Edit tour

Linux Analysis Report
index

Overview

General Information

Sample Name:	index
Analysis ID:	881271
MD5:	3a2d1ab69281a2ed28dd9dbeac4a3a90
SHA1:	34e8b29be74ec982fd9d6dce5ca87bc1a7184efe
SHA256:	f876b9a14d9770212b2dea07d2f2f093be8825de4e13bacb68f49ab29bfd8ca6
Infos:

Detection

Score:	68
Range:	0 - 100
Whitelisted:	false

Signatures

Malicious sample detected (through community Yara rule)

Sample deletes itself

Sample contains AV-related strings

Found Tor onion address

Connects to many ports of the same IP (likely port scanning)

May check the online IP address of the machine

Yara signature match

Sample contains strings that are potentially command strings

Sample has stripped symbol table

HTTP GET or POST without a user agent

Reads system information from the proc file system

Uses the "uname" system call to query kernel version information (possible evasion)

Detected TCP or UDP traffic on non-standard ports

Sample listens on a socket

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might not execute correctly on this machine.

General Information

Joe Sandbox Version:	37.1.0 Beryl
Analysis ID:	881271
Start date and time:	2023-06-03 23:15:29 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 7m 6s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample file name:	index
Detection:	MAL
Classification:	mal68.troj.evad.lin@0/3@2/0

Runtime Messages

Command:	/tmp/index
PID:	6231
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	Jun 03 23:16:18.367 [notice] Tor 0.4.6.8-dev running on Linux with Libevent 2.0.22-stable, OpenSSL 1.0.2f, Zlib 1.2.11, Liblzma N/A, Libzstd N/A and Unknown N/A as libc. Jun 03 23:16:18.371 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Jun 03 23:16:18.380 [notice] Read configuration file "./.torrc". Jun 03 23:16:18.384 [notice] Setting tor listening on port 20745. Jun 03 23:16:18.387 [notice] Configuration file "/root/.torrc" not present, using reasonable defaults. Jun 03 23:16:18.436 [warn] You specified a public address '0.0.0.0:94' for SocksPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason. Jun 03 23:16:18.443 [notice] Opening Socks listener on 0.0.0.0:20745 Jun 03 23:16:18.451 [notice] Opened Socks listener connection (ready) on 0.0.0.0:20745 Jun 03 23:16:18.000 [warn] You are running Tor as root. You don't need to, and you probably shouldn't. Jun 03 23:16:18.000 [notice] We were built to run on a 64-bit CPU, with OpenSSL 1.0.1 or later, but with a version of OpenSSL that apparently lacks accelerated support for the NIST P-224 and P-256 groups. Building openssl with such support (using the enable-ec_nistp_64_gcc_128 option when configuring it) would make ECDH much faster. Jun 03 23:16:18.000 [notice] Bootstrapped 0% (starting): Starting Jun 03 23:16:18.000 [notice] Starting with guard context "default" Jun 03 23:16:19.000 [notice] Bootstrapped 5% (conn): Connecting to a relay Jun 03 23:16:19.000 [notice] Bootstrapped 10% (conn_done): Connected to a relay
Standard Error:

Process Tree

system is lnxubuntu20

index (PID: 6231, Parent: 6124, MD5: 02e8e39e1b46472a60d128a6da84a2b8) Arguments: /tmp/index

index New Fork (PID: 6233, Parent: 6231)

index New Fork (PID: 6235, Parent: 6233)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
index	SUSP_ELF_Tor_Client	Detects VPNFilter malware	Florian Roth (Nextron Systems)	0x3ca128:$x1: We needed to load a secret key from %s, but it was encrypted. Try 'tor --keygen' instead, so you can enter the passphrase. 0x386450:$x2: Received a VERSION cell with odd payload length %d; closing connection. 0x354460:$x3: Please upgrade! This version of Tor (%s) is %s, according to the directory authorities. Recommended versions are: %s

Memory Dumps

Source	Rule	Description	Author	Strings
6231.1.0000000000400000.0000000000857000.r-x.sdmp	SUSP_ELF_Tor_Client	Detects VPNFilter malware	Florian Roth (Nextron Systems)	0x3ca128:$x1: We needed to load a secret key from %s, but it was encrypted. Try 'tor --keygen' instead, so you can enter the passphrase. 0x386450:$x2: Received a VERSION cell with odd payload length %d; closing connection. 0x354460:$x3: Please upgrade! This version of Tor (%s) is %s, according to the directory authorities. Recommended versions are: %s
6233.1.0000000000400000.0000000000857000.r-x.sdmp	SUSP_ELF_Tor_Client	Detects VPNFilter malware	Florian Roth (Nextron Systems)	0x3ca128:$x1: We needed to load a secret key from %s, but it was encrypted. Try 'tor --keygen' instead, so you can enter the passphrase. 0x386450:$x2: Received a VERSION cell with odd payload length %d; closing connection. 0x354460:$x3: Please upgrade! This version of Tor (%s) is %s, according to the directory authorities. Recommended versions are: %s

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: unknown	HTTPS traffic detected: 131.188.40.189:443 -> 192.168.2.23:40604 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 193.23.244.244:443 -> 192.168.2.23:53264 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 94.130.53.211:443 -> 192.168.2.23:53304 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.15.242.244:443 -> 192.168.2.23:47378 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.177.206.72:443 -> 192.168.2.23:33460 version: TLS 1.2

