
log10, xrefs: 0043791E, 0043792D
acos, xrefs: 00437A12
asin, xrefs: 00437A09
pow, xrefs: 0043797A, 00437A24, 00437A71
log, xrefs: 00437939, 00437948
sqrt, xrefs: 00437A1B

Memory Dump Source

Source File: 00000000.00000002.1765381663.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_aNfqvgu.jbxd

Similarity

API ID: DecodePointer
String ID: acos$asin$exp$log$log10$pow$sqrt
API String ID: 3527080286-3064271455
Opcode ID: 791412bdd8908b3afe492d2992d678c69540c7ca568271baefb7fc38a389ac3a
Instruction ID: c44c5b8514d1aa23157313693abc2c0029e949ab2c4641301568c17ff8061e4e
Opcode Fuzzy Hash: 791412bdd8908b3afe492d2992d678c69540c7ca568271baefb7fc38a389ac3a
Instruction Fuzzy Hash: E3519DF0908A0ACBEF20AF98E84C1AEBFB0FF09314F119157D4C1A6264D7788A15DF59

Function 0042E841 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 0042E960
___TypeMatch.LIBVCRUNTIME ref: 0042EA6E
_UnwindNestedFrames.LIBCMT ref: 0042EBC0
CallUnexpected.LIBVCRUNTIME ref: 0042EBDB

Strings

csm, xrefs: 0042E8EB
csm, xrefs: 0042E997
csm, xrefs: 0042E87E

Memory Dump Source

Source File: 00000000.00000002.1765381663.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_aNfqvgu.jbxd

Similarity

API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2751267872-393685449
Opcode ID: a65231c7224523d78c135119b38e93c421f23d8deef9d53e41ae7645979b48cb
Instruction ID: 76a96f9c105297bffa1ec5f26c5fbed64ee5ac1727e0173b64fd743f997f4b24
Opcode Fuzzy Hash: a65231c7224523d78c135119b38e93c421f23d8deef9d53e41ae7645979b48cb
Instruction Fuzzy Hash: 64B19D71E00229DFCF14DFA6E8419AEBB75FF14314B94456BE801AB212C339EA51CF99

Function 0219EAA8 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 0219EBC7
___TypeMatch.LIBVCRUNTIME ref: 0219ECD5
_UnwindNestedFrames.LIBCMT ref: 0219EE27
CallUnexpected.LIBVCRUNTIME ref: 0219EE42

Strings

csm, xrefs: 0219EAE5
csm, xrefs: 0219EB52
csm, xrefs: 0219EBFE

Memory Dump Source

Source File: 00000000.00000002.1765588038.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2170000_aNfqvgu.jbxd

Yara matches

Similarity

API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2751267872-393685449
Opcode ID: a65231c7224523d78c135119b38e93c421f23d8deef9d53e41ae7645979b48cb
Instruction ID: c2432adf58b1db4bf37048ef50c0a21d424ddc4cd097270a2d65640ba35159bc
Opcode Fuzzy Hash: a65231c7224523d78c135119b38e93c421f23d8deef9d53e41ae7645979b48cb
Instruction Fuzzy Hash: E9B17171940219EFCF25DF98C880AAEB7B6FF04314F14456BE8126B215D732EA51CF91

Function 0219C29A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 172memoryCOMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 0219C2B4
RtlAllocateHeap.NTDLL(?,00000008,00000001), ref: 0219C2D0
_strlen.LIBCMT ref: 0219C2F7
___from_strstr_to_strchr.LIBCMT ref: 0219C37F
HeapFree.KERNEL32(?,00000000,00000000,?,00000000), ref: 0219C44B

Strings

!?#$%&()*+-,/:;<>=@[\]^`{|}~, xrefs: 0219C33B, 0219C37E, 0219C41A, 0219C423

Memory Dump Source

Source File: 00000000.00000002.1765588038.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2170000_aNfqvgu.jbxd

Yara matches

Similarity

API ID: Heap_strlen$AllocateFree___from_strstr_to_strchr
String ID: !?#$%&()*+-,/:;<>=@[\]^`{|}~
API String ID: 1213348923-2271055266
Opcode ID: 18ba3ee87ac263ca046d0cc64a6699f702523e87a887ffd6cf0ee4ead859b1c6
Instruction ID: 058504232f61862c7e4ff0b5859eb695f1fbea338a97868a15e57344973beba3
Opcode Fuzzy Hash: 18ba3ee87ac263ca046d0cc64a6699f702523e87a887ffd6cf0ee4ead859b1c6
Instruction Fuzzy Hash: 94512B716882448FEB20CE19C4407BBB7E6EF9E798FC4046BD5D58B601D325EA06C7D9

Function 0042D940 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 0042D977
___except_validate_context_record.LIBVCRUNTIME ref: 0042D97F
_ValidateLocalCookies.LIBCMT ref: 0042DA08
__IsNonwritableInCurrentImage.LIBCMT ref: 0042DA33
_ValidateLocalCookies.LIBCMT ref: 0042DA88

Strings

csm, xrefs: 0042DA1D

Memory Dump Source

Source File: 00000000.00000002.1765381663.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_aNfqvgu.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 727bd755396df652e1a708ec171ae51c463fec0952143e88064398cf5f6b08bc
Instruction ID: c3ff90e6c98b77f7825d4f6483462e13c2c6f666ebbe1c2a106e591db53f6d38
Opcode Fuzzy Hash: 727bd755396df652e1a708ec171ae51c463fec0952143e88064398cf5f6b08bc
Instruction Fuzzy Hash: 7941C534F002289BCF10DF69E885A9FBBB1AF45314F64805BF819AB352C739D951CB99

Function 00433A48 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,00433B57,004343DB,?,00000000,00000000,00000000,?,00433CD0,00000022,FlsSetValue,004740A0,004740A8,00000000), ref: 00433B09

