Edit tour

Windows Analysis Report
RtkAudUService.exe

Overview

General Information

Sample name:	RtkAudUService.exe
Analysis ID:	1638276
MD5:	523ffe25dba3e49ba5002638cdad8be5
SHA1:	653287a03a6907232c215ba5e6a1372924861fe2
SHA256:	857616f803d2c7d69a22395fae9ea501fec12659cb0bfa88412d2376aefca3dd
Tags:	exeuser-TornadoAV_dev
Infos:

Detection

Score:	52
Range:	0 - 100
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Joe Sandbox ML detected suspicious sample

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

IP address seen in connection with other malware

PE file contains more sections than normal

PE file contains sections with non-standard names

Sigma detected: CurrentVersion Autorun Keys Modification

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

RtkAudUService.exe (PID: 7148 cmdline: "C:\Users\user\Desktop\RtkAudUService.exe" MD5: 523FFE25DBA3E49BA5002638CDAD8BE5)

RtkAudUService.exe (PID: 6224 cmdline: "C:\Users\user\Desktop\RtkAudUService.exe" --detached MD5: 523FFE25DBA3E49BA5002638CDAD8BE5)

RtkAudUService.exe (PID: 3092 cmdline: "C:\Users\user\Desktop\RtkAudUService.exe" MD5: 523FFE25DBA3E49BA5002638CDAD8BE5)

RtkAudUService.exe (PID: 6772 cmdline: "C:\Users\user\Desktop\RtkAudUService.exe" --detached MD5: 523FFE25DBA3E49BA5002638CDAD8BE5)

RtkAudUService.exe (PID: 5444 cmdline: "C:\Users\user\Desktop\RtkAudUService.exe" MD5: 523FFE25DBA3E49BA5002638CDAD8BE5)

RtkAudUService.exe (PID: 5136 cmdline: "C:\Users\user\Desktop\RtkAudUService.exe" --detached MD5: 523FFE25DBA3E49BA5002638CDAD8BE5)

cleanup

Sigma Signatures

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Desktop\RtkAudUService.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\RtkAudUService.exe, ProcessId: 7148, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyApp

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: RtkAudUService.exe	Virustotal: Detection: 12%			Perma Link
Source: RtkAudUService.exe	ReversingLabs: Detection: 13%

Joe Sandbox ML detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 98.8% probability

Source: RtkAudUService.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: global traffic

TCP traffic: 192.168.2.7:49681 -> 213.209.150.137:8081

Source: Joe Sandbox View

IP Address: 213.209.150.137 213.209.150.137

Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.150.137

Source: C:\Users\user\Desktop\RtkAudUService.exe

Code function: 5_2_000000AAFCBFC8CA

5_2_000000AAFCBFC8CA

Source: RtkAudUService.exe

Static PE information: Number of sections : 11 > 10

Source: classification engine

Classification label: mal52.winEXE@9/0@0/1

Source: RtkAudUService.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\RtkAudUService.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\RtkAudUService.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: RtkAudUService.exe	Virustotal: Detection: 12%
Source: RtkAudUService.exe	ReversingLabs: Detection: 13%

Source: RtkAudUService.exe	String found in binary or memory: winsymlink/dev/stdinCreateFilecreatetemp12207031256103515625ParseFloat.localhostsetsockoptIP addressunixpacket netGo = %!Weekday(ConnectionKeep-Alivelocal-addrimage/webpimage/jpegaudio/aiffaudio/mpegaudio/midiaudio/wavevideo/webmfont/woff2User-AgentRST_STREAMEND_STREAMSet-Cookie stream=%dset-cookieuser-agentkeep-alive:authorityequivalentProcessingNo ContentX-Go-Pprof%s (%s):%ddnsapi.dlldwmapi.dlluser32.dllws2_32.dllIsValidSidDnsQuery_WGetIfEntryCancelIoExCreatePipeGetVersionLocalAllocLockFileExOpenEventWOpenMutexWOpenThreadPulseEventResetEventWSACleanupWSASocketWWSAStartupgetsockoptowner diedexecerrdotcomplex128t.Kind == notifyListprofInsertstackLargeNot workermSpanInUseGOMAXPROCSstop tracedisablethpinvalidptrschedtracesemacquiredebug call flushGen MB goal, s.state = s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = exitThreadBad varintGC forced
Source: RtkAudUService.exe	String found in binary or memory: _cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevruntime: mcall function returnedruntime: newstack called from g=runtime: stack split at bad timepanic while printing panic valueruntime: setevent failed; errno=runtime.semasleep wait_abandoneduse of closed network connectionunexpected character, want colonchacha20poly1305: bad key lengthtls: unknown Renegotiation valuetls: NextProtos values too largemime: expected token after slashfound mapping with reserved ID=0" not supported for cpu option "ed25519: bad public key length: x509: unsupported elliptic curvex509: invalid constraint value: x509: malformed subjectPublicKeyx509: cannot parse rfc822Name %qx509: ECDSA verification failurecrypto/aes: input not full blockcrypto/des: input not full blockcrypto/ecdh: invalid private keyinput overflows the modulus sizeinteger is not minimally encodedcannot represent time as UTCTimechacha20: invalid buffer overlaphttp2write100ContinueHeadersFramerelease of handle with refcount 0142108547152020037174224853515625710542735760100185871124267578125sync: RUnlock of unlocked RWMutexgo package net: confVal.netCgo = pseudo header field after regularhttp: invalid Read on closed Bodyapplication/x-www-form-urlencodedinvalid header field value for %qpad size larger than data payloadframe_pushpromise_promiseid_shorthttp2: invalid pseudo headers: %vhttp: multiple registrations for invalid concurrent Body.Read callunsupported transfer encoding: %qFailed to get command version: %vCryptAcquireCertificatePrivateKeyGetVolumeNameForVolumeMountPointWInitializeProcThreadAttributeListSetupDiGetDeviceRegistryPropertyWSetupDiSetDeviceRegistryPropertyWtoo many levels of symbolic linksbytes.Buffer.Grow: negative countreflect: slice index out of range of method on nil interface valuereflect: Field index out of rangereflect: array index out of range to pointer to array with length skip everything and stop the walkslice bounds out of range [%x:%y]base outside usable address spaceruntime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativetoo many concurrent timer firingsruntime: name offset out of rangeruntime: type offset out of rangewaiting for unsupported file typetoo many Answers to pack (>65535)tls: failed to write to key log: tls: invalid server finished hashtls: unexpected ServerKeyExc
Source: RtkAudUService.exe	String found in binary or memory: _cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevruntime: mcall function returnedruntime: newstack called from g=runtime: stack split at bad timepanic while printing panic valueruntime: setevent failed; errno=runtime.semasleep wait_abandoneduse of closed network connectionunexpected character, want colonchacha20poly1305: bad key lengthtls: unknown Renegotiation valuetls: NextProtos values too largemime: expected token after slashfound mapping with reserved ID=0" not supported for cpu option "ed25519: bad public key length: x509: unsupported elliptic curvex509: invalid constraint value: x509: malformed subjectPublicKeyx509: cannot parse rfc822Name %qx509: ECDSA verification failurecrypto/aes: input not full blockcrypto/des: input not full blockcrypto/ecdh: invalid private keyinput overflows the modulus sizeinteger is not minimally encodedcannot represent time as UTCTimechacha20: invalid buffer overlaphttp2write100ContinueHeadersFramerelease of handle with refcount 0142108547152020037174224853515625710542735760100185871124267578125sync: RUnlock of unlocked RWMutexgo package net: confVal.netCgo = pseudo header field after regularhttp: invalid Read on closed Bodyapplication/x-www-form-urlencodedinvalid header field value for %qpad size larger than data payloadframe_pushpromise_promiseid_shorthttp2: invalid pseudo headers: %vhttp: multiple registrations for invalid concurrent Body.Read callunsupported transfer encoding: %qFailed to get command version: %vCryptAcquireCertificatePrivateKeyGetVolumeNameForVolumeMountPointWInitializeProcThreadAttributeListSetupDiGetDeviceRegistryPropertyWSetupDiSetDeviceRegistryPropertyWtoo many levels of symbolic linksbytes.Buffer.Grow: negative countreflect: slice index out of range of method on nil interface valuereflect: Field index out of rangereflect: array index out of range to pointer to array with length skip everything and stop the walkslice bounds out of range [%x:%y]base outside usable address spaceruntime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativetoo many concurrent timer firingsruntime: name offset out of rangeruntime: type offset out of rangewaiting for unsupported file typetoo many Answers to pack (>65535)tls: failed to write to key log: tls: invalid server finished hashtls: unexpected ServerKeyExc
Source: RtkAudUService.exe	String found in binary or memory: failed to construct HKDF label: %smultiple mappings with same id: %dcrypto/rsa: missing public modulusadding nil Certificate to CertPoolx509: unknown public key algorithmx509: invalid certificate policies%s %q is excluded by constraint %qx509: Ed25519 verification failurex509: unhandled critical extensioncrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapinvalid padding bits in BIT STRINGGODEBUG sys/cpu: can not disable "chacha20: wrong HChaCha20 key size1776356839400250464677810668945312588817841970012523233890533447265625ryuFtoaFixed32 called with prec > 92006-01-02T15:04:05.999999999Z07:00non-positive interval for NewTickerCONTINUATION frame with stream ID 0Prohibited TLS 1.2 Cipher Suite: %xhttp2: server: client %v said hellohttp2: server processing setting %vWrite called after Handler finishedSubscribeServiceChangeNotificationsnetwork dropped connection on resettransport endpoint is not connectedreflect.MakeSlice of non-slice typepersistentalloc: align is too large/memory/classes/heap/released:bytesgreyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freefailed to get or create weak handleattempt to clear non-empty span setruntime: close polldesc w/o unblockruntime: inconsistent read deadlineNtCreateWaitCompletionPacket failedfindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=file type does not support deadlinetoo many Questions to pack (>65535)unsupported signature algorithm: %vtls: too many non-advancing recordstls: server selected an invalid PSKtls: invalid Kyber server key sharemime: bogus characters after %%: %qgzip: invalid compression level: %dgzip.Write: Extra data is too largehpack: invalid Huffman-encoded datadynamic table size update too largeincompatible period types %v and %vincompatible sample types %v and %vmultiple functions with same id: %dmultiple locations with same id: %druntime/pprof: converting profile: mismatched profile records and tagsbigmod: modulus is smaller than natx509: malformed extension OID fieldx509: wrong Ed25519 public key sizex509: invalid authority info accessmlkem768: invalid ciphertext lengthcrypto/md5: invalid hash state sizeflate: corrupt input before offset '_' must separate successive digitsP224 point is the point at infinityP256 point is the point at infinityP384 point is the point at infinityP521 point is the point at infinitysuperfluous leading zeros in lengthchacha20: output smaller than inputtransform: short destination bufferFailed to get ShellExecuteA address:444089209850062616169452667236328125ryuFtoaFixed64 called with prec > 180123456789abcdefghijklmnopqrstuvwxyzstrings.Builder.Grow: negative countstrings: Join output length overflowTime.UnmarshalBinary: invalid lengthhttp: unexpected EOF reading trailer LastStreamID=%v ErrCode=%v Debug=%qhttp2: server rejecting conn: %v, %sHeader called after Handler fi
Source: RtkAudUService.exe	String found in binary or memory: failed to construct HKDF label: %smultiple mappings with same id: %dcrypto/rsa: missing public modulusadding nil Certificate to CertPoolx509: unknown public key algorithmx509: invalid certificate policies%s %q is excluded by constraint %qx509: Ed25519 verification failurex509: unhandled critical extensioncrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapinvalid padding bits in BIT STRINGGODEBUG sys/cpu: can not disable "chacha20: wrong HChaCha20 key size1776356839400250464677810668945312588817841970012523233890533447265625ryuFtoaFixed32 called with prec > 92006-01-02T15:04:05.999999999Z07:00non-positive interval for NewTickerCONTINUATION frame with stream ID 0Prohibited TLS 1.2 Cipher Suite: %xhttp2: server: client %v said hellohttp2: server processing setting %vWrite called after Handler finishedSubscribeServiceChangeNotificationsnetwork dropped connection on resettransport endpoint is not connectedreflect.MakeSlice of non-slice typepersistentalloc: align is too large/memory/classes/heap/released:bytesgreyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freefailed to get or create weak handleattempt to clear non-empty span setruntime: close polldesc w/o unblockruntime: inconsistent read deadlineNtCreateWaitCompletionPacket failedfindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=file type does not support deadlinetoo many Questions to pack (>65535)unsupported signature algorithm: %vtls: too many non-advancing recordstls: server selected an invalid PSKtls: invalid Kyber server key sharemime: bogus characters after %%: %qgzip: invalid compression level: %dgzip.Write: Extra data is too largehpack: invalid Huffman-encoded datadynamic table size update too largeincompatible period types %v and %vincompatible sample types %v and %vmultiple functions with same id: %dmultiple locations with same id: %druntime/pprof: converting profile: mismatched profile records and tagsbigmod: modulus is smaller than natx509: malformed extension OID fieldx509: wrong Ed25519 public key sizex509: invalid authority info accessmlkem768: invalid ciphertext lengthcrypto/md5: invalid hash state sizeflate: corrupt input before offset '_' must separate successive digitsP224 point is the point at infinityP256 point is the point at infinityP384 point is the point at infinityP521 point is the point at infinitysuperfluous leading zeros in lengthchacha20: output smaller than inputtransform: short destination bufferFailed to get ShellExecuteA address:444089209850062616169452667236328125ryuFtoaFixed64 called with prec > 180123456789abcdefghijklmnopqrstuvwxyzstrings.Builder.Grow: negative countstrings: Join output length overflowTime.UnmarshalBinary: invalid lengthhttp: unexpected EOF reading trailer LastStreamID=%v ErrCode=%v Debug=%qhttp2: server rejecting conn: %v, %sHeader called after Handler fi