Networking

Found Tor onion address

Source: index, 6231.1.0000000000400000.0000000000857000.r-x.sdmp	String found in binary or memory: Unable to read content of %sToken %s not found in file %sToken %s malformed in file %sToken %s has a malformed timestamp in file %sCould not append signature to extra-info descriptor.onionkeyclient_identitykeyCan't read key from "%s"Another Tor process has locked "%s". Not writing any new keys.No key found in "%s"; generating fresh key.onionCouldn't write generated key to "%s".No key found in "%s"Error loading private key.Unexpected tag %s on private key.unknown routerinfo error %d - shouldn't happenlastsecret_onion_key.oldCouldn't unlink old onion key file %s: %ssecret_onion_key_ntor.oldCouldn't unlink old ntor onion key file %s: %sCouldn't compute our own identity key digest.onion-key-rotation-daysonion-key-grace-period-daysError creating TLS context for Tor client.refuseunknownexitsipv6_ap_outThere is no advertised IPv6 ORPort.Unable to use configured IPv6 ORPort "%s" in a descriptor. Skipping it. Try specifying a globally reachable address explicitly.No descriptor; skipping upload!(ASSERT_PREDICT_UNLIKELY_(!addr))assume-reachableassume-reachable-ipv6marked descriptor dirty for unspecified reason!(reason == NULL)secret_onion_keyError constructing rotated onion keyCouldn't rotate onion key.Error generating onion keyCouldn't write generated onion key to "%s".secret_onion_key_ntorCouldn't write curve25519 onion key to "%s".Rotating onion keyrotated onion keysecret_id_keyReading/making identity key "%s"...You are running a new relay. Thanks for helping the Tor network! If you wish to know what will happen in the upcoming weeks regarding its usage, have a look at https://blog.torproject.org/blog/lifecycle-of-a-new-relayReading/making onion key "%s"...set onion keyError initializing TLS contextError writing fingerprint to fileError writing hashed fingerprint to fileError writing ed25519 identity to fileversion listed in consensus is quite oldnot listed in consensuslisted as stale in consensustime for new descriptor!(!server_mode(get_options()))caches-extra-info
Source: index, 6231.1.0000000000400000.0000000000857000.r-x.sdmp	String found in binary or memory: Processing reply for SOCKS stream %lu. Reason: %dNo origin circuit for successful SOCKS stream %lu. Reason: %d(Harmless.) duplicate calls to connection_ap_handshake_socks_reply.error=yes<error>Got called with address of unexpected family %dbase_conn->type == 7stream (marked at %s:%d) sending two socks replies?CircID %u: At an edge. Marking connection for close.conn && entry_conn%p has impossible magic value %u.%p is no longer in circuit_wait. Its current state is %s. Why is it on pending_entry_connections?Found a connection %p that was supposed to be in pending_entry_connections, but wasn't. No worries; adding it.Closing one-hop stream to '%s/%s' because the OR conn just failed.WARNREJECTDANGEROUS_PORT PORT=%d RESULT=%sPort %d listed in RejectPlaintextPorts. Closing.Application request to port %d: this port is commonly used for unencrypted protocols. Please make sure you don't send anything you would mind the rest of the Internet reading!%sGiving up on enclave exit '%s' for destination %s.edge_conn->on_circuitap_conn->socks_request(((ap_conn->socks_request->command)==0x01) \|\| 0)I'm about to ask a node for a connection that I am telling it to fulfil with neither IPv4 nor IPv6. That's not going to work. Did you perhaps ask for an IPv6 address on an IPv4Only port, or vice versa?Sending relay cell %d on circ %u to begin stream %d.!(!base_conn->linked)Address/port sent, ap socket %d, n_circ_id %uSending up to %ld + %ld bytes of queued-up datacirc->base_.purpose == 5((command)==0xF0 \|\| (command)==0xF1)Rejecting ill-formed reverse lookup of %sCouldn't generate reverse lookup hostname of %sSending relay cell to begin stream %d.Address sent for resolve, ap socket %d, n_circ_id %uClient asked for %s:%dThe ".exit" notation is disabled in Tor due to security risks.SOCKS_BAD_HOSTNAME HOSTNAME=%sUnable to automap address %sAutomapping %s to %sMissing mapping for virtual address '%s'. Refusing.Stale automapped address for '%s.exit'. Refusing.Address '%s.exit', with impossible source for the .exit part. Refusing.!automapMalformed exit address '%s.exit'. Refusing.Unrecognized relay in exit address '%s.exit'. Refusing.Excluded relay in exit address '%s.exit'. Refusing.Destination '%s' seems to be an invalid hostname. Failing.Refusing to connect to non-hidden-service hostname or IP address %s because Port has OnionTrafficOnly set (or NoDNSRequest, NoIPv4Traffic, and NoIPv6Traffic).Refusing to connect to hostname %s because Port has NoDNSRequest set.Refusing to connect to IPv4 address %s because Port has NoIPv4Traffic set.Refusing to connect to IPv6 address %s because Port has NoIPv6Traffic set.Application asked to connect to port 0. Refusing.Rejecting request for anonymous connection to private address %s on a TransPort or NATDPort. Possible loop in your NAT rules?%sRejecting SOCKS request for anonymous connection to private address %s.%sRejecting SOCKS request for an IP address family that this listener does not support.Rejecting SOCKS4 request for an IPv6 addre
Source: index, 6231.1.0000000000400000.0000000000857000.r-x.sdmp	String found in binary or memory: u%s must be %d, not %d.%s must be between %d and %d, not %d.src/feature/hs/hs_config.c%s with no preceding %s directiveservice_listCan't parse configuration for onion service: %smsg == NULLBad configuration for onion service: %shs_opts->HiddenServiceDir%s=%s. Configuring...Onion services version 2 are obsolete. Please see https://blog.torproject.org/v2-deprecation-timeline for more details and for instructions on how to transition to version 3.!err_msgHiddenServicePort=%s for %sservice->config.version <= 3Hidden service option %s is incompatible with version %u of service in %sHiddenServcieExportCircuitID%s must be 'haproxy' or 'none'.Service INTRO2 DoS defenses rate set to: %uService INTRO2 DoS defenses burst set to: %uHidden service (%s) with no ports configured.Hidden service DoS defenses burst (%u) can not be smaller than the rate value (%u).Another hidden service is already configured for directory %shs_opts_t25200hs_control_desc_event_requestedhs_control_desc_event_failedhs_control_desc_event_receivedhs_control_desc_event_createdhs_control_desc_event_uploadhs_control_desc_event_uploadedhs_control_desc_event_contenths_control_hspost_commandhs_control_hsfetch_commandonion_pksrc/feature/hs/hs_control.cbase64_blinded_pkhsdir_rshsdir_nodehsdir_id_digestonion_addresshsdir_index!(hs_parse_address(onion_address, &identity_pk, NULL, NULL) < 0)build_descriptor_cookie_keyscert_parse_and_validatecert_parse_and_validatecert_is_validencrypted_data_length_is_validdesc_decode_plaintext_v3desc_decode_plaintext_v3desc_sig_is_validdesc_sig_is_validbuild_secret_databuild_secret_key_iv_macbuild_macencrypt_descriptor_datacompute_padded_plaintext_lengthbuild_plaintext_paddingencrypt_desc_data_and_base64desc_encode_v3desc_encode_v3get_inner_encrypted_layer_plaintextencode_intro_pointencode_link_specifiersencode_legacy_keyget_outer_encrypted_layer_plaintextget_all_auth_client_linesget_auth_client_strdecrypt_desc_layerdecrypt_desc_layerhs_desc_decode_encryptedhs_desc_decode_superencryptedhs_desc_decode_plaintexths_desc_decode_plaintextdesc_decode_superencrypted_v3desc_decrypt_superencrypteddesc_decode_superencrypted_v3desc_decrypt_superencrypteddecode_auth_clienths_desc_plaintext_obj_sizedesc_decode_encrypted_v3desc_decrypt_encrypteddecrypt_descriptor_cookiedesc_decode_encrypted_v3decode_create2_listdecode_create2_listdecode_auth_typedecode_intro_pointsdecode_introduction_pointdecode_introduction_pointdecode_link_specifiersset_intro_point_onion_keyset_intro_point_onion_keydecode_intro_legacy_keydecode_intro_legacy_keyhs_desc_decode_descriptorhs_desc_decode_descriptorhs_desc_encode_descriptorhs_desc_build_authorized_clienths_descriptor_clear_intro_pointssrc/feature/hs/hs_descriptor.cskCertificate for %s couldn't be parsed.Invalid cert type %02x for %s.Signing key is NOT included for %s.Invalid signature for %s: %s (%s)Invalid signature for %s: %sLength of descriptor's encrypted data is too small. Got %lu but minimum value is %ddesc->version >= 3R3_DESC_LIFETIMEServic
Source: index, 6233.1.0000000000400000.0000000000857000.r-x.sdmp	String found in binary or memory: Unable to read content of %sToken %s not found in file %sToken %s malformed in file %sToken %s has a malformed timestamp in file %sCould not append signature to extra-info descriptor.onionkeyclient_identitykeyCan't read key from "%s"Another Tor process has locked "%s". Not writing any new keys.No key found in "%s"; generating fresh key.onionCouldn't write generated key to "%s".No key found in "%s"Error loading private key.Unexpected tag %s on private key.unknown routerinfo error %d - shouldn't happenlastsecret_onion_key.oldCouldn't unlink old onion key file %s: %ssecret_onion_key_ntor.oldCouldn't unlink old ntor onion key file %s: %sCouldn't compute our own identity key digest.onion-key-rotation-daysonion-key-grace-period-daysError creating TLS context for Tor client.refuseunknownexitsipv6_ap_outThere is no advertised IPv6 ORPort.Unable to use configured IPv6 ORPort "%s" in a descriptor. Skipping it. Try specifying a globally reachable address explicitly.No descriptor; skipping upload!(ASSERT_PREDICT_UNLIKELY_(!addr))assume-reachableassume-reachable-ipv6marked descriptor dirty for unspecified reason!(reason == NULL)secret_onion_keyError constructing rotated onion keyCouldn't rotate onion key.Error generating onion keyCouldn't write generated onion key to "%s".secret_onion_key_ntorCouldn't write curve25519 onion key to "%s".Rotating onion keyrotated onion keysecret_id_keyReading/making identity key "%s"...You are running a new relay. Thanks for helping the Tor network! If you wish to know what will happen in the upcoming weeks regarding its usage, have a look at https://blog.torproject.org/blog/lifecycle-of-a-new-relayReading/making onion key "%s"...set onion keyError initializing TLS contextError writing fingerprint to fileError writing hashed fingerprint to fileError writing ed25519 identity to fileversion listed in consensus is quite oldnot listed in consensuslisted as stale in consensustime for new descriptor!(!server_mode(get_options()))caches-extra-info
Source: index, 6233.1.0000000000400000.0000000000857000.r-x.sdmp	String found in binary or memory: Processing reply for SOCKS stream %lu. Reason: %dNo origin circuit for successful SOCKS stream %lu. Reason: %d(Harmless.) duplicate calls to connection_ap_handshake_socks_reply.error=yes<error>Got called with address of unexpected family %dbase_conn->type == 7stream (marked at %s:%d) sending two socks replies?CircID %u: At an edge. Marking connection for close.conn && entry_conn%p has impossible magic value %u.%p is no longer in circuit_wait. Its current state is %s. Why is it on pending_entry_connections?Found a connection %p that was supposed to be in pending_entry_connections, but wasn't. No worries; adding it.Closing one-hop stream to '%s/%s' because the OR conn just failed.WARNREJECTDANGEROUS_PORT PORT=%d RESULT=%sPort %d listed in RejectPlaintextPorts. Closing.Application request to port %d: this port is commonly used for unencrypted protocols. Please make sure you don't send anything you would mind the rest of the Internet reading!%sGiving up on enclave exit '%s' for destination %s.edge_conn->on_circuitap_conn->socks_request(((ap_conn->socks_request->command)==0x01) \|\| 0)I'm about to ask a node for a connection that I am telling it to fulfil with neither IPv4 nor IPv6. That's not going to work. Did you perhaps ask for an IPv6 address on an IPv4Only port, or vice versa?Sending relay cell %d on circ %u to begin stream %d.!(!base_conn->linked)Address/port sent, ap socket %d, n_circ_id %uSending up to %ld + %ld bytes of queued-up datacirc->base_.purpose == 5((command)==0xF0 \|\| (command)==0xF1)Rejecting ill-formed reverse lookup of %sCouldn't generate reverse lookup hostname of %sSending relay cell to begin stream %d.Address sent for resolve, ap socket %d, n_circ_id %uClient asked for %s:%dThe ".exit" notation is disabled in Tor due to security risks.SOCKS_BAD_HOSTNAME HOSTNAME=%sUnable to automap address %sAutomapping %s to %sMissing mapping for virtual address '%s'. Refusing.Stale automapped address for '%s.exit'. Refusing.Address '%s.exit', with impossible source for the .exit part. Refusing.!automapMalformed exit address '%s.exit'. Refusing.Unrecognized relay in exit address '%s.exit'. Refusing.Excluded relay in exit address '%s.exit'. Refusing.Destination '%s' seems to be an invalid hostname. Failing.Refusing to connect to non-hidden-service hostname or IP address %s because Port has OnionTrafficOnly set (or NoDNSRequest, NoIPv4Traffic, and NoIPv6Traffic).Refusing to connect to hostname %s because Port has NoDNSRequest set.Refusing to connect to IPv4 address %s because Port has NoIPv4Traffic set.Refusing to connect to IPv6 address %s because Port has NoIPv6Traffic set.Application asked to connect to port 0. Refusing.Rejecting request for anonymous connection to private address %s on a TransPort or NATDPort. Possible loop in your NAT rules?%sRejecting SOCKS request for anonymous connection to private address %s.%sRejecting SOCKS request for an IP address family that this listener does not support.Rejecting SOCKS4 request for an IPv6 addre
Source: index, 6233.1.0000000000400000.0000000000857000.r-x.sdmp	String found in binary or memory: u%s must be %d, not %d.%s must be between %d and %d, not %d.src/feature/hs/hs_config.c%s with no preceding %s directiveservice_listCan't parse configuration for onion service: %smsg == NULLBad configuration for onion service: %shs_opts->HiddenServiceDir%s=%s. Configuring...Onion services version 2 are obsolete. Please see https://blog.torproject.org/v2-deprecation-timeline for more details and for instructions on how to transition to version 3.!err_msgHiddenServicePort=%s for %sservice->config.version <= 3Hidden service option %s is incompatible with version %u of service in %sHiddenServcieExportCircuitID%s must be 'haproxy' or 'none'.Service INTRO2 DoS defenses rate set to: %uService INTRO2 DoS defenses burst set to: %uHidden service (%s) with no ports configured.Hidden service DoS defenses burst (%u) can not be smaller than the rate value (%u).Another hidden service is already configured for directory %shs_opts_t25200hs_control_desc_event_requestedhs_control_desc_event_failedhs_control_desc_event_receivedhs_control_desc_event_createdhs_control_desc_event_uploadhs_control_desc_event_uploadedhs_control_desc_event_contenths_control_hspost_commandhs_control_hsfetch_commandonion_pksrc/feature/hs/hs_control.cbase64_blinded_pkhsdir_rshsdir_nodehsdir_id_digestonion_addresshsdir_index!(hs_parse_address(onion_address, &identity_pk, NULL, NULL) < 0)build_descriptor_cookie_keyscert_parse_and_validatecert_parse_and_validatecert_is_validencrypted_data_length_is_validdesc_decode_plaintext_v3desc_decode_plaintext_v3desc_sig_is_validdesc_sig_is_validbuild_secret_databuild_secret_key_iv_macbuild_macencrypt_descriptor_datacompute_padded_plaintext_lengthbuild_plaintext_paddingencrypt_desc_data_and_base64desc_encode_v3desc_encode_v3get_inner_encrypted_layer_plaintextencode_intro_pointencode_link_specifiersencode_legacy_keyget_outer_encrypted_layer_plaintextget_all_auth_client_linesget_auth_client_strdecrypt_desc_layerdecrypt_desc_layerhs_desc_decode_encryptedhs_desc_decode_superencryptedhs_desc_decode_plaintexths_desc_decode_plaintextdesc_decode_superencrypted_v3desc_decrypt_superencrypteddesc_decode_superencrypted_v3desc_decrypt_superencrypteddecode_auth_clienths_desc_plaintext_obj_sizedesc_decode_encrypted_v3desc_decrypt_encrypteddecrypt_descriptor_cookiedesc_decode_encrypted_v3decode_create2_listdecode_create2_listdecode_auth_typedecode_intro_pointsdecode_introduction_pointdecode_introduction_pointdecode_link_specifiersset_intro_point_onion_keyset_intro_point_onion_keydecode_intro_legacy_keydecode_intro_legacy_keyhs_desc_decode_descriptorhs_desc_decode_descriptorhs_desc_encode_descriptorhs_desc_build_authorized_clienths_descriptor_clear_intro_pointssrc/feature/hs/hs_descriptor.cskCertificate for %s couldn't be parsed.Invalid cert type %02x for %s.Signing key is NOT included for %s.Invalid signature for %s: %s (%s)Invalid signature for %s: %sLength of descriptor's encrypted data is too small. Got %lu but minimum value is %ddesc->version >= 3R3_DESC_LIFETIMEServic
Source: index	String found in binary or memory: Unable to read content of %sToken %s not found in file %sToken %s malformed in file %sToken %s has a malformed timestamp in file %sCould not append signature to extra-info descriptor.onionkeyclient_identitykeyCan't read key from "%s"Another Tor process has locked "%s". Not writing any new keys.No key found in "%s"; generating fresh key.onionCouldn't write generated key to "%s".No key found in "%s"Error loading private key.Unexpected tag %s on private key.unknown routerinfo error %d - shouldn't happenlastsecret_onion_key.oldCouldn't unlink old onion key file %s: %ssecret_onion_key_ntor.oldCouldn't unlink old ntor onion key file %s: %sCouldn't compute our own identity key digest.onion-key-rotation-daysonion-key-grace-period-daysError creating TLS context for Tor client.refuseunknownexitsipv6_ap_outThere is no advertised IPv6 ORPort.Unable to use configured IPv6 ORPort "%s" in a descriptor. Skipping it. Try specifying a globally reachable address explicitly.No descriptor; skipping upload!(ASSERT_PREDICT_UNLIKELY_(!addr))assume-reachableassume-reachable-ipv6marked descriptor dirty for unspecified reason!(reason == NULL)secret_onion_keyError constructing rotated onion keyCouldn't rotate onion key.Error generating onion keyCouldn't write generated onion key to "%s".secret_onion_key_ntorCouldn't write curve25519 onion key to "%s".Rotating onion keyrotated onion keysecret_id_keyReading/making identity key "%s"...You are running a new relay. Thanks for helping the Tor network! If you wish to know what will happen in the upcoming weeks regarding its usage, have a look at https://blog.torproject.org/blog/lifecycle-of-a-new-relayReading/making onion key "%s"...set onion keyError initializing TLS contextError writing fingerprint to fileError writing hashed fingerprint to fileError writing ed25519 identity to fileversion listed in consensus is quite oldnot listed in consensuslisted as stale in consensustime for new descriptor!(!server_mode(get_options()))caches-extra-info
Source: index	String found in binary or memory: Processing reply for SOCKS stream %lu. Reason: %dNo origin circuit for successful SOCKS stream %lu. Reason: %d(Harmless.) duplicate calls to connection_ap_handshake_socks_reply.error=yes<error>Got called with address of unexpected family %dbase_conn->type == 7stream (marked at %s:%d) sending two socks replies?CircID %u: At an edge. Marking connection for close.conn && entry_conn%p has impossible magic value %u.%p is no longer in circuit_wait. Its current state is %s. Why is it on pending_entry_connections?Found a connection %p that was supposed to be in pending_entry_connections, but wasn't. No worries; adding it.Closing one-hop stream to '%s/%s' because the OR conn just failed.WARNREJECTDANGEROUS_PORT PORT=%d RESULT=%sPort %d listed in RejectPlaintextPorts. Closing.Application request to port %d: this port is commonly used for unencrypted protocols. Please make sure you don't send anything you would mind the rest of the Internet reading!%sGiving up on enclave exit '%s' for destination %s.edge_conn->on_circuitap_conn->socks_request(((ap_conn->socks_request->command)==0x01) \|\| 0)I'm about to ask a node for a connection that I am telling it to fulfil with neither IPv4 nor IPv6. That's not going to work. Did you perhaps ask for an IPv6 address on an IPv4Only port, or vice versa?Sending relay cell %d on circ %u to begin stream %d.!(!base_conn->linked)Address/port sent, ap socket %d, n_circ_id %uSending up to %ld + %ld bytes of queued-up datacirc->base_.purpose == 5((command)==0xF0 \|\| (command)==0xF1)Rejecting ill-formed reverse lookup of %sCouldn't generate reverse lookup hostname of %sSending relay cell to begin stream %d.Address sent for resolve, ap socket %d, n_circ_id %uClient asked for %s:%dThe ".exit" notation is disabled in Tor due to security risks.SOCKS_BAD_HOSTNAME HOSTNAME=%sUnable to automap address %sAutomapping %s to %sMissing mapping for virtual address '%s'. Refusing.Stale automapped address for '%s.exit'. Refusing.Address '%s.exit', with impossible source for the .exit part. Refusing.!automapMalformed exit address '%s.exit'. Refusing.Unrecognized relay in exit address '%s.exit'. Refusing.Excluded relay in exit address '%s.exit'. Refusing.Destination '%s' seems to be an invalid hostname. Failing.Refusing to connect to non-hidden-service hostname or IP address %s because Port has OnionTrafficOnly set (or NoDNSRequest, NoIPv4Traffic, and NoIPv6Traffic).Refusing to connect to hostname %s because Port has NoDNSRequest set.Refusing to connect to IPv4 address %s because Port has NoIPv4Traffic set.Refusing to connect to IPv6 address %s because Port has NoIPv6Traffic set.Application asked to connect to port 0. Refusing.Rejecting request for anonymous connection to private address %s on a TransPort or NATDPort. Possible loop in your NAT rules?%sRejecting SOCKS request for anonymous connection to private address %s.%sRejecting SOCKS request for an IP address family that this listener does not support.Rejecting SOCKS4 request for an IPv6 addre
Source: index	String found in binary or memory: u%s must be %d, not %d.%s must be between %d and %d, not %d.src/feature/hs/hs_config.c%s with no preceding %s directiveservice_listCan't parse configuration for onion service: %smsg == NULLBad configuration for onion service: %shs_opts->HiddenServiceDir%s=%s. Configuring...Onion services version 2 are obsolete. Please see https://blog.torproject.org/v2-deprecation-timeline for more details and for instructions on how to transition to version 3.!err_msgHiddenServicePort=%s for %sservice->config.version <= 3Hidden service option %s is incompatible with version %u of service in %sHiddenServcieExportCircuitID%s must be 'haproxy' or 'none'.Service INTRO2 DoS defenses rate set to: %uService INTRO2 DoS defenses burst set to: %uHidden service (%s) with no ports configured.Hidden service DoS defenses burst (%u) can not be smaller than the rate value (%u).Another hidden service is already configured for directory %shs_opts_t25200hs_control_desc_event_requestedhs_control_desc_event_failedhs_control_desc_event_receivedhs_control_desc_event_createdhs_control_desc_event_uploadhs_control_desc_event_uploadedhs_control_desc_event_contenths_control_hspost_commandhs_control_hsfetch_commandonion_pksrc/feature/hs/hs_control.cbase64_blinded_pkhsdir_rshsdir_nodehsdir_id_digestonion_addresshsdir_index!(hs_parse_address(onion_address, &identity_pk, NULL, NULL) < 0)build_descriptor_cookie_keyscert_parse_and_validatecert_parse_and_validatecert_is_validencrypted_data_length_is_validdesc_decode_plaintext_v3desc_decode_plaintext_v3desc_sig_is_validdesc_sig_is_validbuild_secret_databuild_secret_key_iv_macbuild_macencrypt_descriptor_datacompute_padded_plaintext_lengthbuild_plaintext_paddingencrypt_desc_data_and_base64desc_encode_v3desc_encode_v3get_inner_encrypted_layer_plaintextencode_intro_pointencode_link_specifiersencode_legacy_keyget_outer_encrypted_layer_plaintextget_all_auth_client_linesget_auth_client_strdecrypt_desc_layerdecrypt_desc_layerhs_desc_decode_encryptedhs_desc_decode_superencryptedhs_desc_decode_plaintexths_desc_decode_plaintextdesc_decode_superencrypted_v3desc_decrypt_superencrypteddesc_decode_superencrypted_v3desc_decrypt_superencrypteddecode_auth_clienths_desc_plaintext_obj_sizedesc_decode_encrypted_v3desc_decrypt_encrypteddecrypt_descriptor_cookiedesc_decode_encrypted_v3decode_create2_listdecode_create2_listdecode_auth_typedecode_intro_pointsdecode_introduction_pointdecode_introduction_pointdecode_link_specifiersset_intro_point_onion_keyset_intro_point_onion_keydecode_intro_legacy_keydecode_intro_legacy_keyhs_desc_decode_descriptorhs_desc_decode_descriptorhs_desc_encode_descriptorhs_desc_build_authorized_clienths_descriptor_clear_intro_pointssrc/feature/hs/hs_descriptor.cskCertificate for %s couldn't be parsed.Invalid cert type %02x for %s.Signing key is NOT included for %s.Invalid signature for %s: %s (%s)Invalid signature for %s: %sLength of descriptor's encrypted data is too small. Got %lu but minimum value is %ddesc->version >= 3R3_DESC_LIFETIMEServic