Strings

ext-ms-, xrefs: 00433AB3
api-ms-, xrefs: 00433A9F

Memory Dump Source

Source File: 00000000.00000002.1765381663.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_aNfqvgu.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: 2b9994b2bbd4ec7bb9f69d4717ff7e2925b3815c011d12a359ccfcec31050e2c
Instruction ID: 701d92ca15afa7f270cc4f408c9fe8fc21a2fe6e402611b2d20f0705e1605e89
Opcode Fuzzy Hash: 2b9994b2bbd4ec7bb9f69d4717ff7e2925b3815c011d12a359ccfcec31050e2c
Instruction Fuzzy Hash: 7421E731A04211ABDB21FF24AC41A5B7B68DB49761F251222FD46A7391DB78EF00C6D8

Function 0042DE91 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,0042DE88,0042DCBC,0042CD15), ref: 0042DE9F
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0042DEAD
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0042DEC6
SetLastError.KERNEL32(00000000,0042DE88,0042DCBC,0042CD15), ref: 0042DF18

Memory Dump Source

Source File: 00000000.00000002.1765381663.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_aNfqvgu.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: c3eb6bf0a7234faedb7c0a201c394f7478a2313920b75adf210bd18b39fa6472
Instruction ID: 4c524e6e54e895b205e2a647cd7641f8164f43047676a93b51c3844bd5b636a9
Opcode Fuzzy Hash: c3eb6bf0a7234faedb7c0a201c394f7478a2313920b75adf210bd18b39fa6472
Instruction Fuzzy Hash: 89016432B082315EB62433B27C8587B27A4DB56378762033FF128852E0EF284C66A14E

Function 0219E0F8 Relevance: 9.1, APIs: 6, Instructions: 60COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,0219E0EF,0219DF23,0219CF7C), ref: 0219E106
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0219E114
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0219E12D
SetLastError.KERNEL32(00000000,0219E0EF,0219DF23,0219CF7C), ref: 0219E17F

Memory Dump Source

Source File: 00000000.00000002.1765588038.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2170000_aNfqvgu.jbxd

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: c3eb6bf0a7234faedb7c0a201c394f7478a2313920b75adf210bd18b39fa6472
Instruction ID: 0c71a86ee6ff280ebffbba7c9a5bb44a1eaa46d1f8a52e3b74e21a4ddcb4a4bc
Opcode Fuzzy Hash: c3eb6bf0a7234faedb7c0a201c394f7478a2313920b75adf210bd18b39fa6472
Instruction Fuzzy Hash: 2501F7322C93115EFF38B7B4EC84A6B2796EB46B75721023FE524861F0EF128C569D45

Function 0043200D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON

Download Yara Rule

Strings

C:\Users\user\Desktop\aNfqvgu.exe, xrefs: 00432029

Memory Dump Source

Source File: 00000000.00000002.1765381663.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_aNfqvgu.jbxd

Similarity

API ID:
String ID: C:\Users\user\Desktop\aNfqvgu.exe
API String ID: 0-3774947778
Opcode ID: af959c50f9ceb22731f565f3fb959b59621721a55135329773564823bcb7b730
Instruction ID: ad3e3ed31c10cde0997af27abe55d792c07127680f7ced24e6d8497351ae1d10
Opcode Fuzzy Hash: af959c50f9ceb22731f565f3fb959b59621721a55135329773564823bcb7b730
Instruction Fuzzy Hash: 1B21F971200216AFDB28AF72CE4196B7779FF08368F10551BFA159B251D778EC05C768

Function 021A2274 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON

Download Yara Rule

Strings

C:\Users\user\Desktop\aNfqvgu.exe, xrefs: 021A2290

Memory Dump Source

Source File: 00000000.00000002.1765588038.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2170000_aNfqvgu.jbxd

Yara matches

Similarity

API ID:
String ID: C:\Users\user\Desktop\aNfqvgu.exe
API String ID: 0-3774947778
Opcode ID: af959c50f9ceb22731f565f3fb959b59621721a55135329773564823bcb7b730
Instruction ID: bc741f58f66e144f0cdef7d00aeff3e098bd7164b67113bca34f4791d2dce21b
Opcode Fuzzy Hash: af959c50f9ceb22731f565f3fb959b59621721a55135329773564823bcb7b730
Instruction Fuzzy Hash: 9121E479280205AFDB20EF75CCA0AAB77AAEF1A3647008529FD24D7650D731ED00CBA0

Function 0043001E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,BBA39A9D,?,?,00000000,00438ADF,000000FF,?,0042FFFA,00000002,?,0042FFCB,00430877), ref: 00430053
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00430065
FreeLibrary.KERNEL32(00000000,?,?,00000000,00438ADF,000000FF,?,0042FFFA,00000002,?,0042FFCB,00430877), ref: 00430087

Strings

CorExitProcess, xrefs: 0043005D
mscoree.dll, xrefs: 0043004C

Memory Dump Source

Source File: 00000000.00000002.1765381663.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_aNfqvgu.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 65f550cb3e6f7ffa6512f9fcd5b93e87532d598a35e95b34558b3b73d281781c
Instruction ID: 9ddb27ef9bb45fbe9de7f2c848ff8ceee15d63003235df1ee0023fccde4d79f4
Opcode Fuzzy Hash: 65f550cb3e6f7ffa6512f9fcd5b93e87532d598a35e95b34558b3b73d281781c
Instruction Fuzzy Hash: 0C01A735900659EFDB259F50DC05BAFB7B9FB09B10F004626F811A2290DBB89C00CA58

Function 00430BA2 Relevance: 7.7, APIs: 5, Instructions: 197COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00430C27
__alloca_probe_16.LIBCMT ref: 00430CF0
__freea.LIBCMT ref: 00430D57