Source: C:\Users\user\Desktop\RtkAudUService.exe

File read: C:\Users\user\Desktop\RtkAudUService.exe:Zone.Identifier

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\RtkAudUService.exe "C:\Users\user\Desktop\RtkAudUService.exe"
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process created: C:\Users\user\Desktop\RtkAudUService.exe "C:\Users\user\Desktop\RtkAudUService.exe" --detached
Source: unknown	Process created: C:\Users\user\Desktop\RtkAudUService.exe "C:\Users\user\Desktop\RtkAudUService.exe"
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process created: C:\Users\user\Desktop\RtkAudUService.exe "C:\Users\user\Desktop\RtkAudUService.exe" --detached
Source: unknown	Process created: C:\Users\user\Desktop\RtkAudUService.exe "C:\Users\user\Desktop\RtkAudUService.exe"
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process created: C:\Users\user\Desktop\RtkAudUService.exe "C:\Users\user\Desktop\RtkAudUService.exe" --detached
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process created: C:\Users\user\Desktop\RtkAudUService.exe "C:\Users\user\Desktop\RtkAudUService.exe" --detached	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process created: C:\Users\user\Desktop\RtkAudUService.exe "C:\Users\user\Desktop\RtkAudUService.exe" --detached	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process created: C:\Users\user\Desktop\RtkAudUService.exe "C:\Users\user\Desktop\RtkAudUService.exe" --detached	Jump to behavior

Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Section loaded: fwpuclnt.dll	Jump to behavior

Source: C:\Users\user\Desktop\RtkAudUService.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E5F29CE-E0A8-49D3-AF32-7A7BDC173478}\InProcServer32

Jump to behavior

Source: RtkAudUService.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: RtkAudUService.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: RtkAudUService.exe

Static file information: File size 6693376 > 1048576

Source: RtkAudUService.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x2a3c00
Source: RtkAudUService.exe	Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x358400

Source: RtkAudUService.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: RtkAudUService.exe

Static PE information: section name: .xdata

Source: C:\Users\user\Desktop\RtkAudUService.exe	Code function: 1_2_000000DDFE3FC1D9 push ecx; retf	1_2_000000DDFE3FC239
Source: C:\Users\user\Desktop\RtkAudUService.exe	Code function: 1_2_000000DDFE3FCEA8 push ecx; retf	1_2_000000DDFE3FCEA9
Source: C:\Users\user\Desktop\RtkAudUService.exe	Code function: 3_2_000000C805FFC71B push eax; retf	3_2_000000C805FFC859
Source: C:\Users\user\Desktop\RtkAudUService.exe	Code function: 3_2_000000C805FFC4E9 push ecx; retf	3_2_000000C805FFC549
Source: C:\Users\user\Desktop\RtkAudUService.exe	Code function: 5_2_000000AAFCBFB5A8 push ecx; retf	5_2_000000AAFCBFB5A9
Source: C:\Users\user\Desktop\RtkAudUService.exe	Code function: 5_2_000000AAFCBF6F58 push ecx; retf	5_2_000000AAFCBF6F59
Source: C:\Users\user\Desktop\RtkAudUService.exe	Code function: 5_2_000000AAFCBFB5D8 push ecx; retf	5_2_000000AAFCBFB5D9
Source: C:\Users\user\Desktop\RtkAudUService.exe	Code function: 6_2_000000AE3F9FCEE8 push ecx; retf	6_2_000000AE3F9FCEE9

Source: C:\Users\user\Desktop\RtkAudUService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MyApp			Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MyApp			Jump to behavior

Source: C:\Users\user\Desktop\RtkAudUService.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: RtkAudUService.exe, 00000001.00000002.2140951644.0000022AEB729000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllssG
Source: RtkAudUService.exe	Binary or memory string: zkqemUabp.go
Source: RtkAudUService.exe, 00000002.00000003.1300980790.00000226CBE8B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\9
Source: RtkAudUService.exe, 00000000.00000002.2135344746.00000226BF90E000.00000004.00000020.00020000.00000000.sdmp, RtkAudUService.exe, 00000003.00000002.2141162399.0000021D24779000.00000004.00000020.00020000.00000000.sdmp, RtkAudUService.exe, 00000005.00000002.2137099364.0000023682D0B000.00000004.00000020.00020000.00000000.sdmp, RtkAudUService.exe, 00000006.00000002.2142717224.00000289D8EF9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: RtkAudUService.exe, 00000002.00000002.2136582279.00000226CBE6B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlljj

Source: C:\Users\user\Desktop\RtkAudUService.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\RtkAudUService.exe	Process created: C:\Users\user\Desktop\RtkAudUService.exe "C:\Users\user\Desktop\RtkAudUService.exe" --detached	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process created: C:\Users\user\Desktop\RtkAudUService.exe "C:\Users\user\Desktop\RtkAudUService.exe" --detached	Jump to behavior
Source: C:\Users\user\Desktop\RtkAudUService.exe	Process created: C:\Users\user\Desktop\RtkAudUService.exe "C:\Users\user\Desktop\RtkAudUService.exe" --detached	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	11 Process Injection	11 Process Injection	OS Credential Dumping	1 Security Software Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	1 DLL Side-Loading	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Registry Run Keys / Startup Folder	1 Obfuscated Files or Information	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	1 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
RtkAudUService.exe	12%	Virustotal		Browse
RtkAudUService.exe	13%	ReversingLabs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
213.209.150.137	unknown	Germany		197706	KEMINETAL	false

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1638276
Start date and time:	2025-03-14 10:45:54 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 27s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	RtkAudUService.exe
Detection:	MAL
Classification:	mal52.winEXE@9/0@0/1
EGA Information:	Failed
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 52.149.20.212, 23.60.203.209
Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, c.pki.goog, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target RtkAudUService.exe, PID 5136 because there are no executed function
Execution Graph export aborted for target RtkAudUService.exe, PID 5444 because there are no executed function
Execution Graph export aborted for target RtkAudUService.exe, PID 6224 because there are no executed function
Execution Graph export aborted for target RtkAudUService.exe, PID 6772 because there are no executed function
Execution Graph export aborted for target RtkAudUService.exe, PID 7148 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
10:46:54	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MyApp C:\Users\user\Desktop\RtkAudUService.exe
10:47:02	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run MyApp C:\Users\user\Desktop\RtkAudUService.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
213.209.150.137	cubrodriver.exe	Get hash	malicious	SystemBC	Browse
	Fp80Ocyhqm.exe	Get hash	malicious	Amadey, SystemBC	Browse
	aV2ffcSuKl.exe	Get hash	malicious	Amadey, GCleaner, LummaC Stealer, PureLog Stealer, Stealc, SystemBC, Vidar	Browse
	SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe	Get hash	malicious	SystemBC	Browse
	SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe	Get hash	malicious	SystemBC	Browse
	SecuriteInfo.com.Win32.SpywareX-gen.19167.22607.exe	Get hash	malicious	SystemBC	Browse
	XO4ioEY3nq.exe	Get hash	malicious	Amadey, SystemBC	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
KEMINETAL	Orange county sheriffs office Reference Number(s)_FLD9390700107 (SOP 00900) Note(s).docx	Get hash	malicious	Unknown	Browse	213.209.150.110
	cubrodriver.exe	Get hash	malicious	SystemBC	Browse	213.209.150.137
	Fp80Ocyhqm.exe	Get hash	malicious	Amadey, SystemBC	Browse	213.209.150.137
	Message.eml	Get hash	malicious	Unknown	Browse	213.209.150.110
	aV2ffcSuKl.exe	Get hash	malicious	Amadey, GCleaner, LummaC Stealer, PureLog Stealer, Stealc, SystemBC, Vidar	Browse	213.209.150.137
	SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe	Get hash	malicious	SystemBC	Browse	213.209.150.137
	email.bat	Get hash	malicious	Discord Token Stealer, Strela Stealer	Browse	213.209.150.200
	rDB_YAK_838327E.cmd	Get hash	malicious	DBatLoader, Remcos	Browse	172.94.126.47
	SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe	Get hash	malicious	SystemBC	Browse	213.209.150.137
	SecuriteInfo.com.Win32.SpywareX-gen.19167.22607.exe	Get hash	malicious	SystemBC	Browse	213.209.150.137

File type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Entropy (8bit):	6.348242089302984
TrID:	Win64 Executable (generic) (12005/4) 74.95% Generic Win/DOS Executable (2004/3) 12.51% DOS Executable Generic (2002/1) 12.50% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.04%
File name:	RtkAudUService.exe
File size:	6'693'376 bytes
MD5:	523ffe25dba3e49ba5002638cdad8be5
SHA1:	653287a03a6907232c215ba5e6a1372924861fe2
SHA256:	857616f803d2c7d69a22395fae9ea501fec12659cb0bfa88412d2376aefca3dd
SHA512:	e83469153a6bf63a49818297967faa5666e00a36607a1690ab50434bc5c062b28d8f57dccd5c896a4e0e761c4cb6825a62ba5edee3db89bb50d5cb5d8a5916c1
SSDEEP:	49152:MJ7WJy2l9YqZfPrDRQudasN7HETop0DaEnPjA5EGv52XD9kKxncuz4WpD2gbFjLo:PA2r76O9HETjeE5J8w
TLSH:	D5663A87FC9144E4C0AAD775896282A3BA717C484F2527D32B50FF692F36BD4AE79310
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......................+.<*...f................@..............................k.....\.f...`... ............................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x1400013d0
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x0 [Thu Jan 1 00:00:00 1970 UTC]
TLS Callbacks:	0x402a35f0, 0x1, 0x402a35c0, 0x1
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	1
File Version Major:	6
File Version Minor:	1
Subsystem Version Major:	6
Subsystem Version Minor:	1
Import Hash:	a9992294f8951a2b77e1dd844a4c619c