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 102.129.143.43 ports 20745,0,2,4,5,7

May check the online IP address of the machine

Source: unknown	DNS query: name: ipecho.net
Source: unknown	DNS query: name: ipecho.net

Source: global traffic

HTTP traffic detected: GET /plain HTTP/1.1HOST: ipecho.netAccept: */*

Source: global traffic	TCP traffic: 192.168.2.23:43724 -> 84.113.179.53:9001
Source: global traffic	TCP traffic: 192.168.2.23:38944 -> 51.15.177.140:993
Source: global traffic	TCP traffic: 192.168.2.23:57086 -> 95.216.145.127:9001
Source: global traffic	TCP traffic: 192.168.2.23:55294 -> 102.129.143.43:20745
Source: global traffic	TCP traffic: 192.168.2.23:56820 -> 109.92.182.91:9001

Source: /tmp/index (PID: 6235)	Socket: 127.0.0.1::37011			Jump to behavior
Source: /tmp/index (PID: 6235)	Socket: 0.0.0.0::20745			Jump to behavior

Source: unknown

DNS traffic detected: queries for: ipecho.net

Source: unknown	Network traffic detected: HTTP traffic on port 33460 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47378
Source: unknown	Network traffic detected: HTTP traffic on port 56422 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 35614 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55834
Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35614
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56422
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53304
Source: unknown	Network traffic detected: HTTP traffic on port 59632 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 40604
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59632
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53264
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33460
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53304 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53264 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 47378 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 40604 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 104.244.77.250
Source: unknown	TCP traffic detected without corresponding DNS query: 104.244.77.250
Source: unknown	TCP traffic detected without corresponding DNS query: 104.244.77.250
Source: unknown	TCP traffic detected without corresponding DNS query: 84.113.179.53
Source: unknown	TCP traffic detected without corresponding DNS query: 209.141.59.180
Source: unknown	TCP traffic detected without corresponding DNS query: 209.141.59.180
Source: unknown	TCP traffic detected without corresponding DNS query: 209.141.59.180
Source: unknown	TCP traffic detected without corresponding DNS query: 84.113.179.53
Source: unknown	TCP traffic detected without corresponding DNS query: 51.15.177.140
Source: unknown	TCP traffic detected without corresponding DNS query: 84.113.179.53
Source: unknown	TCP traffic detected without corresponding DNS query: 125.212.220.60
Source: unknown	TCP traffic detected without corresponding DNS query: 125.212.220.60
Source: unknown	TCP traffic detected without corresponding DNS query: 125.212.220.60
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.145.127
Source: unknown	TCP traffic detected without corresponding DNS query: 154.35.175.225
Source: unknown	TCP traffic detected without corresponding DNS query: 154.35.175.225
Source: unknown	TCP traffic detected without corresponding DNS query: 154.35.175.225
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.145.127
Source: unknown	TCP traffic detected without corresponding DNS query: 84.113.179.53
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.145.127
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.145.127
Source: unknown	TCP traffic detected without corresponding DNS query: 102.129.143.43
Source: unknown	TCP traffic detected without corresponding DNS query: 102.129.143.43
Source: unknown	TCP traffic detected without corresponding DNS query: 84.113.179.53
Source: unknown	TCP traffic detected without corresponding DNS query: 102.129.143.43
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 102.129.143.43
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.145.127
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 102.129.143.43
Source: unknown	TCP traffic detected without corresponding DNS query: 102.129.143.43
Source: unknown	TCP traffic detected without corresponding DNS query: 102.129.143.43
Source: unknown	TCP traffic detected without corresponding DNS query: 84.113.179.53
Source: unknown	TCP traffic detected without corresponding DNS query: 102.129.143.43
Source: unknown	TCP traffic detected without corresponding DNS query: 102.129.143.43
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.145.127
Source: unknown	TCP traffic detected without corresponding DNS query: 102.129.143.43
Source: unknown	TCP traffic detected without corresponding DNS query: 102.129.143.43
Source: unknown	TCP traffic detected without corresponding DNS query: 102.129.143.43
Source: unknown	TCP traffic detected without corresponding DNS query: 102.129.143.43
Source: unknown	TCP traffic detected without corresponding DNS query: 102.129.143.43
Source: unknown	TCP traffic detected without corresponding DNS query: 102.129.143.43
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 102.129.143.43
Source: unknown	TCP traffic detected without corresponding DNS query: 102.129.143.43
Source: unknown	TCP traffic detected without corresponding DNS query: 102.129.143.43
Source: unknown	TCP traffic detected without corresponding DNS query: 102.129.143.43

Source: global traffic

HTTP traffic detected: GET /plain HTTP/1.1HOST: ipecho.netAccept: */*

Source: index

String found in binary or memory: www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org equals www.yahoo.com (Yahoo)

Source: index	String found in binary or memory: http://HTTP/1.1
Source: index	String found in binary or memory: http://www.openssl.org/support/faq.html
Source: index	String found in binary or memory: http://www.openssl.org/support/faq.htmlH
Source: index	String found in binary or memory: https://2019.www.torproject.org/docs/faq.html.en#WarningsAboutSOCKSandDNSInformationLeaks.%s
Source: index	String found in binary or memory: https://2019.www.torproject.org/docs/faq.html.en#WarningsAboutSOCKSandDNSInformationLeaks.%sDANGEROU
Source: unverified-microdesc-consensus.tmp.12.dr	String found in binary or memory: https://386bsd.net
Source: index	String found in binary or memory: https://blog.torproject.org/blog/lifecycle-of-a-new-relay
Source: index	String found in binary or memory: https://blog.torproject.org/blog/lifecycle-of-a-new-relayReading/making
Source: index	String found in binary or memory: https://blog.torproject.org/v2-deprecation-timeline
Source: index	String found in binary or memory: https://blog.torproject.org/v2-deprecation-timeline.
Source: index	String found in binary or memory: https://blog.torproject.org/v2-deprecation-timeline.Onion
Source: index	String found in binary or memory: https://bugs.torproject.org/tpo/core/tor/14917.
Source: index	String found in binary or memory: https://bugs.torproject.org/tpo/core/tor/21155.
Source: index	String found in binary or memory: https://freehaven.net/anonbib/#hs-attack06
Source: index	String found in binary or memory: https://www.torproject.org/
Source: index	String found in binary or memory: https://www.torproject.org/documentation.html
Source: index	String found in binary or memory: https://www.torproject.org/download/download#warning
Source: index	String found in binary or memory: https://www.torproject.org/download/download#warningbetaThis

Source: unknown	HTTPS traffic detected: 131.188.40.189:443 -> 192.168.2.23:40604 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 193.23.244.244:443 -> 192.168.2.23:53264 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 94.130.53.211:443 -> 192.168.2.23:53304 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.15.242.244:443 -> 192.168.2.23:47378 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.177.206.72:443 -> 192.168.2.23:33460 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: index, type: SAMPLE	Matched rule: Detects VPNFilter malware Author: Florian Roth (Nextron Systems)
Source: 6231.1.0000000000400000.0000000000857000.r-x.sdmp, type: MEMORY	Matched rule: Detects VPNFilter malware Author: Florian Roth (Nextron Systems)
Source: 6233.1.0000000000400000.0000000000857000.r-x.sdmp, type: MEMORY	Matched rule: Detects VPNFilter malware Author: Florian Roth (Nextron Systems)

Source: index, type: SAMPLE	Matched rule: SUSP_ELF_Tor_Client date = 2018-05-24, hash1 = afd281639e26a717aead65b1886f98d6d6c258736016023b4e59de30b7348719, author = Florian Roth (Nextron Systems), description = Detects VPNFilter malware, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 6231.1.0000000000400000.0000000000857000.r-x.sdmp, type: MEMORY	Matched rule: SUSP_ELF_Tor_Client date = 2018-05-24, hash1 = afd281639e26a717aead65b1886f98d6d6c258736016023b4e59de30b7348719, author = Florian Roth (Nextron Systems), description = Detects VPNFilter malware, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 6233.1.0000000000400000.0000000000857000.r-x.sdmp, type: MEMORY	Matched rule: SUSP_ELF_Tor_Client date = 2018-05-24, hash1 = afd281639e26a717aead65b1886f98d6d6c258736016023b4e59de30b7348719, author = Florian Roth (Nextron Systems), description = Detects VPNFilter malware, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE

Source: Initial sample	Potential command found: GET /MzdjMDcz/%s/%s.%s HTTP/1.1
Source: Initial sample	Potential command found: GET %s HTTP/1.1
Source: Initial sample	Potential command found: fmt != mgr->toplevel && ! smartlist_contains(mgr->subconfigs, fmt)
Source: Initial sample	Potential command found: cmp < 0
Source: Initial sample	Potential command found: cmp > 0
Source: Initial sample	Potential command found: top > 0
Source: Initial sample	Potential command found: mod exp crt failed
Source: Initial sample	Potential command found: mod exp failed

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal68.troj.evad.lin@0/3@2/0

Source: /tmp/index (PID: 6235)