Part of subcall function 00433511: HeapAlloc.KERNEL32(00000000,00432586,?,?,00432586,00000220,?,00000000,?), ref: 00433543

__freea.LIBCMT ref: 00430D6A
__freea.LIBCMT ref: 00430D77

Memory Dump Source

Source File: 00000000.00000002.1765381663.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_aNfqvgu.jbxd

Similarity

API ID: __freea$__alloca_probe_16$AllocHeap
String ID:
API String ID: 1096550386-0
Opcode ID: 3230ddc416008924cf0954a4264170ddc79692ceb8cb15dab18b7fb941252935
Instruction ID: eace223344cde17d2edb028cd1fdc56d7f0f867d81659f41c1869f0ae689ef47
Opcode Fuzzy Hash: 3230ddc416008924cf0954a4264170ddc79692ceb8cb15dab18b7fb941252935
Instruction Fuzzy Hash: 1251B571600206AFEB215FA5CC51EBB77E9DF48B14F15122EFD04D6251EB38ED50C668

Function 0042BCD2 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 132memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0042C033: HeapAlloc.KERNEL32(?,00000008,00000001,?,00000000), ref: 0042C069
Part of subcall function 0042C033: _strlen.LIBCMT ref: 0042C090
Part of subcall function 0042C033: RtlFreeHeap.NTDLL(?,00000000,00000000,?,00000000), ref: 0042C1E4

HeapAlloc.KERNEL32(00000000,00000008,?), ref: 0042BD27
HeapAlloc.KERNEL32(00000000,00000008,00000015), ref: 0042BDCE
HeapAlloc.KERNEL32(00000000,00000008,?), ref: 0042BE13

Part of subcall function 0042BFEB: HeapAlloc.KERNEL32(?,00000008,00000010,?,0042BF7F,?,0042BC80,00000000), ref: 0042BFF6

HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0042BE54

Strings

H`E, xrefs: 0042BD05

Memory Dump Source

Source File: 00000000.00000002.1765381663.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_aNfqvgu.jbxd

Similarity

API ID: Heap$Alloc$Free$_strlen
String ID: H`E
API String ID: 2043604496-3800292306
Opcode ID: 6c8f0c34e0a748ada23f9682636e364d14b5594a34bf1f3ad6221a11dd4e9d3e
Instruction ID: 9f7fb62bb3ce8217459da819ea948e7cfebb82f451e23faa5cf46441fed875bc
Opcode Fuzzy Hash: 6c8f0c34e0a748ada23f9682636e364d14b5594a34bf1f3ad6221a11dd4e9d3e
Instruction Fuzzy Hash: 9A41D475600305AFD720DF64EC41F9BB7E8EF44708F44881EFA8992252E779E914CB99

Function 0042E0B3 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,0042E064,00000000,?,0047B508,?,?,?,0042E207,00000004,InitializeCriticalSectionEx,00472CE8,InitializeCriticalSectionEx), ref: 0042E0C0
GetLastError.KERNEL32(?,0042E064,00000000,?,0047B508,?,?,?,0042E207,00000004,InitializeCriticalSectionEx,00472CE8,InitializeCriticalSectionEx,00000000,?,0042DF87), ref: 0042E0CA
LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 0042E0F2

Strings

api-ms-, xrefs: 0042E0D7

Memory Dump Source

Source File: 00000000.00000002.1765381663.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_aNfqvgu.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: e97cb8aef0451175157745688cbe99fad46fbc073c2e7ab4228f61846e837a09
Instruction ID: a9f9758dc7447ee91e21cc9657b3a9e7bcae6e54e9dde0c25938df980e33f7bf
Opcode Fuzzy Hash: e97cb8aef0451175157745688cbe99fad46fbc073c2e7ab4228f61846e837a09
Instruction Fuzzy Hash: 8DE01230340325B7EF205B52ED06B5A3A65AB11B51F508031FA0DE41A1DFE59961954C

Function 004355A9 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(BBA39A9D,00000000,00000000,?), ref: 0043560C

Part of subcall function 00432BDB: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00430D4D,?,00000000,-00000008), ref: 00432C3C

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0043585E
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 004358A4
GetLastError.KERNEL32 ref: 00435947

Memory Dump Source

Source File: 00000000.00000002.1765381663.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_aNfqvgu.jbxd

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: b4cbff27fd4ab21845aba02c09109cc48990d3ec193e972a02813d8f5f450ba4
Instruction ID: 51e358ba8c1ceb706a909722da25d8c7b1e269b7874c46722394f45778562d45
Opcode Fuzzy Hash: b4cbff27fd4ab21845aba02c09109cc48990d3ec193e972a02813d8f5f450ba4
Instruction Fuzzy Hash: 99D18BB5D00648DFCB14CFA8D880AAEBBB9FF0D314F25452AE45AEB351D734A942CB54

Function 021A5810 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(0047A8A8,00000000,00000000,?), ref: 021A5873

Part of subcall function 021A2E42: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,021A0FB4,?,00000000,-00000008), ref: 021A2EA3

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 021A5AC5
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 021A5B0B
GetLastError.KERNEL32 ref: 021A5BAE

Memory Dump Source

Source File: 00000000.00000002.1765588038.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2170000_aNfqvgu.jbxd

Yara matches

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: b4cbff27fd4ab21845aba02c09109cc48990d3ec193e972a02813d8f5f450ba4
Instruction ID: 05edfd8c8a0a7f87317d062e246e8a50bda2e9e7179de7b8d4b34aee0414c04f
Opcode Fuzzy Hash: b4cbff27fd4ab21845aba02c09109cc48990d3ec193e972a02813d8f5f450ba4
Instruction Fuzzy Hash: EDD1ACB9D05248EFCF24CFA8D890AADBBB6FF08314F19416AE556EB351D730A941CB50