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
dec eax
mov eax, dword ptr [00642C05h]
mov dword ptr [eax], 00000001h
call 00007FB3C078CECFh
nop
nop
dec eax
add esp, 28h
ret
nop dword ptr [eax]
dec eax
sub esp, 28h
dec eax
mov eax, dword ptr [00642BE5h]
mov dword ptr [eax], 00000000h
call 00007FB3C078CEAFh
nop
nop
dec eax
add esp, 28h
ret
nop dword ptr [eax]
dec eax
sub esp, 28h
call 00007FB3C0A3046Ch
dec eax
cmp eax, 01h
sbb eax, eax
dec eax
add esp, 28h
ret
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
dec eax
lea ecx, dword ptr [00000009h]
jmp 00007FB3C078D109h
nop dword ptr [eax+00h]
ret
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop word ptr [eax+eax+00000000h]
nop word ptr [eax+eax+00h]
push ebp
dec eax
mov ebp, esp
dec eax
sub esp, 10h
movzx edx, al
dec eax
mov esi, dword ptr [002CE996h]
dec eax
mov edi, dword ptr [002CE987h]
dec eax
cmp esi, edx
jnle 00007FB3C078D146h
nop
dec eax
test esi, esi
jbe 00007FB3C078D152h
dec eax
mov eax, dword ptr [edi]
dec eax
mov ebx, dword ptr [edi+08h]
dec eax
add esp, 10h
pop ebp
ret
dec eax
shl edx, 04h
dec eax

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x6a6000	0x4e	.edata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6a7000	0x1154	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x645000	0xfa98	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x6ab000	0xd7bc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x643c00	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x6a7428	0x360	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x2a3a10	0x2a3c00	446ac7e4b0e33ba929c695e1acab7a66	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x2a5000	0x46da0	0x46e00	4bec3f1a53ff4e47d5ac8e9d79b39f1a	False	0.33403260030864196	data	4.558232218879217	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x2ec000	0x3583d0	0x358400	2dd022ed39a51dccccb70156f2eb8a56	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.pdata	0x645000	0xfa98	0xfc00	a698990d4c75a5f84373427facdc14f1	False	0.40514942956349204	data	5.553707165386261	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.xdata	0x655000	0x32c	0x400	ac35e5c59bfd6c4a3e97f642d14c1bc6	False	0.3291015625	data	3.3924537072711756	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.bss	0x656000	0x4fd20	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.edata	0x6a6000	0x4e	0x200	98da75072ba8c676266cf8bf38a41e06	False	0.1328125	data	0.8426867641107897	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.idata	0x6a7000	0x1154	0x1200	862f3eec91135e13bc269aeb77a95037	False	0.3172743055555556	data	4.372969284157547	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.CRT	0x6a9000	0x60	0x200	3e2ccf7584e676aeab8b90fe6201a471	False	0.068359375	data	0.3232550539007212	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0x6aa000	0x10	0x200	bf619eac0cdf3f68d496ea9344137e8b	False	0.02734375	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.reloc	0x6ab000	0xd7bc	0xd800	ae84f61718d23ef0f02a9285a1f329f8	False	0.24998191550925927	data	5.431078443687432	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Imports

DLL	Import
KERNEL32.dll	AddVectoredContinueHandler, AddVectoredExceptionHandler, CloseHandle, CreateEventA, CreateIoCompletionPort, CreateSemaphoreA, CreateThread, CreateWaitableTimerA, CreateWaitableTimerExW, DeleteCriticalSection, DuplicateHandle, EnterCriticalSection, ExitProcess, FreeEnvironmentStringsW, GetConsoleMode, GetCurrentThreadId, GetEnvironmentStringsW, GetErrorMode, GetLastError, GetProcAddress, GetProcessAffinityMask, GetQueuedCompletionStatusEx, GetStdHandle, GetSystemDirectoryA, GetSystemInfo, GetThreadContext, InitializeCriticalSection, LeaveCriticalSection, LoadLibraryExW, LoadLibraryW, PostQueuedCompletionStatus, RaiseFailFastException, ReleaseSemaphore, ResumeThread, RtlLookupFunctionEntry, RtlVirtualUnwind, SetConsoleCtrlHandler, SetErrorMode, SetEvent, SetProcessPriorityBoost, SetThreadContext, SetThreadPriority, SetUnhandledExceptionFilter, SetWaitableTimer, Sleep, SuspendThread, SwitchToThread, TlsAlloc, TlsGetValue, VirtualAlloc, VirtualFree, VirtualProtect, VirtualQuery, WaitForMultipleObjects, WaitForSingleObject, WerGetFlags, WerSetFlags, WriteConsoleW, WriteFile, __C_specific_handler
api-ms-win-crt-environment-l1-1-0.dll	__p__environ, __p__wenviron
api-ms-win-crt-heap-l1-1-0.dll	_set_new_mode, calloc, free, malloc
api-ms-win-crt-math-l1-1-0.dll	__setusermatherr
api-ms-win-crt-private-l1-1-0.dll	memcpy
api-ms-win-crt-runtime-l1-1-0.dll	__p___argc, __p___argv, __p___wargv, _beginthread, _cexit, _configure_narrow_argv, _configure_wide_argv, _crt_at_quick_exit, _crt_atexit, _errno, _exit, _initialize_narrow_environment, _initialize_wide_environment, _initterm, _set_app_type, _set_invalid_parameter_handler, abort, exit, signal
api-ms-win-crt-stdio-l1-1-0.dll	__acrt_iob_func, __p__commode, __p__fmode, __stdio_common_vfprintf, __stdio_common_vfwprintf, fwrite
api-ms-win-crt-string-l1-1-0.dll	strlen, strncmp
api-ms-win-crt-time-l1-1-0.dll	__daylight, __timezone, __tzname, _tzset