Reads from proc file: /proc/meminfo

Jump to behavior

Hooking and other Techniques for Hiding and Protection

Sample deletes itself

Source: /tmp/index (PID: 6231)

File: /tmp/index

Jump to behavior

Source: /tmp/index (PID: 6231)	Queries kernel information via 'uname':			Jump to behavior
Source: /tmp/index (PID: 6235)	Queries kernel information via 'uname':			Jump to behavior

Source: index, 6231.1.0000557148b74000.0000557148c38000.rw-.sdmp, index, 6233.1.0000557148b74000.0000557148c38000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/aarch64
Source: index, 6231.1.00007ffc17dee000.00007ffc17e0f000.rw-.sdmp, index, 6233.1.00007ffc17dee000.00007ffc17e0f000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-aarch64/tmp/indexSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/index
Source: index, 6231.1.0000557148b74000.0000557148c38000.rw-.sdmp, index, 6233.1.0000557148b74000.0000557148c38000.rw-.sdmp	Binary or memory string: HqU1/etc/qemu-binfmt/aarch64O
Source: index, 6231.1.00007ffc17dee000.00007ffc17e0f000.rw-.sdmp, index, 6233.1.00007ffc17dee000.00007ffc17e0f000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-aarch64

Lowering of HIPS / PFW / Operating System Security Settings

Sample contains AV-related strings

Source: index	esets: NOTICECOMPUTEDRESETSUSPENDEDDISCARDRESUMELAUNCHEDSENTCONNECTSENTRESOLVESUCCEEDEDNEWRESOLVEDETACHEDCONTROLLER_WAITBUILTSTATUS_CLIENTSTATUS_SERVERSTATUS_GENERALCIRC_MINORSTREAMORCONNBWNEWDESCADDRMAPDESCCHANGEDSTREAM_BWCLIENTS_SEENBUILDTIMEOUT_SETSIGNALCONF_CHANGEDCONN_BWCELL_STATSCIRC_BWTRANSPORT_LAUNCHEDHS_DESCNETWORK_LIVENESSorconn_target_get_name.onion%s%s%s:%dlen > (1+40+1+19)src/feature/control/control_fmt.cONEHOP_TUNNELIS_INTERNALNEED_CAPACITYNEED_UPTIMEBUILD_FLAGS=%sPURPOSE=%sHS_STATE=%sREND_QUERY=%sSOCKS_USERNAME=%sSOCKS_PASSWORD=%sTRANSHTTPCONNECTMETRICSCLIENT_PROTOCOL=%sNYM_EPOCH=%uSESSION_GROUP=%dDESTPORTDESTADDRSOCKS_USERNAMESOCKS_PASSWORDCLIENT_PROTOCOLCLIENTADDRSESSION_GROUPNYM_EPOCHISO_FIELDS=%sgetinfo_helper_eventsgetinfo_helper_eventsgetinfo_helper_current_consensusmunge_extrainfo_into_routerinfogetinfo_helper_dirgetinfo_helper_dirgetinfo_helper_downloads
Source: index	avgd: BxJNe1GZH3pW6SAvGDQpl9sG7uu/vTFP+lCxukmzxB0DrrDcvorEkKMom7ZCCRvW
Source: unverified-microdesc-consensus.tmp.12.dr	aegis: r tetraegis fcSZ6nK/VT08vRsUkWfqoE/TeqA 2023-06-03 09:06:40 51.77.71.247 9001 0

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	1 Command and Scripting Interpreter	Path Interception	Path Interception	1 Disable or Modify Tools	OS Credential Dumping	111 Security Software Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 File Deletion	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Non-Standard Port	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	1 System Network Configuration Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	2 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	3 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Remote System Discovery	SSH	Keylogging	Data Transfer Size Limits	1 Proxy	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Steganography	Cached Domain Credentials	System Owner/User Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	1 Ingress Tool Transfer	Jamming or Denial of Service		Abuse Accessibility Features

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
index	0%	Virustotal		Browse
index	0%	ReversingLabs

Dropped Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
ipecho.net	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://freehaven.net/anonbib/#hs-attack06	0%	Virustotal		Browse
http://HTTP/1.1	0%	Avira URL Cloud	safe
https://386bsd.net	0%	Virustotal		Browse
https://freehaven.net/anonbib/#hs-attack06	0%	Avira URL Cloud	safe
https://386bsd.net	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
ipecho.net	34.160.111.145	true	true	0%, Virustotal, Browse	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.torproject.org/download/download#warningbetaThis	index	false		high
https://2019.www.torproject.org/docs/faq.html.en#WarningsAboutSOCKSandDNSInformationLeaks.%s	index	false		high
https://2019.www.torproject.org/docs/faq.html.en#WarningsAboutSOCKSandDNSInformationLeaks.%sDANGEROU	index	false		high
https://blog.torproject.org/v2-deprecation-timeline	index	false		high
https://blog.torproject.org/blog/lifecycle-of-a-new-relayReading/making	index	false		high
https://blog.torproject.org/v2-deprecation-timeline.	index	false		high
https://www.torproject.org/documentation.html	index	false		high
https://blog.torproject.org/v2-deprecation-timeline.Onion	index	false		high
https://386bsd.net	unverified-microdesc-consensus.tmp.12.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://freehaven.net/anonbib/#hs-attack06	index	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://HTTP/1.1	index	false	Avira URL Cloud: safe	low
https://bugs.torproject.org/tpo/core/tor/21155.	index	false		high
https://www.torproject.org/download/download#warning	index	false		high
http://www.openssl.org/support/faq.htmlH	index	false		high
https://www.torproject.org/	index	false		high
https://bugs.torproject.org/tpo/core/tor/14917.	index	false		high
http://www.openssl.org/support/faq.html	index	false		high
https://blog.torproject.org/blog/lifecycle-of-a-new-relay	index	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.177.206.72	unknown	Germany	29670	IN-BERLIN-ASIndividualNetworkBerlineVDE	false
102.129.143.43	unknown	South Africa	397727	DELTRACENTRIC-ISP1US	true
94.130.53.211	unknown	Germany	24940	HETZNER-ASDE	false
51.15.177.140	unknown	France	12876	OnlineSASFR	false
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
95.216.145.127	unknown	Germany	24940	HETZNER-ASDE	false
209.141.59.180	unknown	United States	53667	PONYNETUS	false
51.15.242.244	unknown	France	12876	OnlineSASFR	false
104.244.77.250	unknown	United States	53667	PONYNETUS	false
125.212.220.60	unknown	Viet Nam	7552	VIETEL-AS-APViettelGroupVN	false
154.35.175.225	unknown	United States	14987	RETHEMHOSTINGUS	false
131.188.40.189	unknown	Germany	680	DFNVereinzurFoerderungeinesDeutschenForschungsnetzese	false
34.160.111.145	ipecho.net	United States	2686	ATGS-MMD-ASUS	true
109.92.182.91	unknown	Serbia	8400	TELEKOM-ASRS	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
84.113.179.53	unknown	Austria	6830	LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding	false
193.23.244.244	unknown	Germany	50472	CHAOS-ASDE	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
109.202.202.202	Rmmy2h9405.elf	Get hash	malicious	Unknown	Browse
	vAGwpkQPpB.elf	Get hash	malicious	Unknown	Browse
	x86.elf	Get hash	malicious	Unknown	Browse
	mc3Wt7NToH.elf	Get hash	malicious	Mirai	Browse
	H3fXAmtczA.elf	Get hash	malicious	Mirai	Browse
	cctCcjKMV6.elf	Get hash	malicious	Unknown	Browse
	xmuPrP0pyC.elf	Get hash	malicious	Mirai	Browse
	65R7ml3wWC.elf	Get hash	malicious	Unknown	Browse
	yUqrsD3Vn0.elf	Get hash	malicious	Unknown	Browse
	7TScMRK6mK.elf	Get hash	malicious	Mirai	Browse
	uzo5yVHe7h.elf	Get hash	malicious	Mirai	Browse
	hvZd29nBvU.elf	Get hash	malicious	Unknown	Browse
	thUolq6ZVT.elf	Get hash	malicious	Unknown	Browse
	DY0JKb1coK.elf	Get hash	malicious	Unknown	Browse
	1oZERqu8W1.elf	Get hash	malicious	Unknown	Browse
	6iErlYDc2H.elf	Get hash	malicious	Unknown	Browse
	2G8LeFQFB6.elf	Get hash	malicious	Unknown	Browse
	sogGM6r0zL.elf	Get hash	malicious	Unknown	Browse
	ACw0yXiUo5.elf	Get hash	malicious	Unknown	Browse
	c703iIcNc5.elf	Get hash	malicious	Unknown	Browse
95.216.145.127	1.12.2018.js	Get hash	malicious		Browse
51.15.242.244	JNk46WKTxo.exe	Get hash	malicious	CryptOne	Browse
51.15.242.244	demande de prix.exe	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ipecho.net	rcm.exe	Get hash	malicious	Unknown	Browse	34.160.111.145
	purple.exe	Get hash	malicious	Unknown	Browse	34.160.111.145
	https://888.com	Get hash	malicious	Unknown	Browse	34.160.111.145
	UnbanTool.exe	Get hash	malicious	Hog Grabber	Browse	34.160.111.145
	DriverlessEAC.exe	Get hash	malicious	Hog Grabber	Browse	34.160.111.145
	moAlCrbAGm.exe	Get hash	malicious	Hog Grabber	Browse	34.160.111.145
	SecuriteInfo.com.Variant.Application.MSILPerseus.224688.11286.exe	Get hash	malicious	Unknown	Browse	34.160.111.145
	rrZ2mLiN07.exe	Get hash	malicious	AsyncRAT, DcRat, Hog Grabber	Browse	34.117.59.81
	8jYd5qUbHI.exe	Get hash	malicious	AsyncRAT, DcRat, Hog Grabber	Browse	34.117.59.81
	Obfuscated Name.exe	Get hash	malicious	Hog Grabber	Browse	34.117.59.81
	nitro generator.exe	Get hash	malicious	Hog Grabber	Browse	34.117.59.81
	test1.exe	Get hash	malicious	Hog Grabber	Browse	34.117.59.81
	Start.exe	Get hash	malicious	Hog Grabber	Browse	34.117.59.81
	Nitro Gen 6.6v.exe	Get hash	malicious	Hog Grabber	Browse	34.117.59.81
	Evo_Spoofer_V2.exe	Get hash	malicious	Hog Grabber	Browse	34.117.59.81
	nuker.exe.exe	Get hash	malicious	Hog Grabber	Browse	34.117.59.81
	LchoV9NYJA.exe	Get hash	malicious	AsyncRAT, Hog Grabber	Browse	34.117.59.81
	Itroublve.exe	Get hash	malicious	Hog Grabber	Browse	34.117.59.81
	I8QWCkXHxT.exe	Get hash	malicious	Babadeda Hog Grabber LimeRAT	Browse	34.117.59.81
	Dupe.exe	Get hash	malicious	Hog Grabber	Browse	34.117.59.81

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
IN-BERLIN-ASIndividualNetworkBerlineVDE	rt.exe	Get hash	malicious		Browse	217.197.91.145
DELTRACENTRIC-ISP1US	mal.exe	Get hash	malicious	Unknown	Browse	102.129.143.47
	meeting.exe	Get hash	malicious	Unknown	Browse	102.129.143.47
	socialscrapper.exe	Get hash	malicious	Gurcu Stealer	Browse	102.129.143.47
	oHDgvZCRAn.exe	Get hash	malicious	Gurcu Stealer	Browse	102.129.143.47
	SecuriteInfo.com.Trojan.Mardom.ON.24.25444.6656.exe	Get hash	malicious	Gurcu Stealer	Browse	102.129.143.47
	file.exe	Get hash	malicious	Gurcu Stealer	Browse	102.129.143.90
	QTDownloader.exe	Get hash	malicious	Unknown	Browse	102.129.143.44
	QTDownloader.exe	Get hash	malicious	Unknown	Browse	102.129.143.44
	apk20.apk	Get hash	malicious	Unknown	Browse	191.101.131.50
	apk20.apk	Get hash	malicious	Unknown	Browse	191.101.131.50
	DA362DFF8B39C6B4B92387F48F5BEB91CE55DBDF8BFE6.exe	Get hash	malicious	AsyncRAT, RedLine	Browse	102.129.143.61
	myp0912.exe	Get hash	malicious	Unknown	Browse	102.129.143.55
	d1wfq60PsV.exe	Get hash	malicious	SmokeLoader Socelars	Browse	102.129.143.40
	QWMSOP29HJVBSGD.vbs	Get hash	malicious	Unknown	Browse	179.61.237.210
	UGH82MSGHWUSHSDHWQOL.vbs	Get hash	malicious	Unknown	Browse	179.61.237.210
	2Mxp7Z86k3	Get hash	malicious	Mirai	Browse	179.61.245.214
	IxS9niZ4hK.exe	Get hash	malicious	Clipboard Hijacker RedLine SmokeLoader	Browse	5.181.132.165
	YLsKQeak8E.exe	Get hash	malicious	Clipboard Hijacker RedLine SmokeLoader	Browse	5.181.132.165
	k8Ml5Ehv8y.exe	Get hash	malicious	Clipboard Hijacker RedLine SmokeLoader	Browse	5.181.132.165
	maemJQvjqU.exe	Get hash	malicious	Clipboard Hijacker RedLine SmokeLoader	Browse	5.181.132.165
HETZNER-ASDE	3xXTA98A6D.elf	Get hash	malicious	Mirai	Browse	95.217.66.161
	lxykcEZVFQ.elf	Get hash	malicious	Mirai	Browse	95.217.66.195
	BalLH8Tvtr.elf	Get hash	malicious	Mirai	Browse	95.217.66.154
	YX6QtfYohw.elf	Get hash	malicious	Unknown	Browse	94.130.143.146
	100UP.x86.elf	Get hash	malicious	Mirai	Browse	95.217.66.152
	LauncherPC.exe	Get hash	malicious	Vidar	Browse	128.140.84.26
	yvW97t11aH.elf	Get hash	malicious	Unknown	Browse	195.201.79.146
	11sxz0T47m.elf	Get hash	malicious	Unknown	Browse	5.9.29.128
	U1ZCm6qGif.elf	Get hash	malicious	Mirai	Browse	197.242.86.250
	file.exe	Get hash	malicious	Vidar	Browse	128.140.84.26
	http://googlle.com	Get hash	malicious	Unknown	Browse	78.46.152.77
	04174999.exe	Get hash	malicious	Amadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, SmokeLoader, Vidar	Browse	128.140.84.26
	jRnH2Bhcp6.exe	Get hash	malicious	Unknown	Browse	168.119.254.45
	file.exe	Get hash	malicious	Cinoshi Stealer	Browse	195.201.57.90
	mo7VqWIJbs.exe	Get hash	malicious	Amadey, Babuk, Clipboard Hijacker, Djvu, SmokeLoader, Vidar	Browse	128.140.84.26
	3XcUKWHVLD.exe	Get hash	malicious	Raccoon Stealer v2	Browse	91.107.229.39
	https://www.google.com/amp/s/twincitieswebsitedesign.co%2ftask%2ftmp%2fdvdh1cp7%2fbWFyY2VsbG8uaWFjb25vQHBhcnRvdS5ubA==	Get hash	malicious	Unknown	Browse	88.198.33.80
	Tf69031f9d912f35aab68.exe	Get hash	malicious	Gurcu Stealer	Browse	168.119.121.16
	8fuLAgn9uU.exe	Get hash	malicious	Raccoon Stealer v2	Browse	91.107.229.39
	http://vx-underground.com	Get hash	malicious	Unknown	Browse	195.201.108.83