Function 0042E5EA Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 0042E6B1
___AdjustPointer.LIBCMT ref: 0042E6D4
___AdjustPointer.LIBCMT ref: 0042E770

Memory Dump Source

Source File: 00000000.00000002.1765381663.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_aNfqvgu.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 893888af18e71582d7d8a6e2594258244a1919dfa8c6d50e086ea7ae5b819a09
Instruction ID: a38d2b6541b71c520280f613d6ec420bae21797082b0ad144b49c478ca17333c
Opcode Fuzzy Hash: 893888af18e71582d7d8a6e2594258244a1919dfa8c6d50e086ea7ae5b819a09
Instruction Fuzzy Hash: 5351E571700226AFDB288F12F841BAB77A5EFA4304F94452FE80557391D779EC81C798

Function 0219E851 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 0219E918
___AdjustPointer.LIBCMT ref: 0219E93B
___AdjustPointer.LIBCMT ref: 0219E9D7

Memory Dump Source

Source File: 00000000.00000002.1765588038.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2170000_aNfqvgu.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 893888af18e71582d7d8a6e2594258244a1919dfa8c6d50e086ea7ae5b819a09
Instruction ID: d9c8b98055a08744b636fdf65d33369b149dc92ddf000d18ff5e17ac0a684bd3
Opcode Fuzzy Hash: 893888af18e71582d7d8a6e2594258244a1919dfa8c6d50e086ea7ae5b819a09
Instruction Fuzzy Hash: 60510572A80202EFEF29DF54D840B7AB7A5FF44714F14452FE915972A0D731E840CB91

Function 0219BF39 Relevance: 6.1, APIs: 4, Instructions: 132memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0219C29A: RtlAllocateHeap.NTDLL(?,00000008,00000001), ref: 0219C2D0
Part of subcall function 0219C29A: _strlen.LIBCMT ref: 0219C2F7
Part of subcall function 0219C29A: HeapFree.KERNEL32(?,00000000,00000000,?,00000000), ref: 0219C44B

RtlAllocateHeap.NTDLL(00000000,00000008,?), ref: 0219BF8E
RtlAllocateHeap.NTDLL(00000000,00000008,00000015), ref: 0219C035
RtlAllocateHeap.NTDLL(00000000,00000008,?), ref: 0219C07A

Part of subcall function 0219C252: RtlAllocateHeap.NTDLL(?,00000008,00000010), ref: 0219C25D

HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0219C0BB

Memory Dump Source

Source File: 00000000.00000002.1765588038.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2170000_aNfqvgu.jbxd

Yara matches

Similarity

API ID: Heap$Allocate$Free$_strlen
String ID:
API String ID: 3997513149-0
Opcode ID: f53d8b809367e930981b9f67468d851460710721d0c2411bbbfb01b5a60a3957
Instruction ID: c2f5e8c29c2633d9c008b1d948fc213caa67531b9a77507afb7869c6e7fc1f7b
Opcode Fuzzy Hash: f53d8b809367e930981b9f67468d851460710721d0c2411bbbfb01b5a60a3957
Instruction Fuzzy Hash: 8D418FBA580305AFDB20DF54DC45F6BB7E8EF48308F08482EF98992241E775E914CB96

Function 004318A9 Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 00432BDB: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00430D4D,?,00000000,-00000008), ref: 00432C3C

GetLastError.KERNEL32 ref: 0043190D
__dosmaperr.LIBCMT ref: 00431914
GetLastError.KERNEL32(?,?,?,?), ref: 0043194E
__dosmaperr.LIBCMT ref: 00431955

Memory Dump Source

Source File: 00000000.00000002.1765381663.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_aNfqvgu.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: d5d81d66b65ad09e41a19373382a09ae2f9af2f18da878edb6234075b2c35934
Instruction ID: b5a63444dd780b6f6c4a24546968ac13a97be2a1639071e31cdd29044f6b5631
Opcode Fuzzy Hash: d5d81d66b65ad09e41a19373382a09ae2f9af2f18da878edb6234075b2c35934
Instruction Fuzzy Hash: 7721C571600605AFDB20AFA2C89196BB7A9EF0C378F10552AF81597260D739EC41C7A8

Function 021A1B10 Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 021A2E42: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,021A0FB4,?,00000000,-00000008), ref: 021A2EA3

GetLastError.KERNEL32 ref: 021A1B74
__dosmaperr.LIBCMT ref: 021A1B7B
GetLastError.KERNEL32(?,?,?,?), ref: 021A1BB5
__dosmaperr.LIBCMT ref: 021A1BBC

Memory Dump Source

Source File: 00000000.00000002.1765588038.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2170000_aNfqvgu.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: d5d81d66b65ad09e41a19373382a09ae2f9af2f18da878edb6234075b2c35934
Instruction ID: e4ca36dd88c5d50ba0782019e30619fbf50d701a1bbcc0e0736249c1b65e8ef8
Opcode Fuzzy Hash: d5d81d66b65ad09e41a19373382a09ae2f9af2f18da878edb6234075b2c35934
Instruction Fuzzy Hash: D421B379681205BF9B34AF7A88A0E6BB7BEEF05364B008518ED2D97510E731EC108B50

Function 00432C7E Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00432C86

Part of subcall function 00432BDB: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00430D4D,?,00000000,-00000008), ref: 00432C3C

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00432CBE
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00432CDE

Memory Dump Source

Source File: 00000000.00000002.1765381663.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_aNfqvgu.jbxd

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: e1d1cfe4224bd6d605f767870ae2c5bad661794c0040ce08366285e2c0b68a1f
Instruction ID: 608a9734fde1ec8eee3d3293c4006d0f06b7e9441533a69e02f1924e93b15e95
Opcode Fuzzy Hash: e1d1cfe4224bd6d605f767870ae2c5bad661794c0040ce08366285e2c0b68a1f
Instruction Fuzzy Hash: 951104B59001157E67112B726E89CAF7A6CDE8D3A9F24212BF40191251FEB8DD0182B9