Exports

Name	Ordinal	Address
_cgo_dummy_export	1	0x1406a5b50

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 14, 2025 10:46:52.345448971 CET	49681	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:46:52.350213051 CET	8081	49681	213.209.150.137	192.168.2.7
Mar 14, 2025 10:46:52.350292921 CET	49681	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:46:52.351214886 CET	49681	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:46:52.355834007 CET	8081	49681	213.209.150.137	192.168.2.7
Mar 14, 2025 10:46:54.175267935 CET	8081	49681	213.209.150.137	192.168.2.7
Mar 14, 2025 10:46:54.175417900 CET	49681	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:46:54.176099062 CET	49682	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:46:54.180809975 CET	8081	49682	213.209.150.137	192.168.2.7
Mar 14, 2025 10:46:54.180947065 CET	49682	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:46:54.181134939 CET	49682	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:46:54.185790062 CET	8081	49682	213.209.150.137	192.168.2.7
Mar 14, 2025 10:46:55.988322020 CET	8081	49682	213.209.150.137	192.168.2.7
Mar 14, 2025 10:46:55.988415003 CET	49682	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:46:55.989000082 CET	49683	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:46:55.993752956 CET	8081	49683	213.209.150.137	192.168.2.7
Mar 14, 2025 10:46:55.993915081 CET	49683	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:46:55.994102955 CET	49683	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:46:55.998706102 CET	8081	49683	213.209.150.137	192.168.2.7
Mar 14, 2025 10:46:57.351694107 CET	49681	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:46:57.358850002 CET	8081	49681	213.209.150.137	192.168.2.7
Mar 14, 2025 10:46:57.840753078 CET	8081	49683	213.209.150.137	192.168.2.7
Mar 14, 2025 10:46:57.840848923 CET	49683	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:46:57.841403961 CET	49684	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:46:57.846353054 CET	8081	49684	213.209.150.137	192.168.2.7
Mar 14, 2025 10:46:57.846468925 CET	49684	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:46:57.846719027 CET	49684	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:46:57.851448059 CET	8081	49684	213.209.150.137	192.168.2.7
Mar 14, 2025 10:46:59.175497055 CET	49682	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:46:59.180506945 CET	8081	49682	213.209.150.137	192.168.2.7
Mar 14, 2025 10:46:59.768954992 CET	8081	49684	213.209.150.137	192.168.2.7
Mar 14, 2025 10:46:59.769099951 CET	49684	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:46:59.769622087 CET	49685	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:46:59.775579929 CET	8081	49685	213.209.150.137	192.168.2.7
Mar 14, 2025 10:46:59.775715113 CET	49685	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:46:59.775971889 CET	49685	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:46:59.782248020 CET	8081	49685	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:00.993177891 CET	49683	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:00.997961998 CET	8081	49683	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:01.978034973 CET	8081	49685	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:01.978130102 CET	49685	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:01.978674889 CET	49686	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:01.983556032 CET	8081	49686	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:01.983640909 CET	49686	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:01.983855009 CET	49686	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:01.988584995 CET	8081	49686	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:02.847733974 CET	49684	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:02.853521109 CET	8081	49684	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:03.915695906 CET	8081	49686	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:03.915842056 CET	49686	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:03.918751001 CET	49687	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:03.923713923 CET	8081	49687	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:03.923826933 CET	49687	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:03.923962116 CET	49687	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:03.928628922 CET	8081	49687	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:04.772900105 CET	49685	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:04.778175116 CET	8081	49685	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:04.817787886 CET	49688	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:04.822704077 CET	8081	49688	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:04.822801113 CET	49688	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:04.823398113 CET	49688	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:04.828505039 CET	8081	49688	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:05.821067095 CET	8081	49687	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:05.821181059 CET	49687	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:05.821681023 CET	49689	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:05.826373100 CET	8081	49689	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:05.826736927 CET	49689	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:05.826736927 CET	49689	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:05.832073927 CET	8081	49689	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:06.746541023 CET	8081	49688	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:06.746668100 CET	49688	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:06.815623999 CET	49690	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:06.820481062 CET	8081	49690	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:06.820583105 CET	49690	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:06.917532921 CET	49690	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:06.922369957 CET	8081	49690	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:07.123370886 CET	49686	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:07.128117085 CET	8081	49686	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:07.796479940 CET	8081	49689	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:07.796566010 CET	49689	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:07.797125101 CET	49692	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:07.801888943 CET	8081	49692	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:07.802035093 CET	49692	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:07.802267075 CET	49692	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:07.806940079 CET	8081	49692	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:08.774569988 CET	8081	49690	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:08.774745941 CET	49690	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:08.775276899 CET	49694	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:08.780242920 CET	8081	49694	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:08.780456066 CET	49694	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:08.780641079 CET	49694	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:08.785269976 CET	8081	49694	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:08.926394939 CET	49687	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:08.931304932 CET	8081	49687	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:09.638730049 CET	8081	49692	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:09.638812065 CET	49692	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:09.642138958 CET	49697	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:09.647806883 CET	8081	49697	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:09.647878885 CET	49697	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:09.657004118 CET	49697	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:09.661717892 CET	8081	49697	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:09.842575073 CET	49688	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:09.847203970 CET	8081	49688	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:10.623873949 CET	8081	49694	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:10.623944044 CET	49694	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:10.624598026 CET	49699	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:10.629462004 CET	8081	49699	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:10.629733086 CET	49699	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:10.630114079 CET	49699	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:10.634754896 CET	8081	49699	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:10.840287924 CET	49689	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:10.844985008 CET	8081	49689	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:11.558887005 CET	8081	49697	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:11.559382915 CET	49697	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:11.561244965 CET	49700	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:11.568409920 CET	8081	49700	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:11.568536997 CET	49700	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:11.568803072 CET	49700	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:11.574412107 CET	8081	49700	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:11.894272089 CET	49690	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:11.898966074 CET	8081	49690	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:12.531486034 CET	8081	49699	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:12.532443047 CET	49699	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:12.536330938 CET	49701	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:12.541116953 CET	8081	49701	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:12.544595003 CET	49701	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:12.551770926 CET	49701	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:12.556513071 CET	8081	49701	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:12.813853025 CET	49692	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:12.818701982 CET	8081	49692	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:12.856942892 CET	49702	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:12.861692905 CET	8081	49702	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:12.861807108 CET	49702	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:12.862544060 CET	49702	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:12.867243052 CET	8081	49702	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:13.369760990 CET	8081	49700	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:13.369832993 CET	49700	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:13.370623112 CET	49703	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:13.375389099 CET	8081	49703	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:13.375463009 CET	49703	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:13.375802040 CET	49703	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:13.380373955 CET	8081	49703	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:13.795783997 CET	49694	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:13.800520897 CET	8081	49694	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:14.346364975 CET	8081	49701	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:14.346492052 CET	49701	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:14.347034931 CET	49704	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:14.351712942 CET	8081	49704	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:14.351824999 CET	49704	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:14.352089882 CET	49704	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:14.356709957 CET	8081	49704	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:14.639902115 CET	49697	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:14.644587994 CET	8081	49697	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:14.672585964 CET	8081	49702	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:14.672671080 CET	49702	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:14.673500061 CET	49705	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:14.678174973 CET	8081	49705	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:14.678386927 CET	49705	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:14.678764105 CET	49705	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:14.683404922 CET	8081	49705	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:15.173340082 CET	8081	49703	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:15.174474001 CET	49703	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:15.174810886 CET	49706	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:15.180526972 CET	8081	49706	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:15.183501959 CET	49706	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:15.183644056 CET	49706	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:15.188333988 CET	8081	49706	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:15.647937059 CET	49699	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:15.653383017 CET	8081	49699	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:16.133316040 CET	8081	49704	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:16.133424044 CET	49704	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:16.134002924 CET	49707	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:16.138669968 CET	8081	49707	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:16.138799906 CET	49707	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:16.139056921 CET	49707	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:16.143680096 CET	8081	49707	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:16.480196953 CET	8081	49705	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:16.480384111 CET	49705	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:16.481021881 CET	49708	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:16.485779047 CET	8081	49708	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:16.485908985 CET	49708	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:16.486074924 CET	49708	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:16.490704060 CET	8081	49708	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:16.571727991 CET	49700	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:16.576411009 CET	8081	49700	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:17.035877943 CET	8081	49706	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:17.036010027 CET	49706	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:17.036470890 CET	49709	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:17.042009115 CET	8081	49709	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:17.042169094 CET	49709	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:17.042377949 CET	49709	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:17.047019958 CET	8081	49709	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:17.543826103 CET	49701	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:17.548496962 CET	8081	49701	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:17.860331059 CET	49702	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:17.865669012 CET	8081	49702	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:17.979235888 CET	8081	49707	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:17.979304075 CET	49707	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:17.979711056 CET	49710	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:17.984416008 CET	8081	49710	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:17.984528065 CET	49710	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:17.984770060 CET	49710	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:17.989439964 CET	8081	49710	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:18.302102089 CET	8081	49708	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:18.302417994 CET	49708	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:18.302721024 CET	49711	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:18.307537079 CET	8081	49711	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:18.307693005 CET	49711	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:18.307811022 CET	49711	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:18.312614918 CET	8081	49711	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:18.380873919 CET	49703	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:18.385991096 CET	8081	49703	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:18.840019941 CET	8081	49709	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:18.840136051 CET	49709	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:18.840528011 CET	49712	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:18.845123053 CET	8081	49712	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:18.845211983 CET	49712	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:18.845387936 CET	49712	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:18.850406885 CET	8081	49712	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:19.366890907 CET	49704	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:19.371535063 CET	8081	49704	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:19.683687925 CET	49705	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:19.688411951 CET	8081	49705	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:19.776340961 CET	8081	49710	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:19.776473999 CET	49710	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:19.776948929 CET	49713	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:19.781687975 CET	8081	49713	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:19.781800985 CET	49713	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:19.781982899 CET	49713	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:19.786633015 CET	8081	49713	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:20.127188921 CET	8081	49711	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:20.127336025 CET	49711	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:20.127753973 CET	49714	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:20.133902073 CET	8081	49714	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:20.133982897 CET	49714	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:20.134254932 CET	49714	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:20.140561104 CET	8081	49714	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:20.188029051 CET	49706	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:20.194272041 CET	8081	49706	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:20.666022062 CET	8081	49712	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:20.666129112 CET	49712	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:20.666601896 CET	49715	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:20.671283960 CET	8081	49715	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:20.671367884 CET	49715	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:20.671546936 CET	49715	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:20.676445961 CET	8081	49715	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:21.144356012 CET	49707	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:21.149183989 CET	8081	49707	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:21.483539104 CET	49708	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:21.488548040 CET	8081	49708	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:21.615565062 CET	8081	49713	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:21.615708113 CET	49713	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:21.616245031 CET	49716	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:21.620951891 CET	8081	49716	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:21.621073008 CET	49716	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:21.621620893 CET	49716	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:21.626286983 CET	8081	49716	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:21.939619064 CET	8081	49714	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:21.939747095 CET	49714	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:21.940294981 CET	49717	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:21.945127010 CET	8081	49717	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:21.945242882 CET	49717	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:21.945660114 CET	49717	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:21.950346947 CET	8081	49717	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:22.041439056 CET	49709	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:22.046303988 CET	8081	49709	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:22.452095032 CET	8081	49715	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:22.452321053 CET	49715	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:22.573127031 CET	49718	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:22.577972889 CET	8081	49718	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:22.578120947 CET	49718	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:22.650352955 CET	49718	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:22.655013084 CET	8081	49718	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:22.988461018 CET	49710	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:22.995022058 CET	8081	49710	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:23.312608004 CET	49711	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:23.317445993 CET	8081	49711	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:23.486017942 CET	8081	49716	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:23.486092091 CET	49716	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:23.487814903 CET	49719	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:23.493536949 CET	8081	49719	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:23.493668079 CET	49719	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:23.493818045 CET	49719	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:23.498565912 CET	8081	49719	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:23.839107990 CET	49712	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:23.843842030 CET	8081	49712	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:23.914736032 CET	8081	49717	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:23.914788008 CET	49717	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:23.915276051 CET	49720	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:23.919902086 CET	8081	49720	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:23.919965982 CET	49720	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:23.920128107 CET	49720	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:23.924783945 CET	8081	49720	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:24.616333961 CET	8081	49718	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:24.616401911 CET	49718	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:24.617115021 CET	49723	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:24.622347116 CET	8081	49723	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:24.622416973 CET	49723	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:24.622564077 CET	49723	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:24.627226114 CET	8081	49723	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:24.777951002 CET	49713	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:24.784421921 CET	8081	49713	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:25.149636984 CET	49714	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:25.154479027 CET	8081	49714	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:25.511358976 CET	8081	49719	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:25.511423111 CET	49719	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:25.511909008 CET	49724	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:25.516952038 CET	8081	49724	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:25.517015934 CET	49724	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:25.517286062 CET	49724	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:25.521951914 CET	8081	49724	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:25.668350935 CET	49715	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:25.673055887 CET	8081	49715	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:25.870594978 CET	8081	49720	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:25.870681047 CET	49720	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:25.871076107 CET	49725	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:25.875783920 CET	8081	49725	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:25.875890970 CET	49725	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:25.876091003 CET	49725	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:25.880784035 CET	8081	49725	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:26.500765085 CET	8081	49723	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:26.500895023 CET	49723	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:26.501327038 CET	49727	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:26.505984068 CET	8081	49727	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:26.506079912 CET	49727	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:26.506241083 CET	49727	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:26.510871887 CET	8081	49727	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:26.634799957 CET	49716	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:26.640466928 CET	8081	49716	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:26.957832098 CET	49717	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:26.963078976 CET	8081	49717	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:27.439682007 CET	8081	49724	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:27.439798117 CET	49724	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:27.440344095 CET	49728	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:27.448271990 CET	8081	49728	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:27.448364019 CET	49728	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:27.448685884 CET	49728	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:27.456170082 CET	8081	49728	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:27.653992891 CET	49718	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:27.659746885 CET	8081	49718	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:27.695272923 CET	8081	49725	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:27.695363998 CET	49725	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:27.695830107 CET	49729	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:27.700633049 CET	8081	49729	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:27.700706005 CET	49729	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:27.701076031 CET	49729	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:27.705765963 CET	8081	49729	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:28.378946066 CET	8081	49727	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:28.379110098 CET	49727	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:28.381675005 CET	49730	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:28.387984037 CET	8081	49730	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:28.388057947 CET	49730	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:28.388485909 CET	49730	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:28.394798040 CET	8081	49730	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:28.512063980 CET	49719	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:28.517786980 CET	8081	49719	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:28.922681093 CET	49720	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:28.930509090 CET	8081	49720	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:29.335104942 CET	8081	49728	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:29.335171938 CET	49728	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:29.335545063 CET	49732	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:29.340186119 CET	8081	49732	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:29.340267897 CET	49732	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:29.340814114 CET	49732	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:29.345541000 CET	8081	49732	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:29.520205021 CET	8081	49729	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:29.520272017 CET	49729	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:29.521100998 CET	49733	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:29.525837898 CET	8081	49733	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:29.525913954 CET	49733	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:29.526139975 CET	49733	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:29.530797005 CET	8081	49733	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:29.622832060 CET	49723	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:29.627619982 CET	8081	49723	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:30.185828924 CET	8081	49730	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:30.188472033 CET	49730	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:30.202100992 CET	49735	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:30.206813097 CET	8081	49735	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:30.206965923 CET	49735	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:30.211339951 CET	49735	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:30.216053963 CET	8081	49735	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:30.526763916 CET	49724	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:30.531495094 CET	8081	49724	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:30.881242990 CET	49725	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:30.885929108 CET	8081	49725	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:31.155273914 CET	8081	49732	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:31.155405045 CET	49732	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:31.156027079 CET	49736	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:31.160677910 CET	8081	49736	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:31.160754919 CET	49736	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:31.160980940 CET	49736	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:31.165695906 CET	8081	49736	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:31.367345095 CET	8081	49733	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:31.367463112 CET	49733	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:31.368022919 CET	49737	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:31.374031067 CET	8081	49737	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:31.374106884 CET	49737	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:31.374593019 CET	49737	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:31.379240990 CET	8081	49737	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:31.516149998 CET	49727	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:31.520868063 CET	8081	49727	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:32.040237904 CET	8081	49735	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:32.040489912 CET	49735	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:32.040858984 