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
83d60721ecc423892660e275acc4dffd	malware.exe	Get hash	malicious	Unknown	Browse	185.177.206.72 131.188.40.189 94.130.53.211 193.23.244.244 51.15.242.244
	reverseshell.exe	Get hash	malicious	Unknown	Browse	185.177.206.72 131.188.40.189 94.130.53.211 193.23.244.244 51.15.242.244
	4hy2wIO57k.exe	Get hash	malicious	Unknown	Browse	185.177.206.72 131.188.40.189 94.130.53.211 193.23.244.244 51.15.242.244
	file.exe	Get hash	malicious	Unknown	Browse	185.177.206.72 131.188.40.189 94.130.53.211 193.23.244.244 51.15.242.244
	Uv4KrQL2Rt.exe	Get hash	malicious	Unknown	Browse	185.177.206.72 131.188.40.189 94.130.53.211 193.23.244.244 51.15.242.244
	THtPIwSCb7.exe	Get hash	malicious	Unknown	Browse	185.177.206.72 131.188.40.189 94.130.53.211 193.23.244.244 51.15.242.244
	tinynuke.exe	Get hash	malicious	Tinynuke / Nukebot	Browse	185.177.206.72 131.188.40.189 94.130.53.211 193.23.244.244 51.15.242.244
	WLm4U77a8q.dll	Get hash	malicious	DanaBot	Browse	185.177.206.72 131.188.40.189 94.130.53.211 193.23.244.244 51.15.242.244
	VCJQWUG1iY.exe	Get hash	malicious	Unknown	Browse	185.177.206.72 131.188.40.189 94.130.53.211 193.23.244.244 51.15.242.244
	ejHZ3HUs6E.exe	Get hash	malicious	AsyncRAT BitCoin Miner	Browse	185.177.206.72 131.188.40.189 94.130.53.211 193.23.244.244 51.15.242.244
	start.exe	Get hash	malicious	BitCoin Miner	Browse	185.177.206.72 131.188.40.189 94.130.53.211 193.23.244.244 51.15.242.244
	masikerogocyqu.exe.exe	Get hash	malicious	Unknown	Browse	185.177.206.72 131.188.40.189 94.130.53.211 193.23.244.244 51.15.242.244
	004.exe	Get hash	malicious	Unknown	Browse	185.177.206.72 131.188.40.189 94.130.53.211 193.23.244.244 51.15.242.244
	http://afb05.download.thesongwritercollection.com/factuur_12_02_2019_6torc8jm67f9e87tnmy.zip	Get hash	malicious	Unknown	Browse	185.177.206.72 131.188.40.189 94.130.53.211 193.23.244.244 51.15.242.244

Dropped Files

⊘No context

Created / dropped Files

/tmp/.spligjr2q0le.pid

Download File

Process:	/tmp/index
File Type:	ASCII text
Category:	dropped
Size (bytes):	5
Entropy (8bit):	2.321928094887362
Encrypted:	false
SSDEEP:	3:z:z
MD5:	D433855EF38A030B58FC908D43609E11
SHA1:	4563039100F6AE21ED38FCD0E41EFAE42CC50C75
SHA-256:	AA0F68DE4CCC2E7A66123C1A5ACEA96AEB9BF3E6063C6E88B7E5825FDC06F8BE
SHA-512:	4CE98924B858C107C2B934174BDD8A64C087F05F2F64080C63A617815990A937044C97B87E71508912FEBB7ADE63A840239FB7443A6AE906A5AFFE5F7CA11CD1
Malicious:	false
Reputation:	low
Preview:	6235.

/tmp/.torrc

Download File

Process:	/tmp/index
File Type:	ASCII text
Category:	dropped
Size (bytes):	190
Entropy (8bit):	4.969198932471155
Encrypted:	false
SSDEEP:	3:cAiKI4sPp7S27rLnLRXc2VlJeQEVVvlIMRTR1LMKLi4cv+zq+u3ovLtVF3n:cAiKI4sPp7FJ5JP5MRdBMQk+5TtVF
MD5:	F5C1E7A77BE383BDB1071F0442ECA21F
SHA1:	A75F458D792F80C7238B7AB5A0E2AE9D658A9CAF
SHA-256:	76C3045DF4D97AC3BC27F67A532E32F92592FE3366E2F1A1A5747D5170507D8A
SHA-512:	C8B27EF0CCFC8B8505C7EC42CCA3422930419BC3D229CE0EC343B2A1C418C438FE188DBDE249C7B6641DD1E942392C5B006034C6E5FDA2B49492BCAA0D27D44A
Malicious:	false
Reputation:	low
Preview:	DataDirectory /tmp.#Log debug file /tmp/debug.log..#SafeLogging 0..NumEntryGuards 300.NumPrimaryGuards 500..SOCKSPort 0.0.0.0:auto OnionTrafficOnly..ClientOnly 1..MaxCircuitDirtiness 3600...

/tmp/unverified-microdesc-consensus.tmp

Download File

Process:	/tmp/index
File Type:	ASCII text, with very long lines (951)
Category:	dropped
Size (bytes):	2407641
Entropy (8bit):	5.634224689534402
Encrypted:	false
SSDEEP:	12288:GivZZ6hYF9qdrirNRJgrW3/d2ES768S1KjQvc7TUh9jC9HRAOjbGeLQXcZXcAUp6:GixZgaYmr9gKCXu5vMAjC1RAk5VcN6
MD5:	D2ED5B57BA9D6057487FA0CE5709B5B6
SHA1:	0D5B0587697FF2B6F3FBE0B0E80FEEAF673D5656
SHA-256:	5712D94BF3A8D215175D0B4D5B08D6D51CEE621B43907C05EDE1FF289D1A494B
SHA-512:	E5204FDD982B876ECA6613A99EB8935742A3993BF29090FBA5BA15F502ADC5EDB63F542043599B3D74D82A468A18EE2D15705D32E218F020548E55355B41BD01
Malicious:	false
Reputation:	low
Preview:	network-status-version 3 microdesc.vote-status consensus.consensus-method 32.valid-after 2023-06-03 21:00:00.fresh-until 2023-06-03 22:00:00.valid-until 2023-06-04 00:00:00.voting-delay 300 300.client-versions 0.4.7.7,0.4.7.8,0.4.7.10,0.4.7.11,0.4.7.12,0.4.7.13.server-versions 0.4.7.7,0.4.7.8,0.4.7.10,0.4.7.11,0.4.7.12,0.4.7.13.known-flags Authority BadExit Exit Fast Guard HSDir MiddleOnly NoEdConsensus Running Stable StaleDesc Sybil V2Dir Valid.recommended-client-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 Microdesc=2 Relay=2.recommended-relay-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 LinkAuth=3 Microdesc=2 Relay=2.required-client-protocols Cons=2 Desc=2 Link=4 Microdesc=2 Relay=2.required-relay-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 LinkAuth=3 Microdesc=2 Relay=2.params CircuitPriorityHalflifeMsec=30000 DoSCircuitCreationBurst=60 DoSCircuitCreationEnabled=1 DoSCircuitCreationMinConnections=2 DoSCi

Static File Info

General

File type:	ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.596102797464198
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	index
File size:	4726672
MD5:	3a2d1ab69281a2ed28dd9dbeac4a3a90
SHA1:	34e8b29be74ec982fd9d6dce5ca87bc1a7184efe
SHA256:	f876b9a14d9770212b2dea07d2f2f093be8825de4e13bacb68f49ab29bfd8ca6
SHA512:	60c721b7ab2cfecc74171036504d2a1dcbbdbeeeb1d29a9eb12fbebc1bcd2e9ffe4bf5a363477d158096896907c30f969128f8e058df2e23bdf89d5cf2b7350a
SSDEEP:	98304:uaq4+UFvC0NfjCTjqE9BX1vBwoaGldbvh05OaST2:ualVF9eTjjJvBwoh2e
TLSH:	BD267CD8ED0D3C52E2C7E2BCEE869B62313B76B4C36680B2BE01415DC4A5EE5D6F6111
File Content Preview:	.ELF......................@.....@.......P.H.........@.8...@.......................@.......@.....~cE.....~cE.......................E.....................P!................................E.............................P...............Q.td...................

Static ELF Info

ELF header
Class:
Data:
Version:
Machine:
Version Number:
Type:
OS/ABI:
ABI Version:
Entry Point Address:
Flags:
ELF Header Size:
Program Header Offset:
Program Header Size:
Number of Program Headers:
Section Header Offset:
Section Header Size:
Number of Section Headers:
Header String Table Index:

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x400158	0x158	0x10	0x0	0x6	AX	4
.text	PROGBITS	0x400170	0x170	0x34c66c	0x0	0x6	AX	16
.fini	PROGBITS	0x74c7dc	0x34c7dc	0x10	0x0	0x6	AX	4
.rodata	PROGBITS	0x74c7f0	0x34c7f0	0x109b8e	0x0	0x2	A	16
.tbss	NOBITS	0x8ffaa0	0x45faa0	0x1650	0x0	0x403	WAT	8
.init_array	INIT_ARRAY	0x8ffaa0	0x45faa0	0x8	0x8	0x3	WA	8
.fini_array	FINI_ARRAY	0x8ffaa8	0x45faa8	0x8	0x8	0x3	WA	8
.data.rel.ro	PROGBITS	0x8ffab0	0x45fab0	0x4310	0x0	0x3	WA	8
.got	PROGBITS	0x903dc0	0x463dc0	0x228	0x8	0x3	WA	8
.data	PROGBITS	0x904000	0x464000	0x1dbf0	0x0	0x3	WA	16
.bss	NOBITS	0x921bf0	0x481bf0	0x28730	0x0	0x3	WA	16
.shstrtab	STRTAB	0x0	0x481bf0	0x60	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x400000	0x400000	0x45637e	0x45637e	6.6746	0x5	R E	0x10000	.init .text .fini .rodata
LOAD	0x45faa0	0x8ffaa0	0x8ffaa0	0x22150	0x4a880	4.2492	0x6	RW	0x10000	.tbss .init_array .fini_array .data.rel.ro .got .data .bss
TLS	0x45faa0	0x8ffaa0	0x8ffaa0	0x0	0x1650	0.0000	0x4	R	0x8	.tbss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x8