Function 021A2EE5 Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 021A2EED

Part of subcall function 021A2E42: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,021A0FB4,?,00000000,-00000008), ref: 021A2EA3

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 021A2F25
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 021A2F45

Memory Dump Source

Source File: 00000000.00000002.1765588038.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2170000_aNfqvgu.jbxd

Yara matches

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: e1d1cfe4224bd6d605f767870ae2c5bad661794c0040ce08366285e2c0b68a1f
Instruction ID: 72ab90d71a838e7c578c8544340ff3526f6fb76493a5249c4e7342d2e27088e5
Opcode Fuzzy Hash: e1d1cfe4224bd6d605f767870ae2c5bad661794c0040ce08366285e2c0b68a1f
Instruction Fuzzy Hash: 851145BE9442557F6B1227B15CA8D7F7A6EDE862E47140224FC06D1100EF74DD008BB4

Function 021A3CAF Relevance: 6.1, APIs: 4, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,021A3DBE,021A4642,?,00000000,00000000,00000000,?,021A3F37,00000022,00472CDC,004740A0,004740A8,00000000), ref: 021A3D70

Memory Dump Source

Source File: 00000000.00000002.1765588038.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2170000_aNfqvgu.jbxd

Yara matches

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: 2b9994b2bbd4ec7bb9f69d4717ff7e2925b3815c011d12a359ccfcec31050e2c
Instruction ID: bc62525610d580504d18a1a4e642bdd99e66df906a9dff647907cd8de38ede6b
Opcode Fuzzy Hash: 2b9994b2bbd4ec7bb9f69d4717ff7e2925b3815c011d12a359ccfcec31050e2c
Instruction Fuzzy Hash: AD21DA39A80225EBD7229B34DC60B9B3B58DF42764F250575FD36A7291E731ED00C6E4

Function 00436D66 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,00436520,00000000,00000001,00000000,?,?,0043599B,?,00000000,00000000), ref: 00436D7D
GetLastError.KERNEL32(?,00436520,00000000,00000001,00000000,?,?,0043599B,?,00000000,00000000,?,?,?,00435F3E,00000000), ref: 00436D89

Part of subcall function 00436D4F: CloseHandle.KERNEL32(FFFFFFFE,00436D99,?,00436520,00000000,00000001,00000000,?,?,0043599B,?,00000000,00000000,?,?), ref: 00436D5F

___initconout.LIBCMT ref: 00436D99

Part of subcall function 00436D11: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00436D40,0043650D,?,?,0043599B,?,00000000,00000000,?), ref: 00436D24

WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,00436520,00000000,00000001,00000000,?,?,0043599B,?,00000000,00000000,?), ref: 00436DAE

Memory Dump Source

Source File: 00000000.00000002.1765381663.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_aNfqvgu.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: cf6ea9a65e43c229ecdbaac8f2c98c14aab39449d773b73dc703fe6c6485b977
Instruction ID: 5083f7f303b468fe56f9e97aaa619913868a22d3358b886830ad9e3c2d69f757
Opcode Fuzzy Hash: cf6ea9a65e43c229ecdbaac8f2c98c14aab39449d773b73dc703fe6c6485b977
Instruction Fuzzy Hash: 10F0123660016ABBCF625F91DC05ADB3F26FB09371F018021FE1885130D6328D60EBD8

Function 021A6FCD Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,021A6787,00000000,00000001,00000000,?,?,021A5C02,?,00000000,00000000), ref: 021A6FE4
GetLastError.KERNEL32(?,021A6787,00000000,00000001,00000000,?,?,021A5C02,?,00000000,00000000,?,?,?,021A61A5,00000000), ref: 021A6FF0

Part of subcall function 021A6FB6: CloseHandle.KERNEL32(0047B0F0,021A7000,?,021A6787,00000000,00000001,00000000,?,?,021A5C02,?,00000000,00000000,?,?), ref: 021A6FC6

___initconout.LIBCMT ref: 021A7000

Part of subcall function 021A6F78: CreateFileW.KERNEL32(00476188,40000000,00000003,00000000,00000003,00000000,00000000,021A6FA7,021A6774,?,?,021A5C02,?,00000000,00000000,?), ref: 021A6F8B

WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,021A6787,00000000,00000001,00000000,?,?,021A5C02,?,00000000,00000000,?), ref: 021A7015

Memory Dump Source

Source File: 00000000.00000002.1765588038.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2170000_aNfqvgu.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: cf6ea9a65e43c229ecdbaac8f2c98c14aab39449d773b73dc703fe6c6485b977
Instruction ID: 1a37e8d8e4c13fd2e9e9da428c06ca7ccd3b28ed4a5e41d61951713e4aeefa0e
Opcode Fuzzy Hash: cf6ea9a65e43c229ecdbaac8f2c98c14aab39449d773b73dc703fe6c6485b977
Instruction Fuzzy Hash: 35F0A53A540269BFCF226F95EC19A9A7F26FB0A3B1F044420FA1895160D7328964ABD4

Function 00435E5C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 196fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 004355A9: GetConsoleOutputCP.KERNEL32(BBA39A9D,00000000,00000000,?), ref: 0043560C

WriteFile.KERNEL32(?,?,00000000,?,00000000,?,00000000,00000000,00000000,?,?,00000000,?,?,00434548,?), ref: 00435FE1
GetLastError.KERNEL32(?,?,00434548,?,004343DB,00000000,?,00000000,004343DB,?,?,?,00477898,0000002C,0043444C,?), ref: 00435FEB

Strings

HEC, xrefs: 00435F63, 0043600C

Memory Dump Source

Source File: 00000000.00000002.1765381663.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_aNfqvgu.jbxd