CET	49738	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:32.045562029 CET	8081	49738	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:32.045706987 CET	49738	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:32.046138048 CET	49738	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:32.050834894 CET	8081	49738	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:32.460844994 CET	49728	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:32.465717077 CET	8081	49728	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:32.702979088 CET	49729	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:32.707876921 CET	8081	49729	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:32.994102955 CET	8081	49736	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:32.994178057 CET	49736	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:32.994708061 CET	49739	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:32.999397993 CET	8081	49739	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:32.999466896 CET	49739	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:32.999715090 CET	49739	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:33.004332066 CET	8081	49739	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:33.260962963 CET	8081	49737	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:33.261019945 CET	49737	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:33.261388063 CET	49740	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:33.266047955 CET	8081	49740	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:33.266127110 CET	49740	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:33.266302109 CET	49740	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:33.270996094 CET	8081	49740	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:33.385741949 CET	49730	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:33.390536070 CET	8081	49730	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:34.094816923 CET	8081	49738	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:34.094903946 CET	49738	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:34.095381975 CET	49741	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:34.100130081 CET	8081	49741	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:34.100229979 CET	49741	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:34.100414991 CET	49741	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:34.105124950 CET	8081	49741	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:34.355422974 CET	49732	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:34.360079050 CET	8081	49732	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:34.534090042 CET	49733	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:34.538775921 CET	8081	49733	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:34.901962042 CET	8081	49739	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:34.902053118 CET	49739	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:34.902512074 CET	49742	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:34.907290936 CET	8081	49742	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:34.907393932 CET	49742	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:34.907696962 CET	49742	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:34.912347078 CET	8081	49742	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:35.142851114 CET	8081	49740	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:35.142963886 CET	49740	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:35.143409014 CET	49743	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:35.148092031 CET	8081	49743	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:35.148205042 CET	49743	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:35.148417950 CET	49743	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:35.153079033 CET	8081	49743	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:35.209774971 CET	49735	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:35.214577913 CET	8081	49735	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:35.917607069 CET	8081	49741	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:35.917742968 CET	49741	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:35.919186115 CET	49744	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:35.923890114 CET	8081	49744	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:35.923969030 CET	49744	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:35.925574064 CET	49744	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:35.930229902 CET	8081	49744	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:36.169528961 CET	49736	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:36.174364090 CET	8081	49736	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:36.389240026 CET	49737	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:36.393987894 CET	8081	49737	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:36.843947887 CET	8081	49742	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:36.844135046 CET	49742	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:36.844713926 CET	49745	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:36.849438906 CET	8081	49745	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:36.849594116 CET	49745	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:36.849900961 CET	49745	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:36.854667902 CET	8081	49745	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:37.046561956 CET	49738	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:37.051244974 CET	8081	49738	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:37.110294104 CET	8081	49743	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:37.110438108 CET	49743	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:37.110984087 CET	49746	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:37.115748882 CET	8081	49746	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:37.115942955 CET	49746	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:37.116348982 CET	49746	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:37.120979071 CET	8081	49746	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:37.806457043 CET	8081	49744	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:37.806610107 CET	49744	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:37.807023048 CET	49747	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:37.811739922 CET	8081	49747	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:37.811839104 CET	49747	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:37.812011957 CET	49747	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:37.816663980 CET	8081	49747	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:38.009269953 CET	49739	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:38.014131069 CET	8081	49739	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:38.270621061 CET	49740	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:38.275389910 CET	8081	49740	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:38.769999981 CET	8081	49745	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:38.770195961 CET	49745	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:38.770688057 CET	49748	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:38.775429010 CET	8081	49748	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:38.775551081 CET	49748	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:38.775784016 CET	49748	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:38.780441999 CET	8081	49748	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:38.973663092 CET	8081	49746	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:38.973810911 CET	49746	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:38.974350929 CET	49749	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:38.979043007 CET	8081	49749	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:38.979136944 CET	49749	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:38.979477882 CET	49749	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:38.984162092 CET	8081	49749	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:39.093087912 CET	49741	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:39.098115921 CET	8081	49741	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:39.641969919 CET	8081	49747	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:39.642074108 CET	49747	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:39.642535925 CET	49750	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:39.647236109 CET	8081	49750	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:39.647314072 CET	49750	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:39.647494078 CET	49750	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:39.652124882 CET	8081	49750	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:39.908639908 CET	49742	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:39.913336039 CET	8081	49742	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:40.154638052 CET	49743	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:40.159341097 CET	8081	49743	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:40.615537882 CET	8081	49748	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:40.615619898 CET	49748	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:40.616081953 CET	49751	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:40.620775938 CET	8081	49751	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:40.620846033 CET	49751	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:40.621021986 CET	49751	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:40.625658989 CET	8081	49751	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:40.860407114 CET	8081	49749	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:40.860524893 CET	49749	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:40.860995054 CET	49752	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:40.865699053 CET	8081	49752	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:40.865787029 CET	49752	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:40.865978003 CET	49752	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:40.870660067 CET	8081	49752	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:40.927061081 CET	49744	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:40.931828976 CET	8081	49744	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:41.492538929 CET	8081	49750	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:41.492635012 CET	49750	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:41.495197058 CET	49753	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:41.499974966 CET	8081	49753	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:41.500056982 CET	49753	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:41.502831936 CET	49753	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:41.507540941 CET	8081	49753	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:41.840773106 CET	49745	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:41.846172094 CET	8081	49745	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:42.126254082 CET	49746	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:42.131036043 CET	8081	49746	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:42.431854963 CET	8081	49751	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:42.431983948 CET	49751	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:42.432459116 CET	49754	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:42.437171936 CET	8081	49754	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:42.437242985 CET	49754	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:42.437519073 CET	49754	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:42.442164898 CET	8081	49754	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:42.819022894 CET	49747	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:42.920165062 CET	8081	49752	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:42.920264006 CET	49752	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:42.920572996 CET	8081	49752	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:42.920702934 CET	49755	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:42.920722961 CET	49752	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:42.921566963 CET	8081	49747	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:42.925508022 CET	8081	49755	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:42.925575018 CET	49755	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:42.925889015 CET	49755	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:42.930490017 CET	8081	49755	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:43.365866899 CET	8081	49753	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:43.365982056 CET	49753	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:43.366420984 CET	49756	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:43.371279955 CET	8081	49756	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:43.371359110 CET	49756	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:43.371686935 CET	49756	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:43.376319885 CET	8081	49756	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:43.769679070 CET	49748	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:43.989295006 CET	49749	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:44.080861092 CET	49748	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:44.304275036 CET	49749	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:44.557529926 CET	8081	49754	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:44.557670116 CET	49754	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:44.557713985 CET	8081	49754	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:44.557754993 CET	49754	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:44.558151960 CET	8081	49748	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:44.558162928 CET	49757	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:44.560359001 CET	8081	49749	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:44.560369968 CET	8081	49748	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:44.560379028 CET	8081	49749	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:44.562859058 CET	8081	49757	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:44.562958002 CET	49757	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:44.563157082 CET	49757	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:44.568222046 CET	8081	49757	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:44.652519941 CET	49750	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:44.657582998 CET	8081	49750	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:44.748601913 CET	8081	49755	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:44.748657942 CET	49755	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:44.749135017 CET	49758	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:44.753835917 CET	8081	49758	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:44.753901958 CET	49758	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:44.754112005 CET	49758	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:44.759160995 CET	8081	49758	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:45.317262888 CET	8081	49756	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:45.317437887 CET	49756	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:45.317948103 CET	49759	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:45.322768927 CET	8081	49759	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:45.322849989 CET	49759	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:45.323033094 CET	49759	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:45.328218937 CET	8081	49759	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:45.623753071 CET	49751	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:45.629002094 CET	8081	49751	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:45.868352890 CET	49752	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:45.873148918 CET	8081	49752	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:46.493335962 CET	8081	49757	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:46.493451118 CET	49757	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:46.493899107 CET	49760	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:46.498503923 CET	49753	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:46.498711109 CET	8081	49760	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:46.498794079 CET	49760	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:46.498948097 CET	49760	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:46.503251076 CET	8081	49753	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:46.503704071 CET	8081	49760	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:46.561614037 CET	8081	49758	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:46.561700106 CET	49758	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:46.562068939 CET	49761	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:46.566693068 CET	8081	49761	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:46.566797018 CET	49761	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:46.566972017 CET	49761	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:46.571681976 CET	8081	49761	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:47.184421062 CET	8081	49759	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:47.184479952 CET	49759	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:47.185013056 CET	49763	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:47.190485954 CET	8081	49763	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:47.190946102 CET	49763	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:47.190946102 CET	49763	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:47.195653915 CET	8081	49763	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:47.448721886 CET	49754	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:47.454188108 CET	8081	49754	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:47.940551996 CET	49755	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:47.945343971 CET	8081	49755	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:48.311573982 CET	8081	49760	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:48.311650991 CET	49760	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:48.312735081 CET	49764	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:48.317398071 CET	8081	49764	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:48.317471027 CET	49764	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:48.319303036 CET	49764	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:48.323930979 CET	8081	49764	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:48.383745909 CET	49756	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:48.388515949 CET	8081	49756	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:48.471694946 CET	8081	49761	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:48.471756935 CET	49761	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:48.472928047 CET	49765	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:48.477555990 CET	8081	49765	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:48.477632046 CET	49765	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:48.477793932 CET	49765	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:48.482639074 CET	8081	49765	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:49.035819054 CET	8081	49763	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:49.036186934 CET	49763	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:49.036659956 CET	49766	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:49.041356087 CET	8081	49766	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:49.041577101 CET	49766	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:49.042000055 CET	49766	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:49.046675920 CET	8081	49766	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:49.563831091 CET	49757	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:49.568821907 CET	8081	49757	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:49.763442039 CET	49758	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:49.768264055 CET	8081	49758	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:50.097179890 CET	8081	49764	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:50.097387075 CET	49764	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:50.097843885 CET	49767	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:50.102617979 CET	8081	49767	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:50.102746964 CET	49767	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:50.103037119 CET	49767	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:50.107848883 CET	8081	49767	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:50.259363890 CET	8081	49765	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:50.259521961 CET	49765	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:50.259996891 CET	49768	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:50.264678001 CET	8081	49768	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:50.264770031 CET	49768	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:50.264981985 CET	49768	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:50.269701004 CET	8081	49768	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:50.332242966 CET	49759	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:50.336988926 CET	8081	49759	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:50.844643116 CET	8081	49766	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:50.844726086 CET	49766	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:50.845542908 CET	49769	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:50.851550102 CET	8081	49769	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:50.851663113 CET	49769	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:50.908334017 CET	49769	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:50.913240910 CET	8081	49769	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:51.513133049 CET	49760	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:51.517935038 CET	8081	49760	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:51.567341089 CET	49761	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:51.573306084 CET	8081	49761	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:51.928157091 CET	8081	49767	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:51.928246021 CET	49767	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:51.928616047 CET	49770	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:51.935049057 CET	8081	49770	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:51.935152054 CET	49770	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:51.935415983 CET	49770	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:51.940069914 CET	8081	49770	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:52.082571030 CET	8081	49768	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:52.082709074 CET	49768	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:52.083175898 CET	49771	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:52.088010073 CET	8081	49771	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:52.088098049 CET	49771	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:52.088258982 CET	49771	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:52.092899084 CET	8081	49771	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:52.202873945 CET	49763	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:52.207592964 CET	8081	49763	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:52.661153078 CET	8081	49769	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:52.661336899 CET	49769	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:52.661864042 CET	49772	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:52.666640997 CET	8081	49772	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:52.666779041 CET	49772	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:52.667144060 CET	49772	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:52.671864033 CET	8081	49772	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:53.332324028 CET	49764	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:53.338660002 CET	8081	49764	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:53.593446016 CET	49765	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:53.598211050 CET	8081	49765	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:53.739320993 CET	8081	49770	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:53.739461899 CET	49770	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:53.747157097 CET	49773	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:53.751919031 CET	8081	49773	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:53.751986980 CET	49773	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:53.753097057 CET	49773	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:53.757747889 CET	8081	49773	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:53.856513977 CET	8081	49771	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:53.856664896 CET	49771	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:53.859663010 CET	49774	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:53.864406109 CET	8081	49774	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:53.864496946 CET	49774	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:53.868415117 CET	49774	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:53.873266935 CET	8081	49774	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:54.043806076 CET	49766	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:54.048657894 CET	8081	49766	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:54.492847919 CET	8081	49772	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:54.492963076 CET	49772	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:54.493438005 CET	49775	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:54.498640060 CET	8081	49775	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:54.498749971 CET	49775	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:54.498990059 CET	49775	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:54.503664017 CET	8081	49775	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:55.112958908 CET	49767	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:55.117954016 CET	8081	49767	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:55.263830900 CET	49768	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:55.268785954 CET	8081	49768	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:55.548119068 CET	8081	49773	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:55.548258066 CET	49773	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:55.548806906 CET	49776	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:55.553524017 CET	8081	49776	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:55.553682089 CET	49776	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:55.554173946 CET	49776	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:55.558917046 CET	8081	49776	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:55.700753927 CET	8081	49774	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:55.700886011 CET	49774	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:55.701342106 CET	49777	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:55.706121922 CET	8081	49777	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:55.706212044 CET	49777	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:55.706471920 CET	49777	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:55.711307049 CET	8081	49777	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:55.907860041 CET	49769	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:55.912781954 CET	8081	49769	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:56.300663948 CET	8081	49775	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:56.300803900 CET	49775	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:56.301214933 CET	49778	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:56.305871964 CET	8081	49778	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:56.305958033 CET	49778	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:56.306166887 CET	49778	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:56.310870886 CET	8081	49778	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:56.930999994 CET	49770	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:56.935758114 CET	8081	49770	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:57.095698118 CET	49771	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:57.100517035 CET	8081	49771	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:57.332591057 CET	8081	49776	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:57.332667112 CET	49776	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:57.333076954 CET	49779	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:57.337763071 CET	8081	49779	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:57.337837934 CET	49779	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:57.338026047 CET	49779	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:57.342739105 CET	8081	49779	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:57.571400881 CET	8081	49777	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:57.571552992 CET	49777	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:57.572005033 CET	49780	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:57.576731920 CET	8081	49780	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:57.576812029 CET	49780	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:57.577063084 CET	49780	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:57.581726074 CET	8081	49780	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:57.655498028 CET	49772	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:57.660279989 CET	8081	49772	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:58.125955105 CET	8081	49778	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:58.126077890 CET	49778	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:58.126492023 CET	49781	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:58.131691933 CET	8081	49781	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:58.131799936 CET	49781	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:58.132042885 CET	49781	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:58.136691093 CET	8081	49781	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:58.755218983 CET	49773	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:58.763118029 CET	8081	49773	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:58.868612051 CET	49774	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:58.876497030 CET	8081	49774	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:59.128551960 CET	8081	49779	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:59.128691912 CET	49779	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:59.129098892 CET	49782	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:59.133915901 CET	8081	49782	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:59.134012938 CET	49782	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:59.134152889 CET	49782	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:59.139753103 CET	8081	49782	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:59.394577026 CET	8081	49780	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:59.394721985 CET	49780	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:59.396991014 CET	49783	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:59.402523994 CET	8081	49783	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:59.402627945 CET	49783	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:59.405561924 CET	49783	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:59.410527945 CET	8081	49783	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:59.523968935 CET	49775	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:59.528758049 CET	8081	49775	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:59.919557095 CET	8081	49781	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:59.919621944 CET	49781	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:59.920295000 CET	49784	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:59.925060987 CET	8081	49784	213.209.150.137	192.168.2.7