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 3, 2023 23:16:14.354229927 CEST	37580	80	192.168.2.23	34.160.111.145
Jun 3, 2023 23:16:14.377991915 CEST	80	37580	34.160.111.145	192.168.2.23
Jun 3, 2023 23:16:14.381701946 CEST	37580	80	192.168.2.23	34.160.111.145
Jun 3, 2023 23:16:14.382796049 CEST	37580	80	192.168.2.23	34.160.111.145
Jun 3, 2023 23:16:14.406266928 CEST	80	37580	34.160.111.145	192.168.2.23
Jun 3, 2023 23:16:14.525151014 CEST	80	37580	34.160.111.145	192.168.2.23
Jun 3, 2023 23:16:14.525420904 CEST	37580	80	192.168.2.23	34.160.111.145
Jun 3, 2023 23:16:15.506705046 CEST	42836	443	192.168.2.23	91.189.91.43
Jun 3, 2023 23:16:16.274578094 CEST	42516	80	192.168.2.23	109.202.202.202
Jun 3, 2023 23:16:19.384032011 CEST	37580	80	192.168.2.23	34.160.111.145
Jun 3, 2023 23:16:19.409657001 CEST	80	37580	34.160.111.145	192.168.2.23
Jun 3, 2023 23:16:19.417867899 CEST	37580	80	192.168.2.23	34.160.111.145
Jun 3, 2023 23:16:20.805275917 CEST	56422	443	192.168.2.23	104.244.77.250
Jun 3, 2023 23:16:20.805351973 CEST	443	56422	104.244.77.250	192.168.2.23
Jun 3, 2023 23:16:20.805466890 CEST	56422	443	192.168.2.23	104.244.77.250
Jun 3, 2023 23:16:20.824327946 CEST	56422	443	192.168.2.23	104.244.77.250
Jun 3, 2023 23:16:20.824382067 CEST	443	56422	104.244.77.250	192.168.2.23
Jun 3, 2023 23:16:21.786855936 CEST	43724	9001	192.168.2.23	84.113.179.53
Jun 3, 2023 23:16:21.893806934 CEST	443	56422	104.244.77.250	192.168.2.23
Jun 3, 2023 23:16:22.784372091 CEST	59632	443	192.168.2.23	209.141.59.180
Jun 3, 2023 23:16:22.784465075 CEST	443	59632	209.141.59.180	192.168.2.23
Jun 3, 2023 23:16:22.784679890 CEST	59632	443	192.168.2.23	209.141.59.180
Jun 3, 2023 23:16:22.788463116 CEST	59632	443	192.168.2.23	209.141.59.180
Jun 3, 2023 23:16:22.788520098 CEST	443	59632	209.141.59.180	192.168.2.23
Jun 3, 2023 23:16:22.802202940 CEST	43724	9001	192.168.2.23	84.113.179.53
Jun 3, 2023 23:16:22.950229883 CEST	443	59632	209.141.59.180	192.168.2.23
Jun 3, 2023 23:16:23.786506891 CEST	38944	993	192.168.2.23	51.15.177.140
Jun 3, 2023 23:16:23.814793110 CEST	993	38944	51.15.177.140	192.168.2.23
Jun 3, 2023 23:16:24.818278074 CEST	43724	9001	192.168.2.23	84.113.179.53
Jun 3, 2023 23:16:25.789030075 CEST	35614	443	192.168.2.23	125.212.220.60
Jun 3, 2023 23:16:25.789129972 CEST	443	35614	125.212.220.60	192.168.2.23
Jun 3, 2023 23:16:25.789304972 CEST	35614	443	192.168.2.23	125.212.220.60
Jun 3, 2023 23:16:25.792363882 CEST	35614	443	192.168.2.23	125.212.220.60
Jun 3, 2023 23:16:25.792417049 CEST	443	35614	125.212.220.60	192.168.2.23
Jun 3, 2023 23:16:26.061011076 CEST	443	35614	125.212.220.60	192.168.2.23
Jun 3, 2023 23:16:26.790340900 CEST	57086	9001	192.168.2.23	95.216.145.127
Jun 3, 2023 23:16:26.790860891 CEST	55834	443	192.168.2.23	154.35.175.225
Jun 3, 2023 23:16:26.790932894 CEST	443	55834	154.35.175.225	192.168.2.23
Jun 3, 2023 23:16:26.791162968 CEST	55834	443	192.168.2.23	154.35.175.225
Jun 3, 2023 23:16:26.794285059 CEST	55834	443	192.168.2.23	154.35.175.225
Jun 3, 2023 23:16:26.794327021 CEST	443	55834	154.35.175.225	192.168.2.23
Jun 3, 2023 23:16:27.794068098 CEST	57086	9001	192.168.2.23	95.216.145.127
Jun 3, 2023 23:16:29.073916912 CEST	43724	9001	192.168.2.23	84.113.179.53
Jun 3, 2023 23:16:29.809863091 CEST	57086	9001	192.168.2.23	95.216.145.127
Jun 3, 2023 23:16:31.121901989 CEST	43928	443	192.168.2.23	91.189.91.42
Jun 3, 2023 23:16:33.937691927 CEST	57086	9001	192.168.2.23	95.216.145.127
Jun 3, 2023 23:16:34.429913044 CEST	55294	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:16:35.441637039 CEST	55294	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:16:37.265500069 CEST	43724	9001	192.168.2.23	84.113.179.53
Jun 3, 2023 23:16:37.457495928 CEST	55294	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:16:41.361284018 CEST	42836	443	192.168.2.23	91.189.91.43
Jun 3, 2023 23:16:41.617328882 CEST	55294	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:16:42.129297018 CEST	57086	9001	192.168.2.23	95.216.145.127
Jun 3, 2023 23:16:47.504915953 CEST	42516	80	192.168.2.23	109.202.202.202
Jun 3, 2023 23:16:49.808722973 CEST	55294	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:16:50.519587040 CEST	55296	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:16:51.536869049 CEST	55296	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:16:53.392755032 CEST	43724	9001	192.168.2.23	84.113.179.53
Jun 3, 2023 23:16:53.552572012 CEST	55296	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:16:57.744446039 CEST	55296	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:16:58.256434917 CEST	57086	9001	192.168.2.23	95.216.145.127
Jun 3, 2023 23:17:04.424701929 CEST	55298	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:17:05.455997944 CEST	55298	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:17:05.935969114 CEST	55296	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:17:05.935981035 CEST	55294	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:17:07.471942902 CEST	55298	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:17:11.567765951 CEST	55298	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:17:12.079657078 CEST	43928	443	192.168.2.23	91.189.91.42
Jun 3, 2023 23:17:19.759171963 CEST	55298	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:17:21.074363947 CEST	55300	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:17:22.063179016 CEST	55296	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:17:22.095155954 CEST	55300	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:17:24.111149073 CEST	55300	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:17:26.415018082 CEST	43724	9001	192.168.2.23	84.113.179.53
Jun 3, 2023 23:17:28.206794977 CEST	55300	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:17:30.510704994 CEST	57086	9001	192.168.2.23	95.216.145.127
Jun 3, 2023 23:17:32.558583021 CEST	42836	443	192.168.2.23	91.189.91.43
Jun 3, 2023 23:17:34.423134089 CEST	55302	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:17:35.438419104 CEST	55302	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:17:35.886436939 CEST	55298	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:17:36.398355961 CEST	55300	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:17:37.454320908 CEST	55302	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:17:38.702250957 CEST	55294	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:17:41.518111944 CEST	55302	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:17:49.709546089 CEST	55302	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:17:51.053792000 CEST	55304	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:17:52.077533007 CEST	55304	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:17:52.525504112 CEST	55300	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:17:54.093461037 CEST	55304	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:17:55.085397005 CEST	55296	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:17:58.157330990 CEST	55304	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:18:04.421484947 CEST	55306	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:18:05.452835083 CEST	55306	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:18:05.836817980 CEST	55302	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:18:06.348758936 CEST	55304	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:18:07.468816996 CEST	55306	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:18:09.420600891 CEST	55298	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:18:11.724530935 CEST	55306	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:18:19.894479036 CEST	55308	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:18:19.915997028 CEST	55306	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:18:20.907984972 CEST	55308	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:18:21.918757915 CEST	53264	443	192.168.2.23	193.23.244.244
Jun 3, 2023 23:18:21.918839931 CEST	443	53264	193.23.244.244	192.168.2.23
Jun 3, 2023 23:18:21.918986082 CEST	53264	443	192.168.2.23	193.23.244.244
Jun 3, 2023 23:18:21.920284033 CEST	40604	443	192.168.2.23	131.188.40.189
Jun 3, 2023 23:18:21.920371056 CEST	443	40604	131.188.40.189	192.168.2.23
Jun 3, 2023 23:18:21.920469046 CEST	40604	443	192.168.2.23	131.188.40.189
Jun 3, 2023 23:18:21.923255920 CEST	53264	443	192.168.2.23	193.23.244.244
Jun 3, 2023 23:18:21.923301935 CEST	443	53264	193.23.244.244	192.168.2.23
Jun 3, 2023 23:18:21.930449009 CEST	40604	443	192.168.2.23	131.188.40.189
Jun 3, 2023 23:18:21.930509090 CEST	443	40604	131.188.40.189	192.168.2.23
Jun 3, 2023 23:18:22.026097059 CEST	443	40604	131.188.40.189	192.168.2.23
Jun 3, 2023 23:18:22.026410103 CEST	40604	443	192.168.2.23	131.188.40.189
Jun 3, 2023 23:18:22.106937885 CEST	40604	443	192.168.2.23	131.188.40.189
Jun 3, 2023 23:18:22.106990099 CEST	443	40604	131.188.40.189	192.168.2.23
Jun 3, 2023 23:18:22.107834101 CEST	443	40604	131.188.40.189	192.168.2.23
Jun 3, 2023 23:18:22.107975006 CEST	40604	443	192.168.2.23	131.188.40.189
Jun 3, 2023 23:18:22.107980013 CEST	443	53264	193.23.244.244	192.168.2.23
Jun 3, 2023 23:18:22.108113050 CEST	53264	443	192.168.2.23	193.23.244.244
Jun 3, 2023 23:18:22.123847961 CEST	40604	443	192.168.2.23	131.188.40.189
Jun 3, 2023 23:18:22.156630039 CEST	53264	443	192.168.2.23	193.23.244.244
Jun 3, 2023 23:18:22.156688929 CEST	443	53264	193.23.244.244	192.168.2.23
Jun 3, 2023 23:18:22.157546043 CEST	443	53264	193.23.244.244	192.168.2.23
Jun 3, 2023 23:18:22.157664061 CEST	53264	443	192.168.2.23	193.23.244.244
Jun 3, 2023 23:18:22.164634943 CEST	53264	443	192.168.2.23	193.23.244.244
Jun 3, 2023 23:18:22.168298006 CEST	443	40604	131.188.40.189	192.168.2.23
Jun 3, 2023 23:18:22.208342075 CEST	443	53264	193.23.244.244	192.168.2.23
Jun 3, 2023 23:18:22.475919008 CEST	55304	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:18:22.923883915 CEST	55308	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:18:25.803741932 CEST	55300	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:18:26.926521063 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:26.979669094 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:26.979890108 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:26.983057976 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.035866976 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.040432930 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.040599108 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.075275898 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.083631039 CEST	55308	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:18:27.128398895 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.128472090 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.128624916 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.140584946 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.194796085 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.194993973 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.195600033 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.195708990 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.231610060 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.285417080 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.304394960 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.358148098 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.360675097 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.361953974 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.362432003 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.363374949 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.363521099 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.364684105 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.364995956 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.366384029 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.366883993 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.367639065 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.367836952 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.369360924 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.369776011 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.416685104 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.417896032 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.418031931 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.418031931 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.419869900 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.419981003 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.421700954 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.422897100 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.423659086 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.424069881 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.425616980 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.425717115 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.426845074 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.428378105 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.429624081 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.430155993 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.431052923 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.432332039 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.433871031 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.471390009 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.472757101 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.472847939 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.473856926 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.475378990 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.475507975 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.475836992 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.477482080 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.478116989 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.479643106 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.480559111 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.481172085 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.481798887 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.482820988 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.483584881 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.485323906 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.485379934 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.487656116 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.488605022 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.488677025 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.489373922 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.490633011 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.490679979 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.491091967 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.491110086 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.492588997 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.492698908 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.493894100 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.494024038 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.495382071 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.496983051 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.526967049 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.528065920 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.528168917 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.529114962 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.530359983 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.530441046 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.531584978 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.533123016 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.533217907 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.534601927 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.535882950 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.535972118 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.537123919 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.537506104 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.537630081 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.538933039 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.540864944 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.540949106 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.542109966 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.542294979 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.542371035 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.543874979 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.545110941 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.545197964 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.547076941 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.547118902 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.547213078 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.548388958 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.549844980 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.549977064 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.551060915 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.551265001 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.551353931 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.552877903 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.554120064 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.554224968 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.555823088 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.556282043 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.556380033 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.557609081 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.558805943 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.558902025 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.560476065 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.560563087 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.561136007 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.562313080 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.562402010 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.565536976 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.581872940 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.582075119 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.583419085 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.584603071 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.584692001 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.586117983 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.586244106 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.586333036 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.587654114 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.589090109 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.589165926 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.590409040 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.590569973 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.590636969 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.592164993 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.593383074 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.593467951 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.594820976 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.595597982 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.595709085 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.596812010 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.598360062 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.598438025 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.599584103 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.599771023 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.599853992 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.601322889 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.602577925 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.602649927 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.604088068 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.604129076 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.604182005 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.605592966 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.606834888 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.606920004 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.608356953 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.608527899 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.608607054 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.609837055 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.611334085 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.611402988 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.612725973 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.612838984 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.614072084 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.614151955 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.615564108 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.616807938 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.616884947 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.618076086 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.619333029 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.619407892 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.620863914 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.622030020 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.622117996 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.622298956 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.623857021 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.623955965 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.625056028 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.626574993 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.626678944 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.626746893 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.628053904 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.628148079 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.629580975 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.630887985 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.630985022 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.631553888 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.632819891 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.632941008 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.634354115 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.635852098 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.636358023 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.637048960 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.638606071 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.639585018 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.640022993 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.640616894 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.641341925 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.643404961 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.643825054 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.644530058 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.644776106 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.644861937 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.646421909 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.647708893 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.648037910 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.648114920 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.649769068 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.650595903 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.651338100 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.652065992 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.653393030 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.653480053 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.653506041 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.655103922 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.655184984 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.656414032 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.657926083 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.658000946 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.658036947 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.659352064 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.659430027 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.660887003 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.662055969 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.662126064 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.662498951 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.664124012 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.665364981 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.666529894 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.666857958 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.666908026 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.668081999 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.668596029 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.669601917 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.670881033 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.671195984 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.671278954 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.672887087 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.674169064 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.674380064 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.675626993 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.675678968 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.677246094 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.677464962 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.678947926 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.679908037 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.680062056 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.680529118 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.681026936 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.681833029 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.683379889 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.683583021 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.684669971 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.684715986 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.685712099 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.686120987 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.687323093 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.688077927 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.688896894 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.689034939 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.689102888 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.690385103 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.691852093 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.692322016 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.692400932 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.693401098 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.693485022 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.695480108 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.696616888 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.698086977 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.698540926 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.699225903 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.699589014 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.701147079 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.701530933 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.702349901 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.702827930 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.702913046 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.704371929 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.705317020 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.705662966 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.706897020 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.707253933 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.707746983 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.708614111 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.709860086 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.709939957 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.711105108 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.711520910 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.711585999 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.713223934 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.714344025 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.714900017 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.715847015 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.715904951 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.715984106 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.717355967 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.718816996 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.718904018 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.719300985 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.720335007 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.720415115 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.721592903 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.721679926 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.723076105 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.724427938 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.724484921 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.724659920 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.726097107 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.727361917 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.727850914 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.728668928 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.729052067 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.729120016 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.730307102 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.731875896 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.732675076 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.733076096 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.733791113 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.733865023 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.735358953 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.736612082 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.737529993 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.737833977 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.739104986 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.739207029 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.740040064 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.741816044 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.741914988 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.742527008 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.744124889 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.744206905 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.745102882 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.746587038 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.746664047 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.747575998 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.747751951 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.747843981 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.749367952 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.750628948 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.750739098 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.750957012 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.752331972 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.752592087 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.752661943 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.753829956 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.754815102 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.755013943 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.756129980 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.756560087 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.756644964 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.758111000 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.759314060 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.759392977 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.759793043 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.761060953 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.761128902 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.762343884 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.762793064 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.763329983 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.764357090 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.765360117 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.765454054 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.767611027 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.767784119 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.768176079 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.769345999 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.770319939 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.770884037 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.771878004 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.772509098 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.772634029 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.773590088 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.774826050 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.775321960 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.776092052 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.776899099 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.777077913 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.778332949 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.779309034 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.779736996 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.780862093 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.781548977 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.782416105 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.782546043 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.783828020 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.784593105 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.785101891 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.785805941 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.787342072 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.788062096 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.788522005 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.789619923 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.790361881 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.790695906 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.791872978 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.792810917 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.792898893 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.794100046 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.794270039 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.794718981 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.795855045 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.796024084 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.796514988 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.797899008 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.798823118 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.798867941 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.799177885 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.800343037 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.801332951 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.801898956 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.802299023 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.802762985 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.803652048 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.804891109 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.804970980 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.805824995 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.807060957 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.807275057 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.807338953 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.807792902 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.809124947 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.809516907 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.810031891 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.810872078 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.811070919 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.811142921 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.812840939 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.813545942 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.813646078 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.815350056 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.815387011 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.816201925 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.829732895 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.830060959 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.830133915 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.830537081 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.831793070 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.831830978 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.831866026 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.845941067 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.846026897 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.846882105 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.847284079 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.848347902 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.848953009 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.862895012 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.863029003 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.863851070 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.864864111 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.864948988 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.865263939 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.879476070 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.879645109 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.880350113 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.881851912 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.881892920 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.882045984 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.894896030 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.896365881 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.896460056 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.896614075 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.898145914 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.898263931 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.899471045 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.913403988 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.914402962 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.914504051 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.915864944 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.915904045 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.916359901 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.929729939 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.930155039 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.930257082 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.930660009 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.931473017 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.931859016 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.931900024 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.933815002 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.947271109 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.947892904 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.948023081 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.948318958 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.949359894 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.949822903 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.963421106 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.964322090 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.964428902 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.965363979 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.965481043 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.966221094 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.980860949 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.981844902 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.981949091 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.983061075 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.983247042 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.983843088 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.996335030 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.997844934 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.997961044 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:27.998315096 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.999622107 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:27.999670982 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.001131058 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.013916016 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.014600992 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.014715910 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.016099930 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.016143084 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.016751051 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.031157970 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.031814098 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.031924963 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.032063961 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.033633947 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.033808947 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.034173012 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.047889948 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.048603058 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.048685074 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.049102068 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.050081968 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.050656080 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.061501026 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.063900948 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.064841032 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.065095901 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.066107035 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.066284895 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.066560984 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.080380917 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.081414938 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.081624985 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.082592010 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.082762003 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.082891941 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.097392082 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.098774910 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.099000931 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.099050045 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.100364923 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.100413084 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.101638079 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.114474058 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.114588976 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.114737034 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.115575075 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.116939068 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.116981030 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.117522955 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.131449938 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.132054090 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.132105112 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.132160902 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.133629084 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.133871078 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.134552002 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.147931099 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.148622036 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.148685932 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.149384975 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.150072098 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.151721001 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.165375948 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.166146994 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.166227102 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.167629004 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.167670965 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.168297052 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.177810907 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.180058956 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.181677103 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.182560921 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.182940960 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.183846951 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.184037924 