Similarity

API ID: ConsoleErrorFileLastOutputWrite
String ID: HEC
API String ID: 2915228174-3809717760
Opcode ID: 875ed4caef2ba3b8c44ea95059b68dd271ddda11c5d8c5e028be2ec9587d80b8
Instruction ID: 5a8df784fa6fddbf3b6aa5c5635f95a91e4df5003a71c3995b1d26c88b7e0b06
Opcode Fuzzy Hash: 875ed4caef2ba3b8c44ea95059b68dd271ddda11c5d8c5e028be2ec9587d80b8
Instruction Fuzzy Hash: DF61C371C0451AAFDF15DFA8C845AEFBBB9AF0D308F15118AE804A7252D33AD901CB99

Function 0219DBA7 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 0219DBE6
__IsNonwritableInCurrentImage.LIBCMT ref: 0219DC9A

Strings

csm, xrefs: 0219DC84

Memory Dump Source

Source File: 00000000.00000002.1765588038.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2170000_aNfqvgu.jbxd

Yara matches

Similarity

API ID: CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 3480331319-1018135373
Opcode ID: 727bd755396df652e1a708ec171ae51c463fec0952143e88064398cf5f6b08bc
Instruction ID: a07caf1d1d286fe0f6c761e6821ad522ecfbaa4f3cb80879ac60b9e3f905ca6b
Opcode Fuzzy Hash: 727bd755396df652e1a708ec171ae51c463fec0952143e88064398cf5f6b08bc
Instruction Fuzzy Hash: 2A41C634E4020DAFCF10EF68D884A9EBBB6AF45328F14815AEC199B391D771DA51CF91

Function 0042EBE6 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?), ref: 0042EC0B

Strings

MOC, xrefs: 0042EC1D
RCC, xrefs: 0042EC25

Memory Dump Source

Source File: 00000000.00000002.1765381663.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_aNfqvgu.jbxd

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: 60d334a2babda9015152320fb1b56685fe8a5b2565357ad46f9000524526b17b
Instruction ID: f6177e7823097d9f83aa6b0a93fd605ee05562e7b9c8208c8f5f3ed515438118
Opcode Fuzzy Hash: 60d334a2babda9015152320fb1b56685fe8a5b2565357ad46f9000524526b17b
Instruction Fuzzy Hash: 88419D71A00219AFCF15DF96DD81AEEBBB5FF48304F54409AF904B7221D3399950DB58

Function 0219EE4D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlEncodePointer.NTDLL(00000000), ref: 0219EE72

Strings

RCC, xrefs: 0219EE8C
MOC, xrefs: 0219EE84

Memory Dump Source

Source File: 00000000.00000002.1765588038.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2170000_aNfqvgu.jbxd

Yara matches

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: 60d334a2babda9015152320fb1b56685fe8a5b2565357ad46f9000524526b17b
Instruction ID: 181c67e81d882ef6bf5d9dd35d02bc0a81533fc5f7defb6a2526be2c3da0e783
Opcode Fuzzy Hash: 60d334a2babda9015152320fb1b56685fe8a5b2565357ad46f9000524526b17b
Instruction Fuzzy Hash: 1E413872940209AFDF15DFA8CD80AEEBBB6FF48304F18815AF905A7261D335A950DF60

Function 0219C161 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 0219C16A
RtlAllocateHeap.NTDLL(00000000,00000008,00040000), ref: 0219C1BD

Part of subcall function 0219C252: RtlAllocateHeap.NTDLL(?,00000008,00000010), ref: 0219C25D

Strings

P/n, xrefs: 0219C179, 0219C188, 0219C237, 0219C23D, 0219C243

Memory Dump Source

Source File: 00000000.00000002.1765588038.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2170000_aNfqvgu.jbxd

Yara matches

Similarity

API ID: Heap$Allocate$Process
String ID: P/n
API String ID: 980559045-736854928
Opcode ID: d4c341f74e060cd561d315f63606d6c5e1f892c1824839db415b7060855c419f
Instruction ID: 05b7117e5bd59efd0d76de30fc6bc43cb537f74fbed3962b7759beb746f78ff1
Opcode Fuzzy Hash: d4c341f74e060cd561d315f63606d6c5e1f892c1824839db415b7060855c419f
Instruction Fuzzy Hash: 81312A71A40209EFCB10CF99D884BAEBBF4FF49744F10802AE559A7290DB75A945CF98

Function 00433165 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F6), ref: 004331B1
GetFileType.KERNEL32(00000000), ref: 004331C3

Strings

Os, xrefs: 004331F4

Memory Dump Source

Source File: 00000000.00000002.1765381663.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_aNfqvgu.jbxd

Similarity

API ID: FileHandleType
String ID: Os
API String ID: 3000768030-1524426704
Opcode ID: aea4fb0389fee927422bcbf42d67ede117310f5d25c81104cf0ea514fe3eae50
Instruction ID: 956edc9887a254bfb80e8896ae5b9162bae5ae3ef4537c81733dbb0a74847bf7
Opcode Fuzzy Hash: aea4fb0389fee927422bcbf42d67ede117310f5d25c81104cf0ea514fe3eae50
Instruction Fuzzy Hash: 8411D631104B414ADB304F3ECC8C623BE94AB5A336F38175BE4B6866F1C738DA86D249

Function 021A33CC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F6), ref: 021A3418
GetFileType.KERNEL32(00000000), ref: 021A342A

Strings

Os, xrefs: 021A345B

Memory Dump Source

Source File: 00000000.00000002.1765588038.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2170000_aNfqvgu.jbxd