Mar 14, 2025 10:47:59.925141096 CET	49784	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:59.925549030 CET	49784	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:47:59.930202961 CET	8081	49784	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:00.560731888 CET	49776	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:00.565414906 CET	8081	49776	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:00.721260071 CET	49777	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:00.726131916 CET	8081	49777	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:00.950413942 CET	8081	49782	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:00.950537920 CET	49782	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:00.951006889 CET	49785	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:00.955734968 CET	8081	49785	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:00.955823898 CET	49785	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:00.956048965 CET	49785	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:00.960685015 CET	8081	49785	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:01.228796959 CET	8081	49783	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:01.228928089 CET	49783	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:01.233282089 CET	49786	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:01.237903118 CET	8081	49786	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:01.237989902 CET	49786	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:01.238257885 CET	49786	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:01.242865086 CET	8081	49786	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:01.312673092 CET	49778	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:01.319837093 CET	8081	49778	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:01.745129108 CET	8081	49784	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:01.745596886 CET	49784	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:01.745898008 CET	49787	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:01.750642061 CET	8081	49787	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:01.750721931 CET	49787	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:01.751149893 CET	49787	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:01.755770922 CET	8081	49787	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:02.335607052 CET	49779	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:02.340395927 CET	8081	49779	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:02.583461046 CET	49780	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:02.588284016 CET	8081	49780	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:02.789998055 CET	8081	49785	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:02.790066004 CET	49785	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:02.790813923 CET	49788	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:02.795496941 CET	8081	49788	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:02.795578003 CET	49788	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:02.795798063 CET	49788	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:02.800431967 CET	8081	49788	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:03.045990944 CET	8081	49786	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:03.046119928 CET	49786	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:03.046612024 CET	49789	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:03.051285028 CET	8081	49789	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:03.051354885 CET	49789	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:03.051621914 CET	49789	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:03.056265116 CET	8081	49789	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:03.136923075 CET	49781	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:03.141679049 CET	8081	49781	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:03.565365076 CET	8081	49787	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:03.565495014 CET	49787	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:03.565936089 CET	49790	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:03.570667028 CET	8081	49790	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:03.570761919 CET	49790	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:03.570952892 CET	49790	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:03.575685978 CET	8081	49790	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:04.128669977 CET	49782	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:04.133477926 CET	8081	49782	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:04.404000998 CET	49783	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:04.408746004 CET	8081	49783	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:04.625741959 CET	8081	49788	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:04.628521919 CET	49788	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:04.629009962 CET	49791	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:04.633719921 CET	8081	49791	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:04.636568069 CET	49791	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:04.637217999 CET	49791	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:04.641891003 CET	8081	49791	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:04.845439911 CET	8081	49789	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:04.845557928 CET	49789	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:04.845972061 CET	49792	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:04.851545095 CET	8081	49792	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:04.851676941 CET	49792	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:04.851895094 CET	49792	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:04.856483936 CET	8081	49792	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:04.920268059 CET	49784	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:04.924952030 CET	8081	49784	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:05.365135908 CET	8081	49790	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:05.365294933 CET	49790	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:05.365731955 CET	49793	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:05.370470047 CET	8081	49793	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:05.370579004 CET	49793	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:05.370845079 CET	49793	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:05.375499010 CET	8081	49793	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:05.966098070 CET	49785	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:05.970813036 CET	8081	49785	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:06.248284101 CET	49786	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:06.253062963 CET	8081	49786	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:06.436616898 CET	8081	49791	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:06.436691046 CET	49791	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:06.437216043 CET	49794	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:06.441942930 CET	8081	49794	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:06.442034960 CET	49794	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:06.443059921 CET	49794	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:06.447757006 CET	8081	49794	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:06.637434959 CET	8081	49792	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:06.637595892 CET	49792	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:06.643479109 CET	49795	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:06.648210049 CET	8081	49795	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:06.648380041 CET	49795	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:06.648967028 CET	49795	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:06.653698921 CET	8081	49795	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:06.751575947 CET	49787	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:06.756351948 CET	8081	49787	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:07.191032887 CET	8081	49793	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:07.191143990 CET	49793	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:07.191694975 CET	49796	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:07.196759939 CET	8081	49796	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:07.196837902 CET	49796	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:07.197058916 CET	49796	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:07.203701019 CET	8081	49796	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:07.790971041 CET	49788	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:07.795814991 CET	8081	49788	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:08.050648928 CET	49789	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:08.055443048 CET	8081	49789	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:08.231745958 CET	8081	49794	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:08.231914043 CET	49794	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:08.232347965 CET	49797	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:08.237127066 CET	8081	49797	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:08.237231016 CET	49797	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:08.237430096 CET	49797	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:08.242142916 CET	8081	49797	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:08.455970049 CET	8081	49795	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:08.456085920 CET	49795	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:08.460037947 CET	49798	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:08.464838028 CET	8081	49798	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:08.464920998 CET	49798	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:08.466851950 CET	49798	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:08.471549988 CET	8081	49798	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:08.576096058 CET	49790	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:08.580744028 CET	8081	49790	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:08.963037968 CET	8081	49796	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:08.963160038 CET	49796	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:08.963618040 CET	49799	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:08.968360901 CET	8081	49799	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:08.968449116 CET	49799	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:08.968646049 CET	49799	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:08.973381042 CET	8081	49799	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:09.650398970 CET	49791	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:09.655392885 CET	8081	49791	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:09.858103991 CET	49792	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:09.863151073 CET	8081	49792	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:10.024555922 CET	8081	49797	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:10.024652004 CET	49797	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:10.025132895 CET	49800	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:10.029830933 CET	8081	49800	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:10.029939890 CET	49800	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:10.030153036 CET	49800	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:10.034821987 CET	8081	49800	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:10.263278008 CET	8081	49798	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:10.263436079 CET	49798	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:10.263945103 CET	49801	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:10.268802881 CET	8081	49801	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:10.268913031 CET	49801	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:10.269128084 CET	49801	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:10.273823023 CET	8081	49801	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:10.376152992 CET	49793	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:10.381158113 CET	8081	49793	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:10.749094963 CET	8081	49799	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:10.749234915 CET	49799	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:10.749969006 CET	49802	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:10.756302118 CET	8081	49802	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:10.756417990 CET	49802	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:10.757601023 CET	49802	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:10.764148951 CET	8081	49802	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:11.446065903 CET	49794	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:11.451147079 CET	8081	49794	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:11.638843060 CET	49795	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:11.643872023 CET	8081	49795	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:11.863317013 CET	8081	49800	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:11.863428116 CET	49800	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:11.863836050 CET	49803	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:11.868566990 CET	8081	49803	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:11.868669033 CET	49803	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:11.868875027 CET	49803	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:11.873503923 CET	8081	49803	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:12.086189985 CET	8081	49801	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:12.086282969 CET	49801	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:12.086730957 CET	49804	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:12.091489077 CET	8081	49804	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:12.091593981 CET	49804	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:12.091825008 CET	49804	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:12.097167969 CET	8081	49804	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:12.189377069 CET	49796	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:12.194185019 CET	8081	49796	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:12.542064905 CET	8081	49802	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:12.542144060 CET	49802	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:12.542562962 CET	49805	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:12.547337055 CET	8081	49805	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:12.547462940 CET	49805	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:12.548041105 CET	49805	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:12.552678108 CET	8081	49805	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:13.252712965 CET	49797	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:13.257884026 CET	8081	49797	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:13.458755016 CET	49798	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:13.466160059 CET	8081	49798	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:13.683490992 CET	8081	49803	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:13.683659077 CET	49803	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:13.684551001 CET	49806	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:13.691543102 CET	8081	49806	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:13.691709995 CET	49806	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:13.692353964 CET	49806	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:13.699388027 CET	8081	49806	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:13.926662922 CET	8081	49804	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:13.926736116 CET	49804	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:13.927198887 CET	49807	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:13.932462931 CET	8081	49807	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:13.932564020 CET	49807	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:13.932797909 CET	49807	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:13.937707901 CET	8081	49807	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:13.965761900 CET	49799	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:13.970738888 CET	8081	49799	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:14.358165979 CET	8081	49805	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:14.358289957 CET	49805	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:14.358855963 CET	49808	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:14.363750935 CET	8081	49808	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:14.363895893 CET	49808	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:14.364415884 CET	49808	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:14.369040966 CET	8081	49808	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:15.019870043 CET	49800	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:15.024544954 CET	8081	49800	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:15.278592110 CET	49801	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:15.284442902 CET	8081	49801	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:15.531939030 CET	8081	49806	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:15.532332897 CET	49806	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:15.532769918 CET	49809	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:15.537478924 CET	8081	49809	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:15.537722111 CET	49809	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:15.537911892 CET	49809	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:15.542551041 CET	8081	49809	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:15.722024918 CET	8081	49807	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:15.722130060 CET	49807	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:15.722615004 CET	49810	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:15.727353096 CET	8081	49810	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:15.727438927 CET	49810	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:15.727649927 CET	49810	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:15.732285976 CET	8081	49810	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:15.759248018 CET	49802	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:15.764045000 CET	8081	49802	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:16.201576948 CET	8081	49808	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:16.201639891 CET	49808	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:16.202027082 CET	49811	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:16.207910061 CET	8081	49811	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:16.207989931 CET	49811	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:16.208162069 CET	49811	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:16.212876081 CET	8081	49811	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:16.858951092 CET	49803	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:16.871556997 CET	8081	49803	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:17.089308023 CET	49804	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:17.094085932 CET	8081	49804	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:17.396203041 CET	8081	49809	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:17.396400928 CET	49809	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:17.396994114 CET	49812	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:17.401659012 CET	8081	49812	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:17.401768923 CET	49812	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:17.401983976 CET	49812	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:17.406630039 CET	8081	49812	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:17.548237085 CET	8081	49810	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:17.548446894 CET	49810	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:17.552139044 CET	49813	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:17.553318977 CET	49805	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:17.556934118 CET	8081	49813	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:17.557104111 CET	49813	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:17.557679892 CET	49813	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:17.558073997 CET	8081	49805	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:17.562374115 CET	8081	49813	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:18.011701107 CET	8081	49811	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:18.011923075 CET	49811	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:18.012712002 CET	49814	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:18.017541885 CET	8081	49814	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:18.017632008 CET	49814	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:18.017844915 CET	49814	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:18.022480011 CET	8081	49814	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:18.699152946 CET	49806	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:18.704423904 CET	8081	49806	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:18.939299107 CET	49807	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:18.944751978 CET	8081	49807	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:19.300839901 CET	8081	49812	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:19.300992012 CET	49812	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:19.301558971 CET	49815	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:19.306411982 CET	8081	49815	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:19.306499004 CET	49815	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:19.306787968 CET	49815	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:19.311947107 CET	8081	49815	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:19.372927904 CET	49808	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:19.377743959 CET	8081	49808	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:19.425270081 CET	8081	49813	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:19.425354004 CET	49813	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:19.425885916 CET	49816	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:19.430689096 CET	8081	49816	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:19.430762053 CET	49816	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:19.430959940 CET	49816	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:19.435933113 CET	8081	49816	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:19.917855978 CET	8081	49814	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:19.918018103 CET	49814	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:19.918668032 CET	49817	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:19.923399925 CET	8081	49817	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:19.923501968 CET	49817	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:19.923713923 CET	49817	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:19.928488970 CET	8081	49817	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:20.536283016 CET	49809	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:20.541105032 CET	8081	49809	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:20.716116905 CET	49810	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:20.720942020 CET	8081	49810	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:21.090584040 CET	8081	49815	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:21.090703011 CET	49815	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:21.091092110 CET	49818	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:21.095935106 CET	8081	49818	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:21.096015930 CET	49818	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:21.096191883 CET	49818	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:21.100903988 CET	8081	49818	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:21.213871956 CET	49811	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:21.218776941 CET	8081	49811	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:21.258487940 CET	8081	49816	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:21.258584976 CET	49816	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:21.259088993 CET	49819	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:21.263879061 CET	8081	49819	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:21.263984919 CET	49819	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:21.264333010 CET	49819	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:21.268975019 CET	8081	49819	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:21.742244959 CET	8081	49817	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:21.742376089 CET	49817	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:21.742763996 CET	49820	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:21.747536898 CET	8081	49820	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:21.747627020 CET	49820	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:21.747834921 CET	49820	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:21.752477884 CET	8081	49820	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:22.407812119 CET	49812	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:22.412596941 CET	8081	49812	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:22.567245007 CET	49813	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:22.572016954 CET	8081	49813	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:22.872313976 CET	8081	49818	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:22.872522116 CET	49818	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:22.873835087 CET	49821	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:22.878886938 CET	8081	49821	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:22.880335093 CET	49821	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:22.880335093 CET	49821	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:22.884982109 CET	8081	49821	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:23.018470049 CET	49814	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:23.023416042 CET	8081	49814	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:23.089478016 CET	8081	49819	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:23.089880943 CET	49819	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:23.090078115 CET	49822	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:23.095221996 CET	8081	49822	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:23.095336914 CET	49822	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:23.095534086 CET	49822	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:23.100351095 CET	8081	49822	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:23.549356937 CET	8081	49820	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:23.549465895 CET	49820	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:23.549940109 CET	49823	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:23.555094957 CET	8081	49823	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:23.555212021 CET	49823	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:23.555596113 CET	49823	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:23.561641932 CET	8081	49823	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:24.319175959 CET	49815	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:24.326879978 CET	8081	49815	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:24.439181089 CET	49816	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:24.444032907 CET	8081	49816	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:24.739718914 CET	8081	49821	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:24.739847898 CET	49821	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:24.740328074 CET	49824	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:24.744998932 CET	8081	49824	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:24.745114088 CET	49824	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:24.745363951 CET	49824	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:24.750005007 CET	8081	49824	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:24.927401066 CET	8081	49822	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:24.927546978 CET	49822	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:24.928078890 CET	49825	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:24.933588028 CET	8081	49825	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:24.933681011 CET	49825	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:24.933849096 CET	49825	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:24.937804937 CET	49817	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:24.939676046 CET	8081	49825	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:24.942497969 CET	8081	49817	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:25.393505096 CET	8081	49823	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:25.393639088 CET	49823	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:25.394092083 CET	49826	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:25.399138927 CET	8081	49826	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:25.399240017 CET	49826	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:25.399420023 CET	49826	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:25.404181004 CET	8081	49826	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:26.098201990 CET	49818	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:26.103081942 CET	8081	49818	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:26.275845051 CET	49819	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:26.280684948 CET	8081	49819	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:26.547025919 CET	8081	49824	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:26.547183037 CET	49824	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:26.552810907 CET	49827	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:26.559123993 CET	8081	49827	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:26.559324980 CET	49827	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:26.559540987 CET	49827	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:26.568110943 CET	8081	49827	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:26.755001068 CET	8081	49825	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:26.755100012 CET	49825	