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.184761047 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.197417021 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.198836088 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.198878050 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.198879004 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.200408936 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.200449944 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.201622009 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.215387106 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.215537071 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.215740919 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.216612101 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.217560053 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.217823029 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.218350887 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.231905937 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.232842922 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.232898951 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.233035088 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.234410048 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.234450102 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.234848022 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.248888969 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.249686956 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.249756098 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.250561953 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.251324892 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.252188921 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.265417099 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.266084909 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.266288996 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.267400980 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.267537117 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.268080950 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.281337023 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.282849073 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.283003092 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.283375025 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.284897089 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.285027027 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.286256075 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.298898935 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.300132990 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.300309896 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.301409006 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.301573038 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.302083015 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.315371990 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.315911055 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.316097021 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.316834927 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.317826986 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.318085909 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.318130970 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.319456100 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.332175970 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.334068060 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.334136009 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.334175110 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.334878922 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.335144997 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.349198103 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.349822044 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.350049019 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.350949049 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.351526022 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.352248907 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.366520882 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.367350101 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.367594004 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.368880033 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.368925095 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.369741917 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.381613970 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.383399010 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.383625031 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.383788109 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.385404110 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.385447979 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.386714935 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.398921967 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.400403976 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.400603056 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.401431084 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.401537895 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.402101040 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.416955948 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.417448997 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.417651892 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.417870045 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.419147968 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.419199944 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.420533895 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.433276892 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.434155941 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.434415102 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.434624910 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.435611010 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.436563015 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.449646950 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.450617075 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.450927019 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.451668024 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.452327013 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.453039885 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.467163086 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.468107939 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.468182087 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.469646931 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.469696045 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.476578951 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.482656956 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.483834982 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.484128952 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.484343052 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.485872984 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.486020088 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.492628098 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.500197887 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.501112938 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.502619028 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.502670050 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.502937078 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.516748905 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.517335892 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.517801046 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.519131899 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.519180059 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.522918940 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.534398079 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.535072088 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.535373926 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.535799026 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.536587954 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.543322086 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.550657034 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.551616907 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.551914930 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.552607059 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.553071976 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.559494972 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.567205906 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.568593025 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.568896055 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.569700003 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.569751978 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.576612949 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.583873987 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.584855080 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.585586071 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.586869955 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.587052107 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.595371962 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.601535082 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.602092981 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.603316069 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.604650974 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.604707956 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.612689972 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.618431091 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.618881941 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.619076014 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.620121956 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.620608091 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.620851994 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.626796007 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.634937048 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.635658026 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.635973930 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.636182070 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.637218952 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.647384882 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.651160002 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.652131081 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.653379917 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.653621912 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.653673887 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.667709112 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.668651104 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.670150995 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.670198917 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.674006939 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.684415102 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.685636997 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.686060905 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.687134981 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.687364101 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.688143969 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.701713085 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.702650070 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.704519987 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.704566002 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.708583117 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.718408108 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.718843937 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.719089031 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.720583916 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.720796108 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.722275019 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.735930920 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.736627102 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.737338066 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.738096952 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.740611076 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.752398014 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.753164053 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.754368067 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.754595041 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.755444050 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.767071962 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.768862009 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.769593000 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.771321058 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.771362066 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.771573067 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.780635118 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.785896063 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.787374020 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.787560940 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.788589001 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.788855076 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.788908005 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.798012972 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.803208113 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.803261042 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.804579020 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.804665089 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.806163073 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.806210041 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.810966969 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.819674969 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.820645094 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.820841074 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.821872950 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.822067976 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.824588060 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.836462021 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.837084055 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.838637114 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.839117050 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.839587927 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.853409052 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.854372025 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.855880976 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.855922937 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.857440948 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.868607998 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.870110989 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.870599985 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.872607946 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.872802973 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.872920036 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.885963917 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.887375116 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.887511015 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.888863087 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.888909101 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.889451981 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.904170036 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.904375076 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.905095100 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.906399012 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.906456947 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.906698942 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.917226076 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.920640945 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.921361923 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.921519041 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.922843933 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.923480988 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.937180042 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.938095093 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.938354015 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.939129114 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.939594984 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.940576077 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.954147100 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.955095053 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.955184937 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.956392050 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.956614971 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.957617044 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.969364882 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.970874071 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.971328974 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.972917080 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.973098040 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.973120928 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.987674952 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.988976955 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.989167929 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:28.990343094 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.990415096 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:28.992069960 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.004693985 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.004801035 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.004880905 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.005280018 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.006895065 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.007091999 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.008389950 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.021178961 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.021898985 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.022069931 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.022381067 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.023351908 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.025254011 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.037888050 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.038583994 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.038640976 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.039592981 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.040066957 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.041532040 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.055440903 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.056102991 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.056258917 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.057343006 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.057565928 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.059278011 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.070365906 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.071686029 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.071851969 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.072144985 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.087809086 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.091039896 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.091109037 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.091145992 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.092561007 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.092755079 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.094171047 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.107647896 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.108200073 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.108297110 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.109100103 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.109766006 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.110426903 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.123863935 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.123935938 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.123987913 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.126137018 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.126339912 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.126410007 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.136835098 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.138206959 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.138261080 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.139127016 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.140384912 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.140567064 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.141629934 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.148580074 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.157393932 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.158998966 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.159126043 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.159634113 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.160419941 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.160460949 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.160888910 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.173929930 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.174163103 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.174228907 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.175146103 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.176470995 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.176635027 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.176779985 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.189129114 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.190073967 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.190138102 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.190295935 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.191680908 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.191719055 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.192771912 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.205645084 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.205705881 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.206568956 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.207571983 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.208348036 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.208803892 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.222389936 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.223126888 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.223196983 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.224395990 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.224580050 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.225178957 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.237325907 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.238888025 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.239021063 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.239579916 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.240859985 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.240917921 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.242122889 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.255841970 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.257359028 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.257447004 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.258352995 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.258603096 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.258853912 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.272910118 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.273019075 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.273339987 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.274070978 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.275372982 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.275413990 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.275449038 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.289683104 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.289779902 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.290616035 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.305109978 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.306371927 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.306684017 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.307054996 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.308933973 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.308979988 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.309014082 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.321894884 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.323112965 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.323196888 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.323313951 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.324980021 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.325023890 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.326006889 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.339683056 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.339729071 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.339785099 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.340387106 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.342042923 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.342097998 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.343867064 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.357182980 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.357587099 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.357827902 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.357984066 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.359371901 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.359561920 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.359761000 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.373358965 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.374363899 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.374423027 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.375092030 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.375824928 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.376588106 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.389957905 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.390861034 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.390935898 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.392226934 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.392293930 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.393172979 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.406096935 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.406179905 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.407326937 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.408368111 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.408695936 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.409638882 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.409833908 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.411098957 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.427823067 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.428045988 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.428134918 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.429086924 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.440654993 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.440762997 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.441418886 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.442091942 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.442838907 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.443947077 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.460915089 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.461596966 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.461678982 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.462891102 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.462953091 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.463337898 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.473104954 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.474603891 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.474708080 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.475634098 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.477350950 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.477585077 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.478718042 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.495682955 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.496026993 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.496068001 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.496069908 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.497062922 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.497116089 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.499293089 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.507380962 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.507859945 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.507935047 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.508579016 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.509855032 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.509901047 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.510575056 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.523860931 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.524876118 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.524943113 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.525105000 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.526644945 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.526684999 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.526873112 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.541403055 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.542376041 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.542470932 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.543390989 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.543872118 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.545406103 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.557677031 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.558331966 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.558403969 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.559884071 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.559922934 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.561151028 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.573641062 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.575104952 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.575190067 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.575582981 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.577161074 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.577208042 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.577441931 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.591161013 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.592633963 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.592713118 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.593908072 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.593950033 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.594649076 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.607330084 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.607953072 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.608366013 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.609105110 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.609951019 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.610388994 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.610428095 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.611747026 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.730220079 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.731118917 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.731213093 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.731410027 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.733192921 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.733551025 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.734492064 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.735093117 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.735852003 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.736084938 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.737056017 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.737693071 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.738320112 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.739123106 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.739634037 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.740698099 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.740822077 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.741261005 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.741871119 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.742846966 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.743107080 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.744333029 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.744823933 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.745450974 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.827189922 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.828413010 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.828495026 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.829401016 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.830566883 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.831579924 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.831623077 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.832650900 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.833132982 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.833838940 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.835050106 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.835323095 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.836087942 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.836129904 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.837685108 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.837728024 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.838572025 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.839476109 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.840401888 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.840646029 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.840831995 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.841494083 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.842087030 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.843132973 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.843262911 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.844403982 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.844819069 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.845006943 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.860785007 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.898221970 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.939574957 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:29.992702007 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:29.996589899 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:30.999701023 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:31.056946039 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:31.057682991 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:31.057790995 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:31.059040070 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:31.059159040 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:31.060112000 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:31.060216904 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:31.061664104 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:31.061757088 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:31.062069893 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:31.062150955 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:31.063163042 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:31.063256979 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:31.064672947 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:31.064763069 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:31.065927982 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:31.066040039 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:31.066076040 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:31.066165924 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:31.067665100 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:31.067764044 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:31.068891048 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:31.069015026 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:31.070439100 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:31.070524931 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:31.123456955 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:31.123605967 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:32.413925886 CEST	33460	443	192.168.2.23	185.177.206.72
Jun 3, 2023 23:18:32.413999081 CEST	443	33460	185.177.206.72	192.168.2.23
Jun 3, 2023 23:18:32.414149046 CEST	53304	443	192.168.2.23	94.130.53.211
Jun 3, 2023 23:18:32.414227009 CEST	443	53304	94.130.53.211	192.168.2.23
Jun 3, 2023 23:18:32.414335966 CEST	47378	443	192.168.2.23	51.15.242.244
Jun 3, 2023 23:18:32.414367914 CEST	443	47378	51.15.242.244	192.168.2.23
Jun 3, 2023 23:18:32.414391041 CEST	53304	443	192.168.2.23	94.130.53.211
Jun 3, 2023 23:18:32.414444923 CEST	47378	443	192.168.2.23	51.15.242.244
Jun 3, 2023 23:18:32.414805889 CEST	33460	443	192.168.2.23	185.177.206.72
Jun 3, 2023 23:18:32.418646097 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:32.422688961 CEST	53304	443	192.168.2.23	94.130.53.211
Jun 3, 2023 23:18:32.422730923 CEST	443	53304	94.130.53.211	192.168.2.23
Jun 3, 2023 23:18:32.429980040 CEST	47378	443	192.168.2.23	51.15.242.244
Jun 3, 2023 23:18:32.430013895 CEST	443	47378	51.15.242.244	192.168.2.23
Jun 3, 2023 23:18:32.436882019 CEST	33460	443	192.168.2.23	185.177.206.72
Jun 3, 2023 23:18:32.436933994 CEST	443	33460	185.177.206.72	192.168.2.23
Jun 3, 2023 23:18:32.471852064 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:32.472021103 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:32.474674940 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:32.474781990 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:32.475924969 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:32.476013899 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:32.477494955 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:32.477603912 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:32.477626085 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:32.477674961 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:32.530165911 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:18:32.530311108 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:18:32.536629915 CEST	443	53304	94.130.53.211	192.168.2.23
Jun 3, 2023 23:18:32.536767960 CEST	53304	443	192.168.2.23	94.130.53.211
Jun 3, 2023 23:18:32.542474985 CEST	443	47378	51.15.242.244	192.168.2.23
Jun 3, 2023 23:18:32.542612076 CEST	47378	443	192.168.2.23	51.15.242.244
Jun 3, 2023 23:18:32.550873041 CEST	443	33460	185.177.206.72	192.168.2.23
Jun 3, 2023 23:18:32.551476955 CEST	33460	443	192.168.2.23	185.177.206.72
Jun 3, 2023 23:18:32.609188080 CEST	53304	443	192.168.2.23	94.130.53.211
Jun 3, 2023 23:18:32.609225988 CEST	443	53304	94.130.53.211	192.168.2.23
Jun 3, 2023 23:18:32.609976053 CEST	443	53304	94.130.53.211	192.168.2.23
Jun 3, 2023 23:18:32.610075951 CEST	53304	443	192.168.2.23	94.130.53.211
Jun 3, 2023 23:18:32.651120901 CEST	47378	443	192.168.2.23	51.15.242.244
Jun 3, 2023 23:18:32.651174068 CEST	443	47378	51.15.242.244	192.168.2.23
Jun 3, 2023 23:18:32.651988983 CEST	443	47378	51.15.242.244	192.168.2.23
Jun 3, 2023 23:18:32.652060032 CEST	47378	443	192.168.2.23	51.15.242.244
Jun 3, 2023 23:18:32.683582067 CEST	33460	443	192.168.2.23	185.177.206.72
Jun 3, 2023 23:18:32.683742046 CEST	443	33460	185.177.206.72	192.168.2.23
Jun 3, 2023 23:18:32.684592962 CEST	443	33460	185.177.206.72	192.168.2.23
Jun 3, 2023 23:18:32.684680939 CEST	33460	443	192.168.2.23	185.177.206.72
Jun 3, 2023 23:18:32.691131115 CEST	53304	443	192.168.2.23	94.130.53.211
Jun 3, 2023 23:18:32.692959070 CEST	47378	443	192.168.2.23	51.15.242.244
Jun 3, 2023 23:18:32.694731951 CEST	33460	443	192.168.2.23	185.177.206.72
Jun 3, 2023 23:18:32.736316919 CEST	443	53304	94.130.53.211	192.168.2.23
Jun 3, 2023 23:18:32.736349106 CEST	443	33460	185.177.206.72	192.168.2.23
Jun 3, 2023 23:18:32.736372948 CEST	443	47378	51.15.242.244	192.168.2.23
Jun 3, 2023 23:18:34.419637918 CEST	55322	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:18:35.275253057 CEST	55308	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:18:35.435261965 CEST	55322	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:18:36.043266058 CEST	55306	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:18:37.104979038 CEST	443	55834	154.35.175.225	192.168.2.23
Jun 3, 2023 23:18:37.451081991 CEST	55322	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:18:38.091142893 CEST	55302	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:18:41.674890995 CEST	55322	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:18:49.820538998 CEST	55324	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:18:49.866436958 CEST	55322	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:18:50.826430082 CEST	55324	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:18:51.402431965 CEST	55308	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:18:52.842251062 CEST	55324	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:18:56.522056103 CEST	55304	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:18:57.034029961 CEST	55324	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:19:04.417943954 CEST	55326	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:19:05.225647926 CEST	55324	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:19:05.449711084 CEST	55326	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:19:05.993784904 CEST	55322	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:19:07.465548038 CEST	55326	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:19:08.809519053 CEST	55306	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:19:11.625403881 CEST	55326	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:19:19.811104059 CEST	55328	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:19:19.816770077 CEST	55326	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:19:20.840809107 CEST	55328	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:19:21.352823973 CEST	55324	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:19:22.856674910 CEST	55328	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:19:25.192595959 CEST	55308	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:19:26.984502077 CEST	55328	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:19:33.430490971 CEST	9001	56820	109.92.182.91	192.168.2.23
Jun 3, 2023 23:19:33.430774927 CEST	56820	9001	192.168.2.23	109.92.182.91
Jun 3, 2023 23:19:34.416234016 CEST	55330	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:19:35.176034927 CEST	55328	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:19:35.432053089 CEST	55330	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:19:35.944072962 CEST	55326	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:19:37.447990894 CEST	55330	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:19:39.527827978 CEST	55322	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:19:41.575738907 CEST	55330	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:19:48.836716890 CEST	443	33460	185.177.206.72	192.168.2.23
Jun 3, 2023 23:19:48.836747885 CEST	443	47378	51.15.242.244	192.168.2.23
Jun 3, 2023 23:19:48.836765051 CEST	443	53304	94.130.53.211	192.168.2.23
Jun 3, 2023 23:19:48.836801052 CEST	443	40604	131.188.40.189	192.168.2.23
Jun 3, 2023 23:19:48.836843014 CEST	443	53264	193.23.244.244	192.168.2.23
Jun 3, 2023 23:19:48.840018988 CEST	47378	443	192.168.2.23	51.15.242.244
Jun 3, 2023 23:19:48.840071917 CEST	443	47378	51.15.242.244	192.168.2.23
Jun 3, 2023 23:19:48.844980001 CEST	33460	443	192.168.2.23	185.177.206.72
Jun 3, 2023 23:19:48.845029116 CEST	443	33460	185.177.206.72	192.168.2.23
Jun 3, 2023 23:19:48.847723007 CEST	53304	443	192.168.2.23	94.130.53.211
Jun 3, 2023 23:19:48.847759962 CEST	443	53304	94.130.53.211	192.168.2.23
Jun 3, 2023 23:19:48.850331068 CEST	40604	443	192.168.2.23	131.188.40.189
Jun 3, 2023 23:19:48.850358963 CEST	443	40604	131.188.40.189	192.168.2.23
Jun 3, 2023 23:19:48.853274107 CEST	53264	443	192.168.2.23	193.23.244.244
Jun 3, 2023 23:19:48.853322029 CEST	443	53264	193.23.244.244	192.168.2.23
Jun 3, 2023 23:19:49.618232012 CEST	55332	20745	192.168.2.23	102.129.143.43
Jun 3, 2023 23:19:49.767277002 CEST	55330	20745	192.168.2.23	102.129.143.43