Yara matches

Similarity

API ID: FileHandleType
String ID: Os
API String ID: 3000768030-1524426704
Opcode ID: aea4fb0389fee927422bcbf42d67ede117310f5d25c81104cf0ea514fe3eae50
Instruction ID: 23e824d8f92fdef99ac1f026b3daa86555db6c17bba600ccf15cd358069647cd
Opcode Fuzzy Hash: aea4fb0389fee927422bcbf42d67ede117310f5d25c81104cf0ea514fe3eae50
Instruction Fuzzy Hash: B8113839644B018AC7314E3F8CA8723BE94EB82138B2807AEE5B7C69F2C730D4C5D244

Function 00432A70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 6COMMON

Download Yara Rule

APIs

GetCommandLineA.KERNEL32 ref: 00432A70
GetCommandLineW.KERNEL32 ref: 00432A7B

Strings

P%m, xrefs: 00432A76

Memory Dump Source

Source File: 00000000.00000002.1765381663.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1765381663.0000000000449000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_aNfqvgu.jbxd

Similarity

API ID: CommandLine
String ID: P%m
API String ID: 3253501508-1208826528
Opcode ID: a597d07d965d42cd401fef1423efdcfbbfbb59e3a2a3ba206f6d8b611c6a03dc
Instruction ID: f72c7421ad61c1dad8aee767cf1c89be6c1d89e2eea709b3afb35bcb24f91967
Opcode Fuzzy Hash: a597d07d965d42cd401fef1423efdcfbbfbb59e3a2a3ba206f6d8b611c6a03dc
Instruction Fuzzy Hash: 3FB0027C8017008FCB489FB5BD5C2453BF0F69960239098B6D619C37A4D7394485EF58

Function 021A2CD7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 6COMMON

Download Yara Rule

APIs

GetCommandLineA.KERNEL32 ref: 021A2CD7
GetCommandLineW.KERNEL32 ref: 021A2CE2

Strings

P%m, xrefs: 021A2CDD

Memory Dump Source

Source File: 00000000.00000002.1765588038.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2170000_aNfqvgu.jbxd

Yara matches

Similarity

API ID: CommandLine
String ID: P%m
API String ID: 3253501508-1208826528
Opcode ID: a597d07d965d42cd401fef1423efdcfbbfbb59e3a2a3ba206f6d8b611c6a03dc
Instruction ID: f72c7421ad61c1dad8aee767cf1c89be6c1d89e2eea709b3afb35bcb24f91967
Opcode Fuzzy Hash: a597d07d965d42cd401fef1423efdcfbbfbb59e3a2a3ba206f6d8b611c6a03dc
Instruction Fuzzy Hash: 3FB0027C8017008FCB489FB5BD5C2453BF0F69960239098B6D619C37A4D7394485EF58

Analysis Process: svchost.exePID: 5480, Parent PID: 2588COMMON

Executed Functions

Function 027002D8 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 169memoryfileCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 02700326

Part of subcall function 027000A4: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 027000CD
Part of subcall function 027000A4: VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 02700279

VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 02700378
VirtualProtect.KERNELBASE(0000002C,?,00000040,?), ref: 027003E7
VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 02700407
MapViewOfFile.KERNELBASE(?,00000004,00000000,00000000,00000000), ref: 0270042E
VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 02700456
CloseHandle.KERNELBASE(?), ref: 02700471

Strings

,, xrefs: 02700356

Memory Dump Source

Source File: 00000001.00000003.1749728187.0000000002700000.00000040.00000001.00020000.00000000.sdmp, Offset: 02700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_3_2700000_svchost.jbxd

Similarity

API ID: Virtual$Alloc$Free$CloseFileHandleProtectView
String ID: ,
API String ID: 3867569247-3772416878
Opcode ID: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
Instruction ID: 1d4ebcb6406d0b945b0efd6738b568fd0f05e1f024c6a6a0c846e421a5a82585
Opcode Fuzzy Hash: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
Instruction Fuzzy Hash: 30611AB5900209EFDB21DFA5C884B9EBBF9FF09364F10841AF959A7280D730A944CF64

Function 027000A4 Relevance: 2.7, APIs: 2, Instructions: 163memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 027000CD
VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 02700279

Memory Dump Source

Source File: 00000001.00000003.1749728187.0000000002700000.00000040.00000001.00020000.00000000.sdmp, Offset: 02700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_3_2700000_svchost.jbxd

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
Instruction ID: 0b597abd8d199269024353a473aa10be9b0310748860a5eee0a5b6a680a046c1
Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
Instruction Fuzzy Hash: C9717B75A04249DFDB41CF98C981BEEBBF0AB09325F244095E4A5FB281C334AA95CF65

Function 02700230 Relevance: 1.3, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 02700279

Memory Dump Source

Source File: 00000001.00000003.1749728187.0000000002700000.00000040.00000001.00020000.00000000.sdmp, Offset: 02700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_3_2700000_svchost.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 72cd1d773d33be3c714891ca11413f6904648207820b321c7b6ca4a788c60533
Instruction ID: 4e2c29adcad50dc2f5dda5d725e69fc13b88ae44da69747e05d74c45a3c0d4f3
Opcode Fuzzy Hash: 72cd1d773d33be3c714891ca11413f6904648207820b321c7b6ca4a788c60533
Instruction Fuzzy Hash: EDF0AF34A0424AEFCB41CF98C9C1BAEBBF1AB18314F204191E895F7290D770EE55CB61

Analysis Process: fontdrvhost.exePID: 5244, Parent PID: 2588COMMON

Execution Graph

Execution Coverage:	33.4%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	83.3%
Total number of Nodes:	24
Total number of Limit Nodes:	0

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 0000016CDEDA1CF4 Relevance: 3.3, APIs: 2, Instructions: 278
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAcceptConnectPort.NTDLL ref: 0000016CDEDA1F92
CloseHandle.KERNELBASE ref: 0000016CDEDA1F9B