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:26.755458117 CET	49828	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:26.760163069 CET	8081	49828	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:26.760288954 CET	49828	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:26.760516882 CET	49828	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:26.761940956 CET	49820	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:26.765177011 CET	8081	49828	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:26.766652107 CET	8081	49820	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:27.228188992 CET	8081	49826	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:27.228275061 CET	49826	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:27.228704929 CET	49829	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:27.233417988 CET	8081	49829	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:27.233530045 CET	49829	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:27.233731031 CET	49829	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:27.238631964 CET	8081	49829	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:27.886234045 CET	49821	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:27.892278910 CET	8081	49821	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:28.095910072 CET	49822	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:28.101387978 CET	8081	49822	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:28.344441891 CET	8081	49827	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:28.344517946 CET	49827	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:28.346173048 CET	49830	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:28.350980043 CET	8081	49830	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:28.351073980 CET	49830	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:28.352003098 CET	49830	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:28.356650114 CET	8081	49830	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:28.545960903 CET	49823	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:28.551471949 CET	8081	49823	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:28.559175014 CET	8081	49828	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:28.559259892 CET	49828	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:28.559736967 CET	49831	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:28.564537048 CET	8081	49831	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:28.564678907 CET	49831	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:28.564826965 CET	49831	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:28.569530964 CET	8081	49831	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:29.036196947 CET	8081	49829	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:29.036288977 CET	49829	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:29.036691904 CET	49832	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:29.041426897 CET	8081	49832	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:29.041526079 CET	49832	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:29.041699886 CET	49832	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:29.046355009 CET	8081	49832	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:29.736448050 CET	49824	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:29.741182089 CET	8081	49824	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:29.962115049 CET	49825	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:29.966905117 CET	8081	49825	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:30.196266890 CET	8081	49830	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:30.196341991 CET	49830	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:30.197056055 CET	49833	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:30.201772928 CET	8081	49833	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:30.201877117 CET	49833	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:30.202181101 CET	49833	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:30.206839085 CET	8081	49833	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:30.344795942 CET	8081	49831	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:30.344862938 CET	49831	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:30.345499039 CET	49834	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:30.350178957 CET	8081	49834	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:30.350281954 CET	49834	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:30.350588083 CET	49834	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:30.355190992 CET	8081	49834	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:30.401236057 CET	49826	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:30.405935049 CET	8081	49826	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:30.820413113 CET	8081	49832	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:30.820616007 CET	49832	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:30.821144104 CET	49835	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:30.825834990 CET	8081	49835	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:30.825957060 CET	49835	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:30.826268911 CET	49835	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:30.831037998 CET	8081	49835	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:31.565341949 CET	49827	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:31.570130110 CET	8081	49827	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:31.775731087 CET	49828	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:31.780572891 CET	8081	49828	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:32.005718946 CET	8081	49833	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:32.005810022 CET	49833	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:32.006612062 CET	49836	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:32.011352062 CET	8081	49836	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:32.011456013 CET	49836	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:32.011684895 CET	49836	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:32.016325951 CET	8081	49836	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:32.161118031 CET	8081	49834	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:32.161204100 CET	49834	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:32.164043903 CET	49837	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:32.168744087 CET	8081	49837	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:32.168834925 CET	49837	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:32.171459913 CET	49837	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:32.176207066 CET	8081	49837	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:32.241321087 CET	49829	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:32.246192932 CET	8081	49829	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:32.640198946 CET	8081	49835	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:32.640278101 CET	49835	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:32.648427963 CET	49838	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:32.653156996 CET	8081	49838	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:32.653258085 CET	49838	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:32.660820007 CET	49838	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:32.665633917 CET	8081	49838	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:33.350965977 CET	49830	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:33.355907917 CET	8081	49830	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:33.574482918 CET	49831	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:33.733036995 CET	8081	49831	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:33.816194057 CET	8081	49836	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:33.816278934 CET	49836	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:33.816787958 CET	49839	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:33.823160887 CET	8081	49839	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:33.823239088 CET	49839	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:33.823396921 CET	49839	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:33.829353094 CET	8081	49839	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:33.933589935 CET	8081	49837	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:33.933657885 CET	49837	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:33.934051037 CET	49840	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:33.938736916 CET	8081	49840	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:33.938808918 CET	49840	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:33.940188885 CET	49840	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:33.944891930 CET	8081	49840	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:34.045808077 CET	49832	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:34.050668001 CET	8081	49832	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:34.471406937 CET	8081	49838	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:34.471494913 CET	49838	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:34.471837044 CET	49841	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:34.476583958 CET	8081	49841	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:34.476656914 CET	49841	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:34.476844072 CET	49841	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:34.481478930 CET	8081	49841	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:35.202056885 CET	49833	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:35.369229078 CET	49834	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:35.378921986 CET	8081	49833	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:35.378972054 CET	8081	49834	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:35.770821095 CET	8081	49839	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:35.770889044 CET	49839	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:35.771328926 CET	49842	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:35.776079893 CET	8081	49842	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:35.776164055 CET	49842	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:35.776458025 CET	49842	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:35.781142950 CET	8081	49842	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:35.801296949 CET	8081	49840	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:35.801384926 CET	49840	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:35.804995060 CET	49843	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:35.809762955 CET	8081	49843	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:35.809859991 CET	49843	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:35.810061932 CET	49843	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:35.814732075 CET	8081	49843	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:35.826414108 CET	49835	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:35.831242085 CET	8081	49835	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:36.499002934 CET	8081	49841	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:36.499084949 CET	49841	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:36.499604940 CET	49844	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:36.506779909 CET	8081	49844	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:36.506860018 CET	49844	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:36.507149935 CET	49844	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:36.511795044 CET	8081	49844	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:37.020056963 CET	49836	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:37.024820089 CET	8081	49836	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:37.164870024 CET	49837	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:37.169593096 CET	8081	49837	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:37.651388884 CET	49838	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:37.656192064 CET	8081	49838	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:37.787549019 CET	8081	49842	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:37.787647963 CET	49842	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:37.788106918 CET	49845	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:37.792855978 CET	8081	49845	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:37.792948961 CET	49845	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:37.793232918 CET	49845	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:37.797894955 CET	8081	49845	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:38.496032000 CET	8081	49844	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:38.496148109 CET	49844	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:38.497347116 CET	49846	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:38.502031088 CET	8081	49846	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:38.502177954 CET	49846	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:38.502774954 CET	49846	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:38.507447958 CET	8081	49846	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:38.822189093 CET	49839	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:38.827053070 CET	8081	49839	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:38.950356960 CET	49840	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:38.955177069 CET	8081	49840	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:39.482650995 CET	49841	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:39.487518072 CET	8081	49841	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:39.700371027 CET	8081	49845	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:39.700576067 CET	49845	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:39.700994968 CET	49847	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:39.705827951 CET	8081	49847	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:39.705924034 CET	49847	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:39.706108093 CET	49847	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:39.710808992 CET	8081	49847	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:40.361506939 CET	8081	49846	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:40.361694098 CET	49846	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:40.362093925 CET	49848	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:40.366862059 CET	8081	49848	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:40.366956949 CET	49848	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:40.367155075 CET	49848	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:40.371969938 CET	8081	49848	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:40.789258003 CET	49842	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:40.794054985 CET	8081	49842	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:40.821700096 CET	49843	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:40.826491117 CET	8081	49843	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:41.508327007 CET	49844	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:41.513134956 CET	8081	49844	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:41.649211884 CET	8081	49847	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:41.649382114 CET	49847	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:41.649768114 CET	49849	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:41.654442072 CET	8081	49849	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:41.654580116 CET	49849	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:41.654778004 CET	49849	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:41.659430027 CET	8081	49849	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:42.308262110 CET	8081	49848	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:42.308381081 CET	49848	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:42.308835983 CET	49850	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:42.313651085 CET	8081	49850	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:42.313766956 CET	49850	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:42.314074993 CET	49850	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:42.318753004 CET	8081	49850	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:42.788130045 CET	49845	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:42.793020010 CET	8081	49845	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:43.061583042 CET	8081	49843	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:43.061677933 CET	49843	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:43.062113047 CET	49851	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:43.068545103 CET	8081	49851	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:43.068653107 CET	49851	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:43.069123030 CET	49851	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:43.075812101 CET	8081	49851	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:43.507498026 CET	49846	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:43.512531996 CET	8081	49846	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:43.587228060 CET	8081	49849	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:43.587376118 CET	49849	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:43.588385105 CET	49852	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:43.593131065 CET	8081	49852	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:43.593301058 CET	49852	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:43.593622923 CET	49852	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:43.598360062 CET	8081	49852	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:44.279179096 CET	8081	49850	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:44.279285908 CET	49850	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:44.279685974 CET	49853	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:44.284436941 CET	8081	49853	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:44.284538031 CET	49853	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:44.284651995 CET	49853	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:44.289297104 CET	8081	49853	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:44.715899944 CET	49847	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:44.720768929 CET	8081	49847	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:45.300404072 CET	8081	49851	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:45.300512075 CET	49851	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:45.300966978 CET	49854	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:45.305624962 CET	8081	49854	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:45.305696011 CET	49854	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:45.305949926 CET	49854	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:45.310589075 CET	8081	49854	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:45.366625071 CET	49848	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:45.371423960 CET	8081	49848	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:45.446228981 CET	8081	49852	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:45.446321011 CET	49852	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:45.446775913 CET	49855	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:45.451443911 CET	8081	49855	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:45.451559067 CET	49855	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:45.451858044 CET	49855	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:45.456486940 CET	8081	49855	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:45.824579000 CET	49843	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:45.829366922 CET	8081	49843	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:46.195215940 CET	8081	49853	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:46.195341110 CET	49853	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:46.195744991 CET	49856	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:46.200449944 CET	8081	49856	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:46.200539112 CET	49856	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:46.200719118 CET	49856	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:46.205452919 CET	8081	49856	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:46.658075094 CET	49849	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:46.666436911 CET	8081	49849	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:47.258656025 CET	8081	49854	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:47.258717060 CET	49854	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:47.264972925 CET	49857	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:47.269721031 CET	8081	49857	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:47.269790888 CET	49857	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:47.271641016 CET	49857	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:47.276392937 CET	8081	49857	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:47.319818974 CET	49850	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:47.324558973 CET	8081	49850	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:47.451658964 CET	8081	49855	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:47.451833963 CET	49855	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:47.452538013 CET	49858	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:47.457305908 CET	8081	49858	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:47.457464933 CET	49858	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:47.458020926 CET	49858	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:47.462707043 CET	8081	49858	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:48.081470013 CET	8081	49856	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:48.081613064 CET	49856	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:48.081660986 CET	49851	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:48.082102060 CET	49859	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:48.086347103 CET	8081	49851	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:48.086797953 CET	8081	49859	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:48.086858988 CET	49859	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:48.087012053 CET	49859	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:48.091612101 CET	8081	49859	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:48.606134892 CET	49852	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:48.610956907 CET	8081	49852	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:49.169883966 CET	8081	49857	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:49.170027018 CET	49857	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:49.170473099 CET	49860	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:49.175178051 CET	8081	49860	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:49.175249100 CET	49860	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:49.175438881 CET	49860	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:49.180146933 CET	8081	49860	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:49.280580997 CET	49853	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:49.285948038 CET	8081	49853	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:49.420012951 CET	8081	49858	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:49.420252085 CET	49858	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:49.420555115 CET	49861	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:49.425265074 CET	8081	49861	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:49.425380945 CET	49861	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:49.425517082 CET	49861	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:49.431283951 CET	8081	49861	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:50.082457066 CET	8081	49859	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:50.082530975 CET	49859	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:50.101922989 CET	49862	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:50.106745005 CET	8081	49862	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:50.106805086 CET	49862	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:50.107420921 CET	49862	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:50.112025023 CET	8081	49862	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:50.319482088 CET	49854	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:50.324353933 CET	8081	49854	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:50.457674980 CET	49855	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:50.462467909 CET	8081	49855	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:51.040826082 CET	8081	49860	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:51.040983915 CET	49860	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:51.041399002 CET	49863	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:51.046189070 CET	8081	49863	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:51.046298027 CET	49863	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:51.046557903 CET	49863	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:51.051214933 CET	8081	49863	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:51.212887049 CET	49856	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:51.217694998 CET	8081	49856	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:51.319953918 CET	8081	49861	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:51.320092916 CET	49861	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:51.320502043 CET	49864	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:51.325211048 CET	8081	49864	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:51.325308084 CET	49864	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:51.325486898 CET	49864	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:51.330138922 CET	8081	49864	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:51.990746975 CET	8081	49862	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:51.990911961 CET	49862	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:51.991308928 CET	49865	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:51.996068001 CET	8081	49865	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:51.996192932 CET	49865	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:51.996341944 CET	49865	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:52.001537085 CET	8081	49865	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:52.271553993 CET	49857	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:52.276352882 CET	8081	49857	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:52.464154005 CET	49858	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:52.468873024 CET	8081	49858	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:52.873858929 CET	8081	49863	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:52.873939991 CET	49863	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:52.874366999 CET	49866	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:52.879028082 CET	8081	49866	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:52.879100084 CET	49866	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:52.879256964 CET	49866	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:52.884196043 CET	8081	49866	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:53.082082033 CET	49859	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:53.086992025 CET	8081	49859	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:53.225651026 CET	8081	49864	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:53.225776911 CET	49864	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:53.226211071 CET	49867	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:53.231033087 CET	8081	49867	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:53.231110096 CET	49867	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:53.231411934 CET	49867	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:53.236119032 CET	8081	49867	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:53.881957054 CET	8081	49865	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:53.882052898 CET	49865	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:53.882424116 CET	49868	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:53.887278080 CET	8081	49868	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:53.887348890 CET	49868	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:53.887482882 CET	49868	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:53.892168999 CET	8081	49868	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:54.178663969 CET	49860	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:54.185163975 CET	8081	49860	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:54.429676056 CET	49861	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:54.436542988 CET	8081	49861	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:54.769165039 CET	8081	49866	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:54.772592068 CET	49866	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:54.772994041 CET	49869	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:54.778268099 CET	8081	49869	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:54.780617952 CET	49869	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:54.780781984 CET	49869	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:54.785409927 CET	8081	49869	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:55.098546028 CET	8081	49867	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:55.098660946 CET	49867	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:55.099087954 CET	49870	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:55.105552912 CET	8081	49870	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:55.105631113 CET	49870	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:55.105829000 CET	49870	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:55.110512018 CET	8081	49870	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:55.111805916 CET	49862	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:55.119184017 CET	8081	49862	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:55.777004004 CET	8081	49868	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:55.777295113 CET	49868	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:55.778234959 CET	49871	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:55.783494949 CET	8081	49871	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:55.783704042 CET	49871	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:55.783955097 CET	49871	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:55.789150953 CET	8081	49871	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:56.042648077 CET	49863	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:56.047746897 CET	8081	49863	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:56.335891962 CET	49864	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:56.341703892 CET	8081	49864	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:56.734471083 CET	8081	49869	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:56.734570980 CET	49869	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:57.005232096 CET	8081	49870	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:57.005305052 CET	49870	8081	192.168.2.7	213.209.150.137
Mar 14, 2025 10:48:57.670583963 CET	8081	49871	213.209.150.137	192.168.2.7
Mar 14, 2025 10:48:57.670646906 CET	49871	8081	192.168.2.7	213.209.150.137