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 3, 2023 23:16:14.234215021 CEST	43271	53	192.168.2.23	1.1.1.1
Jun 3, 2023 23:16:14.234405994 CEST	35355	53	192.168.2.23	1.1.1.1
Jun 3, 2023 23:16:14.251863003 CEST	53	35355	1.1.1.1	192.168.2.23
Jun 3, 2023 23:16:14.251972914 CEST	53	43271	1.1.1.1	192.168.2.23

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jun 3, 2023 23:16:14.234215021 CEST	192.168.2.23	1.1.1.1	0x14d6	Standard query (0)	ipecho.net	A (IP address)	IN (0x0001)	false
Jun 3, 2023 23:16:14.234405994 CEST	192.168.2.23	1.1.1.1	0xf0b3	Standard query (0)	ipecho.net	28	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jun 3, 2023 23:16:14.251972914 CEST	1.1.1.1	192.168.2.23	0x14d6	No error (0)	ipecho.net		34.160.111.145	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

ipecho.net

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.23	37580	34.160.111.145	80

Timestamp	kBytes transferred	Direction	Data
Jun 3, 2023 23:16:14.382796049 CEST	0	OUT	GET /plain HTTP/1.1 HOST: ipecho.net Accept: /
Jun 3, 2023 23:16:14.525151014 CEST	1	IN	HTTP/1.1 200 OK access-control-allow-origin: * content-type: text/html; charset=utf-8 content-length: 14 date: Sat, 03 Jun 2023 21:16:14 GMT x-envoy-upstream-service-time: 0 strict-transport-security: max-age=2592000; includeSubDomains server: istio-envoy Via: 1.1 google Data Raw: 31 30 32 2e 31 32 39 2e 31 34 33 2e 34 33 Data Ascii: 102.129.143.43

System Behavior

Analysis Process: index PID: 6231, Parent PID: 6124

General

Start time:	23:16:12
Start date:	03/06/2023
Path:	/tmp/index
Arguments:	/tmp/index
File size:	5706200 bytes
MD5 hash:	02e8e39e1b46472a60d128a6da84a2b8

Chronological Activities

Analysis Process: index PID: 6233, Parent PID: 6231

General

Start time:	23:16:12
Start date:	03/06/2023
Path:	/tmp/index
Arguments:	n/a
File size:	5706200 bytes
MD5 hash:	02e8e39e1b46472a60d128a6da84a2b8

Chronological Activities

Analysis Process: index PID: 6235, Parent PID: 6233

General

Start time:	23:16:12
Start date:	03/06/2023
Path:	/tmp/index
Arguments:	n/a
File size:	5706200 bytes
MD5 hash:	02e8e39e1b46472a60d128a6da84a2b8

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a connection proxy to direct network traffic between systems or act as an intermediary for network communications to a command and control server to avoid direct connections to their infrastructure. Many tools exist that enable traffic redirection through proxies or port redirection, including HTRAN , ZXProxy, and ZXPortMap. Adversaries use these types of proxies to manage command and control communications, reduce the number of simultaneous outbound network connections, provide resiliency in the face of connection loss, or to ride over existing trusted communications paths between victims to avoid suspicion. Adversaries may chain together multiple proxies to further disguise the source of malicious traffic.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report index

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

General Information

Runtime Messages

Process Tree

Yara Signatures

Initial Sample

Memory Dumps

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Lowering of HIPS / PFW / Operating System Security Settings

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/tmp/.spligjr2q0le.pid

/tmp/.torrc

/tmp/unverified-microdesc-consensus.tmp

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

System Behavior

Analysis Process: index PID: 6231, Parent PID: 6124

General

Chronological Activities

Analysis Process: index PID: 6233, Parent PID: 6231

General

Chronological Activities

Analysis Process: index PID: 6235, Parent PID: 6233

General

Chronological Activities

Linux Analysis Report
index