Memory Dump Source

Source File: 00000006.00000002.1991591004.0000016CDEDA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000016CDEDA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_16cdeda0000_fontdrvhost.jbxd

Similarity

API ID: AcceptCloseConnectHandlePort
String ID:
API String ID: 3811980168-0
Opcode ID: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
Instruction ID: 56400616da98e26e140ae4264183ca9b52ec4774806f78922f82e3995b9e9811
Opcode Fuzzy Hash: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
Instruction Fuzzy Hash: 4B91B271508E188FDB64EF58C8817F573E1FBA8710F14466EE4CBC7296EA35A9428BC1

Function 0000016CDEDA0AC8 Relevance: 3.2, APIs: 2, Instructions: 185
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAcceptConnectPort.NTDLL ref: 0000016CDEDA0C14
NtAcceptConnectPort.NTDLL ref: 0000016CDEDA0C5E

Memory Dump Source

Source File: 00000006.00000002.1991591004.0000016CDEDA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000016CDEDA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_16cdeda0000_fontdrvhost.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: 275693e7d66e5d53f7e2184dfa7c88ce453f9d9d0d3e8ba4525500231a394657
Instruction ID: 1117be49955a8650a712bd0fa84a8de05cb911a8420e9240bc1c67d76fbd6ada
Opcode Fuzzy Hash: 275693e7d66e5d53f7e2184dfa7c88ce453f9d9d0d3e8ba4525500231a394657
Instruction Fuzzy Hash: D2512430918A650AE32CA67888E52B8B7D0F7DA709F34056ED0F3C5193ED26C6468BC2

Function 0000016CDEDA1AA4 Relevance: 3.2, APIs: 2, Instructions: 150
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAcceptConnectPort.NTDLL ref: 0000016CDEDA1AE9

Part of subcall function 0000016CDEDA1870: GetProcessMitigationPolicy.KERNELBASE ref: 0000016CDEDA1943

NtAcceptConnectPort.NTDLL ref: 0000016CDEDA1BE3

Memory Dump Source

Source File: 00000006.00000002.1991591004.0000016CDEDA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000016CDEDA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_16cdeda0000_fontdrvhost.jbxd

Similarity

API ID: AcceptConnectPort$MitigationPolicyProcess
String ID:
API String ID: 2923266908-0
Opcode ID: e7c877b781110a0d6e647df344fb2e40eb660a4b7f668a210715c22aed20397b
Instruction ID: 526ccab5b8c02a5254254a82501a8c4f1aa44e08e52e1b764ffff7a920f5bb02
Opcode Fuzzy Hash: e7c877b781110a0d6e647df344fb2e40eb660a4b7f668a210715c22aed20397b
Instruction Fuzzy Hash: EB41E530208B488FDB44DF2C98C97A57BD1EB59320F0443ADE89ACB2D7DA34C54587D5

Function 0000016CDEDA15C0 Relevance: 1.6, APIs: 1, Instructions: 76
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,00000000,0000016CDEDA1E3A), ref: 0000016CDEDA1654

Memory Dump Source

Source File: 00000006.00000002.1991591004.0000016CDEDA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000016CDEDA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_16cdeda0000_fontdrvhost.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
Instruction ID: 600095d584b0e19a895d00cf5551d173f1ed34626f3254fb609cb91a3b469b90
Opcode Fuzzy Hash: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
Instruction Fuzzy Hash: 0F214271508B048FDB54DF58C4C96A5B7E1FBB8705F180A7EE48AC7251DB31D585CB81

Function 0000016CDEDA1870 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessMitigationPolicy.KERNELBASE ref: 0000016CDEDA1943

Memory Dump Source

Source File: 00000006.00000002.1991591004.0000016CDEDA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000016CDEDA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_16cdeda0000_fontdrvhost.jbxd

Similarity

API ID: MitigationPolicyProcess
String ID:
API String ID: 1088084561-0
Opcode ID: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
Instruction ID: e8d2de2dcccd39d6cfe7230cec9c0b2f566daff9fd5c0a6274244e6b25f82737
Opcode Fuzzy Hash: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
Instruction Fuzzy Hash: CF319170140A274AEBB597A88CD47F172D0EBE8720F1401B9C0A5D71D1EE7ACA8DCAC0

Non-executed Functions

Function 0000016CDEDA0511 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1991591004.0000016CDEDA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000016CDEDA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_16cdeda0000_fontdrvhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
Instruction ID: 1684949b0e2b346c4f6e13502068689c61c9b2d028cdf62c4328b71d82623ec0
Opcode Fuzzy Hash: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
Instruction Fuzzy Hash: CFB01130E2AA00C2E3880E0AB8023A0F2B2C30B300F02B2322002F3220CA28CC08028F

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report aNfqvgu.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Rhadamanthys

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fontdrvhost.exe_d32c824e8915b30da4efd4eabd13e74e4ef8c1_ad0be647_33fda9ca-1757-4022-b4c3-b6bea78c4a41\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WER36D2.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3750.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3780.tmp.xml

C:\Windows\appcompat\Programs\Amcache.hve

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Windows Analysis Report
aNfqvgu.exe

Function 0042BEFA Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 86
memoryCOMMON

Function 0217003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515
memoryCOMMON

Function 0042C033 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 172
memoryCOMMON

Function 004392CC Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129
memoryCOMMON

Function 0042BC80 Relevance: 4.5, APIs: 3, Instructions: 30
synchronizationCOMMON

Function 00433C75 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23
COMMONLIBRARYCODE

Function 02170E0F Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Function 00431289 Relevance: 2.6, APIs: 2, Instructions: 67
COMMONLIBRARYCODE

Function 004391B0 Relevance: 1.4, APIs: 1, Instructions: 133
COMMON

Function 00439098 Relevance: 1.3, APIs: 1, Instructions: 30
memoryCOMMON