Target ID:	0
Start time:	05:46:50
Start date:	14/03/2025
Path:	C:\Users\user\Desktop\RtkAudUService.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\RtkAudUService.exe"
Imagebase:	0x7ff737210000
File size:	6'693'376 bytes
MD5 hash:	523FFE25DBA3E49BA5002638CDAD8BE5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	05:46:50
Start date:	14/03/2025
Path:	C:\Users\user\Desktop\RtkAudUService.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\RtkAudUService.exe" --detached
Imagebase:	0x7ff737210000
File size:	6'693'376 bytes
MD5 hash:	523FFE25DBA3E49BA5002638CDAD8BE5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	05:47:02
Start date:	14/03/2025
Path:	C:\Users\user\Desktop\RtkAudUService.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\RtkAudUService.exe"
Imagebase:	0x7ff737210000
File size:	6'693'376 bytes
MD5 hash:	523FFE25DBA3E49BA5002638CDAD8BE5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	05:47:03
Start date:	14/03/2025
Path:	C:\Users\user\Desktop\RtkAudUService.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\RtkAudUService.exe" --detached
Imagebase:	0x7ff737210000
File size:	6'693'376 bytes
MD5 hash:	523FFE25DBA3E49BA5002638CDAD8BE5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	05:47:11
Start date:	14/03/2025
Path:	C:\Users\user\Desktop\RtkAudUService.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\RtkAudUService.exe"
Imagebase:	0x7ff737210000
File size:	6'693'376 bytes
MD5 hash:	523FFE25DBA3E49BA5002638CDAD8BE5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	05:47:11
Start date:	14/03/2025
Path:	C:\Users\user\Desktop\RtkAudUService.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\RtkAudUService.exe" --detached
Imagebase:	0x7ff737210000
File size:	6'693'376 bytes
MD5 hash:	523FFE25DBA3E49BA5002638CDAD8BE5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Function 000000AAFCBFC8CA Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2130676008.000000AAFCBF6000.00000004.00000010.00020000.00000000.sdmp, Offset: 000000AAFCBF6000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_aafcbf6000_RtkAudUService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7acf4a75b2f7ed06bdc424aaa37e6764578eb9389209de56d53e37440a65bdbc
Instruction ID: c059d6787b60e37582aae66317e472a49a30b2aaffa783f28a7bac44eaeaa8ee
Opcode Fuzzy Hash: 7acf4a75b2f7ed06bdc424aaa37e6764578eb9389209de56d53e37440a65bdbc
Instruction Fuzzy Hash: AD912D96A4E7C50FD7138BB448696907FB05E23124B1E86EBC4C5CF4E3E258884AD323

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report RtkAudUService.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Exports

Network Behavior

Network Port Distribution

TCP Packets

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior

Analysis Process: RtkAudUService.exePID: 7148, Parent PID: 4088

General

Chronological Activities

Analysis Process: RtkAudUService.exePID: 6224, Parent PID: 7148

General

Chronological Activities

Windows Analysis Report
RtkAudUService.exe